llm-toolkit
Generates WAF-specific bypass variants for Cloudflare, using techniques like Unicode normalization, HTTP parameter pollution, JSON nesting, case alternation, and whitespace alternatives to evade Cloudflare's Web Application Firewall.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@llm-toolkitShow me SQL injection payloads"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
llm-toolkit
MCP server toolkit with payload library, WAF bypass generator, rate limiter, plugin system, and inter-MCP bridge for security testing.
Disclaimer: For authorized security testing only. Obtain written permission before testing any system you do not own. Unauthorized access is illegal.
Features
Payload Library
80+ curated payloads across 8 vulnerability categories:
Category | File | Description |
XSS |
| Cross-site scripting vectors |
SQLi |
| SQL injection payloads |
SSRF |
| Server-side request forgery |
SSTI |
| Server-side template injection |
LFI |
| Local file inclusion |
XXE |
| XML external entity injection |
CMDi |
| Command injection |
NoSQLi |
| NoSQL injection |
Each payload entry includes metadata: id, name, payload, category, context, riskLevel, optional description, and tags.
WAF Bypass Engine
Generates WAF-specific bypass variants with strategy tables per provider:
WAF | Techniques |
Cloudflare | Unicode normalization, HTTP parameter pollution, JSON nesting, case alternation, whitespace alternatives |
ModSecurity | MySQL version comments ( |
AWS WAF | Encoding chains (URL + Base64), regex evasion with character classes, deep JSON nesting, Unicode fullwidth, token breaker |
Generic | Case mutation, whitespace mutation, comment injection, URL/hex/base64/HTML entity encoding, token breaker, Unicode mutation |
Also includes payload type detection (XSS, SQLi, SSTI, XXE, SSRF, LFI, CMDi, NoSQLi) and bypass strategy suggestions.
Payload Generator
Six mutation types that can be applied individually or chained:
Mutation | Description |
| Random case alternation per character |
| Replace spaces with |
| Insert SQL comments between characters ( |
| URL, hex, Base64, or HTML entity encoding |
| Split keywords at random positions with encoded delimiters |
| Fullwidth Unicode character substitution |
Rate Limiter
Token bucket implementation with configurable limits. Defaults to 20 requests per minute per client. Applied before every MCP tool execution.
Plugin System
Dynamic plugin loading from ~/.llm-toolkit/plugins.json. Plugins can register custom MCP tools, extend payload generation, or add new WAF strategies.
Inter-MCP Bridge
Connect to other MCP servers via stdio or in-memory transport. Call remote tools, list available tools, and disconnect. Enables chaining multiple MCP servers into a single workflow.
Content Attachments
Link reference materials (articles, videos, PDFs, tweets) to vulnerability techniques. Validates URLs are reachable and fetches content for context.
CLI Installer
Install and manage security testing tools:
Tool | Category | Description |
| Scanner | Fast vulnerability scanner based on templates |
| Recon | Subdomain discovery tool |
| Recon | Fast HTTP toolkit |
| Fuzzing | Fast web fuzzer |
| Recon | Next-gen crawling and spidering |
Auto-detects OS (macOS via Homebrew, Linux via Go install) and installs the correct package.
Related MCP server: my-mcp
Quick Start
Prerequisites
Node.js 20+
npm
Install
npm installDevelopment
npm run dev # tsup watch mode
npm run typecheck # TypeScript type checking (strict mode)Build
npm run build # tsup ESM output to dist/Test
npm test # vitest run (48 tests)
npm run test:watch # vitest watch mode
npm run test:coverage # with coverageOpenCode Integration
Automated Setup (Recommended)
No manual config editing needed. Run one of these commands:
# Development mode — uses tsx to run source directly
npm run setup:opencode
# Production mode — uses compiled dist/index.js
npm run setup:opencode:prodThe script:
Resolves the absolute path to this project
Reads (or creates)
~/.config/opencode/opencode.jsonAdds/updates the
llm-toolkitMCP entry automaticallyPrints the resulting config block for verification
After setup, restart OpenCode. Tools will appear as llm-toolkit-{tool-name} — for example: llm-toolkit-get-payloads, llm-toolkit-bypass-waf, llm-toolkit-health.
