Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | Sets the logging level for the server (e.g., DEBUG, INFO, WARNING, ERROR). |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| create_webhook | Create a new webhook.site endpoint. Returns the unique token/URL for the webhook. |
| create_webhook_with_config | Create a new webhook.site endpoint with custom configuration (response content, status, timeout, CORS, alias). |
| send_to_webhook | Send a POST request with JSON data to a webhook.site endpoint. |
| get_webhook_requests | Get all requests that have been sent to a webhook.site endpoint. |
| search_requests | Search requests sent to a webhook with query filters (method, content, headers, date range, type). |
| get_latest_request | Get the most recent request sent to a webhook.site endpoint. |
| get_webhook_info | Get detailed information about a webhook (settings, expiry, stats). |
| update_webhook | Update webhook settings (response content, status code, timeout, CORS). |
| delete_webhook | Delete a webhook.site endpoint and all its data. |
| delete_request | Delete a specific request from a webhook. |
| delete_all_requests | Delete all requests from a webhook, optionally filtered by date range or query. |
| get_webhook_url | Get the full URL for a webhook token. Optionally validate that the token exists. |
| get_webhook_email | Get the unique email address for a webhook token. Any emails sent to this address will be captured by the webhook. Optionally validate that the token exists. |
| get_webhook_dns | Get the unique DNSHook domain for a webhook token. Any DNS lookups to this domain (or subdomains) will be captured. Useful for bypassing firewalls or as canary tokens. Optionally validate that the token exists. |
| wait_for_request | Wait for a new HTTP request to be received by the webhook. Uses real-time streaming (SSE) to efficiently wait without polling. Useful for testing webhooks, callbacks, and API integrations. |
| wait_for_email | Wait for an email to be received at the webhook's email address ({token}@email.webhook.site). Uses real-time streaming (SSE) to efficiently wait. Automatically extracts links from the email, including magic/auth links for login flows. |
| generate_ssrf_payload | Generate SSRF (Server-Side Request Forgery) test payloads for bug bounty testing. Creates unique identifiable URLs that can be injected into targets to detect blind SSRF vulnerabilities. |
| check_for_callbacks | Quick check if any OOB (Out-of-Band) callbacks have been received. Useful for bug bounty to verify if SSRF, XXE, or blind injection payloads were triggered. |
| generate_xss_callback | Generate XSS (Cross-Site Scripting) callback payloads for bug bounty testing. Creates JavaScript payloads that ping your webhook when executed, useful for detecting blind XSS. |
| generate_canary_token | Generate canary tokens for detecting unauthorized access or data leakage. Creates trackable URLs that alert you when accessed. |
| extract_links_from_request | Extract and analyze all URLs/links from a captured request. Useful for finding password reset links, verification tokens, and other sensitive URLs. |
| send_multiple_requests | Send multiple requests to a webhook in batch. Useful for load testing or sending multiple test payloads at once. |
| export_webhook_data | Export all captured requests from a webhook to JSON format. Includes full request details: headers, body, IP, timestamp, user agent. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |