Skip to main content
Glama
261,692 tools. Last updated 2026-07-05 13:44

"Information on Penetration Testing (Pentest)" matching MCP tools:

  • Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector
  • Paid tier only. Calling this without an authenticated CivilQuants account returns TIER_INSUFFICIENT — sign up at https://civilquants.com/pricing or use the free-tier alternative compute_manhole. Linear measurement of testing on new drainage pipework — CCTV survey, air pressure test, water pressure test, or mandrel pull-through. Routes via CESMM4 Class I §I.8 (Tests on new pipework), NRM2 Group 33.18 (Testing of drainage) as priceable lines; via MMHW Series 500.7 (per SHW Cl. 507 deemed included in pipe-run rate) and SMM7 R12.7 (R12 coverage rules deemed included) as zero-priceable annotated lines for tender transparency. Introduces the platform's third named maturity pattern: deemed-included extra-over annotation (joining classed-then-legacy and declared-then-banded). Eight variant presets cover all four test methods x two bore scenarios each. Unit: M. Third member of the drainage_ancillaries L2 leaf. 21st use of the discriminator pattern via test_method. Example params: length_tested_m=100 m (1–2000), diameter_mm=225 mm (100–2400). Example call: {"params": {"length_tested_m": 100, "diameter_mm": 225}, "standard": "MMHW"}. Omitted parameters use sensible engineering defaults. Pass deliverables=["xlsx","dxf","pdf"] (any subset) to also receive one-shot download URLs in the same call: Excel BoQ (both tiers, watermarked free) plus the dimensioned DXF (CAD) and PDF drawing sheets (paid tier).
    Connector
  • SHIP DEV TO PROD. Merges the `dev` branch into `main` and auto-tags the new main HEAD as safe-YYYY-MM-DD-NNN. Use after testing your dev work, when you're ready to deploy changes to production. Workflow: 1) ateam_github_patch (writes to dev) → 2) ateam_github_promote (merges dev→main) → 3) ateam_build_and_run (deploys main). Pass dry_run:true to see what's about to ship without merging. On merge conflict the call returns 409 — resolve manually on GitHub (open a PR or use the web UI), then retry.
    Connector
  • Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector
  • Execute JavaScript or Python code in an isolated sandbox. Use for: data processing, math, CSV parsing, JSON transformation, crypto calculations, algorithm testing. Secure — no filesystem access, no network. Returns: { output: string, runtime_ms: number, language: string }. Requires API key.
    Connector
  • Generate realistic mock data from a JSON Schema. Supports all common types (string, number, integer, boolean, array, object, null), format hints (email, date, date-time, uri, uuid), enum, const, and nested schemas. Perfect for testing MCP tools with realistic data.
    Connector

Matching MCP Servers

  • F
    license
    -
    quality
    D
    maintenance
    Provides access to over 40 industry-standard penetration testing tools, including Nmap, SQLMap, and Metasploit, within an isolated Kali Linux Docker container. It enables security professionals to perform comprehensive network reconnaissance, web application testing, and vulnerability research through natural language commands.
    Last updated
  • A
    license
    C
    quality
    D
    maintenance
    An automated penetration testing framework that enables intelligent security assessments through reconnaissance, vulnerability scanning, and controlled exploitation. Features AI-driven workflow management with comprehensive reporting for authorized security testing.
    Last updated
    27
    12
    7
    BSD 3-Clause

Matching MCP Connectors

  • Offline methodology engine for authorized penetration testing, CTF, and security research.

  • ship-on-friday MCP — wraps StupidAPIs (requires X-API-Key)