Manual Setup
If you prefer to edit config manually, add to ~/.config/opencode/opencode.json:
Development Mode (source)
{
"mcp": {
"llm-toolkit": {
"type": "local",
"command": ["npx", "tsx", "/absolute/path/to/llm-toolkit/src/server.ts"],
"cwd": "/absolute/path/to/llm-toolkit",
"enabled": true
}
}
}Production Mode (build)
{
"mcp": {
"llm-toolkit": {
"type": "local",
"command": ["node", "/absolute/path/to/llm-toolkit/dist/index.js"],
"cwd": "/absolute/path/to/llm-toolkit",
"enabled": true
}
}
}MCP Server Usage
Add to MCP Client Config
{
"mcpServers": {
"llm-toolkit": {
"command": "node",
"args": ["/absolute/path/to/llm-toolkit/dist/index.js"]
}
}
}Or use npx after publishing:
{
"mcpServers": {
"llm-toolkit": {
"command": "npx",
"args": ["llm-toolkit"]
}
}
}Available Tools
Tool | Description |
| Fetch payloads from a JSON file with optional filters (category, context, riskLevel) |
| Generate payload variants with mutations |
| Generate WAF-specific bypass variants |
| Analyze a payload to detect attack type and suggest bypass strategies |
| Encode data (url, doubleUrl, hex, base64, htmlEntity, unicode) |
| Decode data (url, hex, base64, htmlEntity, unicode, jwt) |
| Create JWT tokens with optional secret and algorithm |
| Fetch content from a URL reference |
| Validate that a content reference URL is reachable |
| Connect to another MCP server via stdio transport |
| Call a tool on a connected MCP server |
| List tools available on a connected MCP server |
| Disconnect from an MCP server |
| List all connected MCP servers |
Example Tool Calls
Fetch XSS payloads filtered by risk level:
{
"name": "get-payloads",
"arguments": {
"filepath": "payloads/xss.json",
"filters": { "riskLevel": "high" }
}
}Generate payload variants with chained mutations:
{
"name": "generate-payload",
"arguments": {
"payload": "<script>alert(1)</script>",
"options": {
"mutations": ["caseMutation", "whitespaceMutation", "commentMutation"],
"chainMutations": true,
"encoding": "url"
}
}
}Generate Cloudflare bypass variants:
{
"name": "bypass-waf",
"arguments": {
"payload": "' OR 1=1 --",
"wafType": "cloudflare"
}
}Analyze a payload:
{
"name": "analyze-payload",
"arguments": {
"payload": "{{7*7}}"
}
}Connect to another MCP server and call a tool:
{
"name": "connect-mcp",
"arguments": {
"command": "npx",
"args": ["-y", "@some/mcp-server"],
"name": "remote-server"
}
}CLI Usage
# List available security tools
llm-toolkit list
# Install a specific tool
llm-toolkit install nuclei
llm-toolkit install subfinder
llm-toolkit install httpx
llm-toolkit install ffuf
llm-toolkit install katana
# Check what's installed
llm-toolkit status
# Uninstall a tool
llm-toolkit uninstall nuclei
# Start MCP server directly
llm-toolkit
# or
node dist/cli.jsArchitecture
llm-toolkit/
├── src/
│ ├── index.ts # Package entry point, exports
│ ├── server.ts # Core MCP server, StreamableHTTP transport
│ ├── cli.ts # CLI installer (nuclei, subfinder, etc.)
