OWASP Pentest Guide Knowledge Base
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| NEO4J_URI | No | Neo4j connection URI (optional, used when NEO4J_ENABLED=true) | |
| NEO4J_USER | No | Neo4j user (optional) | |
| DATABASE_URL | Yes | PostgreSQL connection string, e.g. postgresql+psycopg://pentest_guide:pentest_guide@localhost:5432/pentest_guide_kb | |
| NEO4J_ENABLED | No | Enable Neo4j graph projection (optional) | false |
| NEO4J_PASSWORD | No | Neo4j password (optional) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| guide_searchB | Search across OWASP testing guides (exact id, full-text, semantic, or hybrid). |
| guide_get_testA | Fetch one test case by versioned id, canonical id, alias, or slug. |
| guide_list_testsB | List test cases in a guide/version, optionally filtered by category. Cursor is the offset as a string. |
| guide_browse_categoryC | List every test case in one guide/version/category. |
| guide_get_related_testsC | Traverse curated relationships from a test case. include_inferred defaults to false: LLM-inferred edges are excluded unless explicitly requested. |
| guide_compare_versionsC | Compare a test case's title/objectives/sections/source across two compiled guide versions. |
| guide_find_by_featureB | Find test cases matching ANY of one or more feature keywords (OR semantics; e.g. oauth, webview, agent-tools). Each result lists which terms matched in |
| guide_recommend_candidatesA | Produce CANDIDATE tests for a target system profile. This is not a verified pentest plan and nothing in the output has been executed -- see the |
| guide_get_source_excerptB | Fetch a single section's raw text (or all sections) for a test case, with full provenance. |
| guide_validate_referenceA | Check whether a test id/version exists and whether a given content hash still matches the compiled registry -- use before trusting a previously-cached citation. |
| guide_explain_relationshipC | Explain one relationship edge: source test, target test, type, and full provenance (source_type, rationale, confidence, review_status). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| research_security_topic | Research a security topic across the compiled OWASP guides. |
| compare_guides | Compare how two or more guides treat the same topic or feature. |
| build_candidate_test_matrix | Build a candidate test matrix for a target system profile. |
| explain_test_case | Explain one test case in full, with provenance. |
| trace_cross_guide_relationships | Trace relationships for a test case across guides, to a bounded depth. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| get_catalog_resource | |
| get_ontology_resource | |
| get_versions_resource |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sunick2009/mcp-owasp-pentesting-guide'
If you have feedback or need assistance with the MCP directory API, please join our Discord server