wass-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@wass-mcprun a full security scan on example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
WASS-MCP
A Model Context Protocol (MCP) server for web application security scanning.
Features
MCP Protocol Support - Full compatibility with MCP clients (Claude, etc.)
Nikto Integration - Web server vulnerability scanning
Nuclei Integration - Template-based vulnerability scanning
Wapiti Integration - Web application vulnerability scanning
Shcheck Integration - Security headers analysis
Execution History - Persistent storage of scan results
Stateless Design - Survives server restarts without session errors
RESTful HTTP Transport - Streamable HTTP-based MCP protocol
Related MCP server: OWASP MCP Server
Usage
docker run -p 127.0.0.1:8989:8989 tb0hdan/wass-mcpMCP Client Configuration
Example command to add WASS-MCP server to Claude MCP clients:
claude mcp add wass-mcp --transport http http://127.0.0.1:8989or Gemini:
gemini mcp add wass-mcp --transport http http://127.0.0.1:8989Available Tools
nikto
Perform web server vulnerability scans using Nikto.
Parameters:
Name | Type | Required | Description |
| string | Yes | Target hostname or IP address |
| integer | No | Target port (default: 80) |
| string | No | Virtual host header |
| integer | No | Maximum output lines |
| integer | No | Output line offset |
Example:
{
"host": "192.168.1.100",
"port": 443
}nuclei
Perform template-based vulnerability scanning using Nuclei.
Parameters:
Name | Type | Required | Description |
| string | Yes | Target hostname or IP address |
| integer | No | Target port (default: 80) |
| string | No | Virtual host header |
| integer | No | Maximum output lines |
| integer | No | Output line offset |
Vulnerabilities Detected:
CVE detection via community templates
Misconfigurations
Exposed panels/dashboards
Default credentials
Technology detection
Security headers analysis
And many more via 8000+ community templates
Example:
{
"host": "192.168.1.100",
"port": 443
}wapiti
Perform comprehensive web application vulnerability scans using Wapiti.
Parameters:
Name | Type | Required | Description |
| string | Yes | Target hostname or IP address |
| integer | No | Target port (default: 80) |
| string | No | Virtual host header |
| integer | No | Maximum output lines |
| integer | No | Output line offset |
Vulnerabilities Detected:
SQL Injection / Blind SQL Injection
Cross-Site Scripting (XSS)
File Inclusion / Path Traversal
Command Execution
CRLF Injection
Server-Side Request Forgery (SSRF)
Open Redirects
HTTP Security Headers
Content Security Policy issues
Example:
{
"host": "192.168.1.100",
"port": 8080
}shcheck_py
Analyze HTTP security headers using shcheck.py.
Parameters:
Name | Type | Required | Description |
| string | Yes | Target hostname or IP address |
| integer | No | Target port (default: 80) |
| string | No | Virtual host header |
| integer | No | Maximum output lines |
| integer | No | Output line offset |
Headers Analyzed:
Content-Security-Policy
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
And other security-relevant headers
Example:
{
"host": "example.com",
"port": 443
}full_scan
Perform a comprehensive security scan using all available scanners in parallel.
Parameters:
Name | Type | Required | Description |
| string | Yes | Target hostname or IP address |
| integer | No | Target port (default: 80) |
| string | No | Virtual host header |
| integer | No | Maximum output lines |
| integer | No | Output line offset |
Features:
Runs nikto, nuclei, wapiti and shcheck scanners in parallel
Merges results into a unified report
Includes timing and status for each scanner
Gracefully handles missing scanner binaries
Example:
{
"host": "192.168.1.100",
"port": 8080
}history
Browse and manage tool execution history.
Parameters:
Name | Type | Required | Description |
| string | Yes | One of: |
| integer | For get/delete | Execution ID |
| integer | No | Results per page (default: 10) |
| integer | No | Pagination offset |
Actions:
list- List execution history with paginationget- Get full details of a specific executiondelete- Delete a specific execution by IDclear- Delete all execution history
API Endpoints
Endpoint | Description |
| MCP protocol endpoint |
| Service information (JSON) |
| Profiling endpoints |
Development and advanced usage
Source build requirements
Go 1.25+
Nikto (
apt install niktoor equivalent)Nuclei (
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest)Wapiti (
apt install wapitior equivalent)Shcheck (
pip install shcheckor from GitHub)SQLite3
# Clone the repository
git clone https://github.com/tb0hdan/wass-mcp.git
cd wass-mcp
# Build
make build
# Run
./build/wass-mcpStarting the Server
# Default (localhost:8989)
./build/wass-mcp
# Custom bind address
./build/wass-mcp --bind 0.0.0.0:8080
# Custom database path
./build/wass-mcp --db /var/lib/wass-mcp/data.db
# Debug mode
./build/wass-mcp --debugConfiguration Options
Flag | Default | Description |
|
| HTTP server bind address |
|
| SQLite database file path |
|
| Enable debug logging |
| - | Print version and exit |
Linting
make lintTesting
make testProject Structure
wass-mcp/
├── cmd/wass-mcp/ # Application entry point
├── pkg/
│ ├── server/ # MCP server wrapper
│ ├── storage/ # Database layer (SQLite/GORM)
│ ├── models/ # Data models
│ ├── tools/ # MCP tool implementations
│ │ ├── nikto/ # Nikto web server scanner
│ │ ├── wapiti/ # Wapiti web app scanner
│ │ ├── nuclei/ # Nuclei template scanner
│ │ ├── shcheck/ # Security headers checker
│ │ ├── fullscan/ # Parallel full scan
│ │ └── history/ # History management
│ └── types/ # Shared types and constants
├── docs/ # Documentation
└── build/ # Build output and coverage reportsSecurity Notice
This tool is intended for authorized security testing only. Ensure you have proper authorization before scanning any systems. Unauthorized scanning may be illegal in your jurisdiction.
Project notes
For complete project notes, design decisions, and architecture overview, please refer to the Project Notes document.
License
BSD 3-Clause License - Copyright (c) 2026, Bohdan Turkynevych. See LICENSE for details.
Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/new-tool)Commit your changes (
git commit -am 'Add new scanning tool')Push to the branch (
git push origin feature/new-tool)Create a Pull Request
Acknowledgments
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/tb0hdan/wass-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server