│ ├── encoding.ts # Encode/decode utils (URL, hex, base64, HTML, Unicode, JWT)
│ ├── rate-limiter.ts # Token bucket per client (20 req/min default)
│ ├── generator.ts # Payload variant generator (6 mutation types)
│ ├── waf-bypass.ts # WAF-specific bypass engine (CF, ModSec, AWS, Generic)
│ ├── plugin-manager.ts # Dynamic plugin loading from ~/.llm-toolkit/plugins.json
│ ├── inter-mcp.ts # Bridge to other MCP servers (StdioClientTransport)
│ ├── content-fetcher.ts # Fetch/validate content references (articles, videos, PDFs)
│ └── tools/
│ └── index.ts # MCP tool handlers (14 tools registered)
├── payloads/
│ ├── xss.json # XSS payloads
│ ├── sqli.json # SQLi payloads
│ ├── ssrf.json # SSRF payloads
│ ├── ssti.json # SSTI payloads
│ ├── lfi.json # LFI payloads
│ ├── xxe.json # XXE payloads
│ ├── cmdi.json # Command injection payloads
│ └── nosqli.json # NoSQLi payloads
├── tests/ # Vitest test suite (48 tests)
├── scripts/ # Build and utility scripts
├── dist/ # tsup build output
│ ├── index.js # ESM library entry
│ └── cli.js # CLI binary entry
├── package.json
├── tsconfig.json
└── tsup.config.tsPayload JSON Schema
Each payload file is a JSON array of entries:
[
{
"id": "xss-001",
"name": "Basic script tag",
"payload": "<script>alert('XSS')</script>",
"category": "xss",
"context": "unescaped HTML output",
"riskLevel": "high",
"description": "Standard script tag injection for reflected XSS",
"tags": ["reflected", "script-tag", "alert"]
}
]Field | Type | Required | Description |
| string | Yes | Unique identifier |
| string | Yes | Human-readable name |
| string | Yes | The actual payload string |
| string | Yes | Vulnerability category |
| string | Yes | Where this payload applies |
| string | Yes |
|
| string | No | Explanation of the payload |
| string[] | No | Classification tags |
Extending
Add New Payloads
Create a JSON file in payloads/ following the schema above. Load it via get-payloads with the file path.
Add Mutation Types
Edit src/generator.ts:
Add a new mutation function:
export function myMutation(str: string): string { ... }Add the type name to the
MutationTypeunionRegister it in the
mutationFnrecord
Add WAF Bypass Strategies
Edit src/waf-bypass.ts:
Create a
BypassStrategy[]array for your WAFAdd it to the
WAF_STRATEGIESrecord with aWafTypekey
Create Plugins
Create ~/.llm-toolkit/plugins.json:
[
{
"name": "my-plugin",
"path": "/path/to/plugin.js",
"enabled": true
}
]Plugins export an object with a register(server: McpServer) method to add custom tools.
Development
Tech Stack
Runtime: Node.js 20+, ESM module
Language: TypeScript (strict mode)
Build: tsup (outputs ESM to
dist/)Test: Vitest (48 tests)
MCP SDK:
@modelcontextprotocol/sdk^1.25.0Validation: Zod ^3.25.0
Commands
npm install # Install dependencies
npm run build # Build with tsup
npm run dev # Watch mode rebuild
npm run typecheck # Type check (strict mode)
npm test # Run test suite
npm run test:watch # Watch mode tests
npm run test:coverage # Run with coverage
npm start # Start MCP serverProject Structure Conventions
All source in
src/, compiled todist/Payload JSON files in
payloads/Tests colocated in
tests/Main entry:
dist/index.jsCLI binary:
llm-toolkitresolves todist/cli.js
Security
Payloads are for authorized testing only
Rate limiter prevents abuse (20 req/min default, configurable)
No secrets or credentials stored in the toolkit
Plugin loading restricted to user-controlled config at
~/.llm-toolkit/plugins.jsonAll tool inputs validated with Zod schemas
License
MIT
Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/my-feature)Make your changes
Run the test suite (
npm test)Ensure type checking passes (
npm run typecheck)Commit with a descriptive message
Push to your fork and open a Pull Request
Guidelines
Keep payloads focused on practical, tested vectors
Write tests for new mutations or WAF strategies
Follow existing TypeScript strict patterns
No
anytypes without justificationKeep tool handlers under 30 lines where possible
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/0x1Jar/llm-toolkit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server