Skip to main content
Glama
sunick2009

OWASP Pentest Guide Knowledge Base

by sunick2009

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
NEO4J_URINoNeo4j connection URI (optional, used when NEO4J_ENABLED=true)
NEO4J_USERNoNeo4j user (optional)
DATABASE_URLYesPostgreSQL connection string, e.g. postgresql+psycopg://pentest_guide:pentest_guide@localhost:5432/pentest_guide_kb
NEO4J_ENABLEDNoEnable Neo4j graph projection (optional)false
NEO4J_PASSWORDNoNeo4j password (optional)

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
guide_searchB

Search across OWASP testing guides (exact id, full-text, semantic, or hybrid).

guide_get_testA

Fetch one test case by versioned id, canonical id, alias, or slug.

guide_list_testsB

List test cases in a guide/version, optionally filtered by category. Cursor is the offset as a string.

guide_browse_categoryC

List every test case in one guide/version/category.

guide_get_related_testsC

Traverse curated relationships from a test case. include_inferred defaults to false: LLM-inferred edges are excluded unless explicitly requested.

guide_compare_versionsC

Compare a test case's title/objectives/sections/source across two compiled guide versions.

guide_find_by_featureB

Find test cases matching ANY of one or more feature keywords (OR semantics; e.g. oauth, webview, agent-tools). Each result lists which terms matched in matched_terms.

guide_recommend_candidatesA

Produce CANDIDATE tests for a target system profile. This is not a verified pentest plan and nothing in the output has been executed -- see the uncertainty field.

guide_get_source_excerptB

Fetch a single section's raw text (or all sections) for a test case, with full provenance.

guide_validate_referenceA

Check whether a test id/version exists and whether a given content hash still matches the compiled registry -- use before trusting a previously-cached citation.

guide_explain_relationshipC

Explain one relationship edge: source test, target test, type, and full provenance (source_type, rationale, confidence, review_status).

Prompts

Interactive templates invoked by user choice

NameDescription
research_security_topicResearch a security topic across the compiled OWASP guides.
compare_guidesCompare how two or more guides treat the same topic or feature.
build_candidate_test_matrixBuild a candidate test matrix for a target system profile.
explain_test_caseExplain one test case in full, with provenance.
trace_cross_guide_relationshipsTrace relationships for a test case across guides, to a bounded depth.

Resources

Contextual data attached and managed by the client

NameDescription
get_catalog_resource
get_ontology_resource
get_versions_resource

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sunick2009/mcp-owasp-pentesting-guide'

If you have feedback or need assistance with the MCP directory API, please join our Discord server