  • Look up a MITRE ATT&CK technique by ID or keyword for authorized penetration testing and security research. Returns the full technique record: name, associated tactics, description, detection opportunities (log sources, behavioral indicators), real-world procedure examples from public reporting, recommended mitigations, and related sub-techniques. The detection and mitigation sections make this equally useful for defenders building detection coverage. Accepts exact IDs (T1190, T1059.001) or keyword search (e.g., "sql injection", "pass the hash", "web shell upload").
    Connector
  • Return a short, human-readable walkthrough for testing this server: the endpoint, the tool/prompt/resource names, and ready-to-paste sample prompts. Use to give someone a guided demo. For the full machine-readable capability catalog, use list_capabilities instead.
    Connector
  • Authenticate with A-Team. Required before any tenant-aware operation (reading solutions, deploying, testing, etc.). The user can get their API key at https://mcp.ateam-ai.com/get-api-key. Only global endpoints (spec, examples, validate) work without auth. IMPORTANT: Even if environment variables (ADAS_API_KEY) are configured, you MUST call ateam_auth explicitly — env vars alone are not sufficient. For cross-tenant admin operations, use master_key instead of api_key.
    Connector
  • Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector
  • Deploy an ERC-20 token on Sepolia testnet with no wallet required — TESTNET ONLY, always free. The platform wallet signs and broadcasts the transaction on your behalf. Use for integration testing before mainnet. Blocks until deployed (polls up to 3 minutes) and returns the final contract address in one call. Returns: { ok, status, contractAddress, tokenName, tokenSymbol, chain, chainId, txHash, explorerUrl, tokenUrl, intentId }. On timeout returns status='timeout' with a status_url to poll manually via ava_get_deployment_status. On failure returns ok=false with errorMessage. For mainnet deployments use ava_create_token_intent — your agent signs with its own wallet and pays gas + $10 fee directly.
    Connector
  • Validate AP2 Policy Mandate JSON payloads against the Unified Build Contract v1.0 schema. Auto-generates MCP tool definitions from the mandate and simulates agent ingestion of agent_instructions. Use when authoring or testing AP2 agentic payment policies. Renders the interactive AINumbers tool as a widget; inputs are applied via the AIN Bridge and the tool runs client-side (zero PII, zero network).
    Connector
  • World Bank open data — 1600+ development indicators for 200+ countries. Returns most-recent values and 5-year trend for any indicator by country. Covers GDP, population, inflation, unemployment, FDI, debt, exports, CO₂, life expectancy, Gini, internet penetration, ease of doing business, and more. Accepts ticker-style aliases (gdp, inflation, unemployment) or full WB indicator codes. Sourced from api.worldbank.org — free, no key required. Use for country risk, macro comparisons, policy analysis, and development economics.
    Connector
  • Map product whitespace across the user's existing ACCOUNTS against a product catalog: for each account, which catalogue products are unsold, the penetration %, and a whitespace score weighted by account quality (ARR + health). Returns the portfolio-level penetration plus accounts ranked by unsold-surface x quality, with the specific unsold products listed. Requires `catalogProducts` (your sellable set) and accepts loosely-typed account records (products/skus, arr, health normalized). This is the strategic penetration map; for a propensity-weighted, dollar-valued go-after list use `score_expansion_opportunities`. Operates only on the user's own book — never a prospecting list. Use when the user asks 'where is our whitespace', 'which products are under-penetrated', or pastes accounts plus a catalog.
    Connector
  • Get current ads scheduled for a device (for testing). WHEN TO USE: - Testing device ad delivery - Debugging which ads are being shown - Verifying ad targeting is working RETURNS: - ads: Array of advertisement objects - default_stream: Default content when no ads - schedule: Current ad schedule EXAMPLE: User: "What ads are showing on device P_abc123?" get_device_ads({ fingerprint: "P_abc123" })
    Connector
  • Get guidance on how to help a user build their Lyra profile. Returns the recommended questions and flow for AI companions to gather profile information conversationally.
    Connector
  • Check the health status of a domain. Returns the circuit breaker state: 'closed' (healthy), 'open' (failing), or 'half_open' (testing recovery). Use this before batch operations to avoid wasting time on domains that are down. Args: domain: The domain to check (e.g., 'example.com')
    Connector
  • Compute text similarity using local algorithms (Bag of Words, TF-IDF, Character N-grams). No API key needed — runs entirely in-process. NOT real embeddings: for true semantic similarity with vector embeddings, use run_semantic_tests with mode="embeddings" and your OpenAI API key. Supports single pair or batch mode with pipe-separated pairs. Useful for RAG retrieval testing, semantic search evaluation, and text deduplication.
    Connector
  • Word-overlap based hallucination check: verifies if an LLM answer's words and numbers appear in the provided source/context. Fast, deterministic, no API key needed. Limitations: not semantic — does not understand synonyms or paraphrases. For true semantic grounding, use run_semantic_tests with embedding mode. Essential for quick RAG accuracy testing.
    Connector
  • Compare multiple LLM responses to the same prompt and detect inconsistencies using Jaccard word-overlap similarity and fact drift (number comparison). Fast, deterministic, no API key needed. Limitations: relies on surface-level word matching — "Paris is the capital of France" vs "Paris is the French capital" may score low despite semantic equivalence. For true semantic consistency, use run_semantic_tests with embedding mode. Essential for determinism testing.
    Connector