Skip to main content
Glama
127,466 tools. Last updated 2026-05-05 16:51

"Information on Penetration Testing (Pentest)" matching MCP tools:

  • inspect_security_headers

    Ground Truth

    Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector

  • get_about

    Follow On Tours

    Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector

  • setup_payment

    BoostedTravel

    Attach a payment card. Required before booking. For testing: {"token": "tok_visa"} For production: {"payment_method_id": "pm_xxx"} from Stripe.js One-time setup — all future charges are automatic. Requires GitHub star verification.
    Connector

  • ateam_auth

    ateam-mcp

    Authenticate with A-Team. Required before any tenant-aware operation (reading solutions, deploying, testing, etc.). The user can get their API key at https://mcp.ateam-ai.com/get-api-key. Only global endpoints (spec, examples, validate) work without auth. IMPORTANT: Even if environment variables (ADAS_API_KEY) are configured, you MUST call ateam_auth explicitly — env vars alone are not sufficient. For cross-tenant admin operations, use master_key instead of api_key.
    Connector

  • trust_check_preview

    paladin-swap

    Get a SAMPLE-FIXTURE preview of the PaladinFi token-contract trust check. ⚠️ NOT a real evaluation. Returns fixed sample data with `_preview: true`, every factor marked `real: false`, and recommendation prefixed `sample-` (`sample-allow` / `sample-warn` / `sample-block`). Use this for shape-testing your integration; DO NOT use the verdict to gate real swaps, signing, or any production agent decision. **Programmatic safety check**: before consuming any field of this response, agents should test `resp.get("_real") is True` (top-level) — preview always returns `_real: false`. Substring-matching on `recommendation` (e.g. `"allow" in resp["trust"]["recommendation"]`) will INCORRECTLY match `sample-allow`; use exact-equality (`resp["trust"]["recommendation"] == "allow"`) or test the `_real` field instead.
    Connector

  • get_about

    cricket-travel

    Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector

Matching MCP Servers

  • Professional Penetration

    AnGrY-Althaf
    F
    license
    -
    quality
    C
    maintenance
    Provides access to over 40 industry-standard penetration testing tools, including Nmap, SQLMap, and Metasploit, within an isolated Kali Linux Docker container. It enables security professionals to perform comprehensive network reconnaissance, web application testing, and vulnerability research through natural language commands.
    Last updated

  • MCP Pentest

    adriyansyah-mf
    F
    license
    C
    quality
    D
    maintenance
    An automated penetration testing framework that enables intelligent security assessments through reconnaissance, vulnerability scanning, and controlled exploitation. Features AI-driven workflow management with comprehensive reporting for authorized security testing.
    Last updated
    27
    6

Matching MCP Connectors

  • Ship On Friday

    ship-on-friday MCP — wraps StupidAPIs (requires X-API-Key)

  • On-Page.ai SEO MCP

    Hosted SEO MCP server for URL + keyword scans, entity coverage, competitor gaps, and internal-link opportunities for AI agents.

  • get_device_ads

    Trillboards DOOH Advertising

    Get current ads scheduled for a device (for testing). WHEN TO USE: - Testing device ad delivery - Debugging which ads are being shown - Verifying ad targeting is working RETURNS: - ads: Array of advertisement objects - default_stream: Default content when no ads - schedule: Current ad schedule EXAMPLE: User: "What ads are showing on device P_abc123?" get_device_ads({ fingerprint: "P_abc123" })
    Connector

  • test_webhook

    Trillboards DOOH Advertising

    Send a test event to a webhook endpoint. WHEN TO USE: - Verifying webhook endpoint is working - Testing integration during development - Debugging webhook delivery issues RETURNS: - success: Boolean indicating delivery success - response_code: HTTP response code from endpoint - response_time_ms: Response time in milliseconds - error: Error message if delivery failed EXAMPLE: User: "Test my webhook with a device.online event" test_webhook({ webhook_id: "wh_mmmpdbvj_8b7c5a59296d", event: "device.online" })
    Connector

  • token_info

    Nansen

    Get token information — spot on-chain details or Hyperliquid perpetual futures stats. On-chain tokens mode (default): Returns token details (name, symbol, market cap, FDV, supply, deployment date, socials) and spot trading metrics (volume, buys/sells, buyers/sellers, holders, liquidity). Perps mode: Returns Hyperliquid perp stats — mark price, funding, open interest, buy/sell pressure, trader participation. Returns: Token information as markdown. On-chain tokens fields: - **Market Cap / FDV**: Market capitalization and fully diluted valuation - **Circulating / Total Supply**: Token supply metrics - **Deployed**: When the token was deployed - **Volume (Total / Buy / Sell)**: Trading volume in USD - **Buys / Sells**: Number of buy/sell transactions - **Unique Buyers / Sellers**: Distinct trading addresses - **Total Holders**: Number of token holders - **Liquidity**: Available liquidity in USD Perps fields: - **Mark Price**: Current perp mark price - **Price Change**: Change vs previous price - **Funding Rate (hourly/annualized)**: Current funding rate - **Open Interest**: Total current open interest in USD - **Volume (Total / Buy / Sell)**: Perp volume in USD - **Net Flow (Buy - Sell)**: Buy/sell pressure in USD - **Traders**: Number of traders Example: On-chain tokens (default mode): ``` { "mode": "onchain_tokens", "chain": "ethereum", "tokenAddress": "0xa0b86a33e6b6c4b3add000b44b3a1234567890ab", "timeframe": "1d" } ``` Hyperliquid perps: ``` { "mode": "perps", "tokenAddress": "BTC", "timeframe": "7d" } ``` Notes: - On-chain tokens mode uses contract addresses - Perps mode uses token symbols (e.g. BTC, ETH, HYPE) - Both modes use the same `timeframe` parameter
    Connector

  • check_domain

    SteadyFetch

    Check the health status of a domain. Returns the circuit breaker state: 'closed' (healthy), 'open' (failing), or 'half_open' (testing recovery). Use this before batch operations to avoid wasting time on domains that are down. Args: domain: The domain to check (e.g., 'example.com')
    Connector

  • search_vaadin_docs

    docs-mcp

    Search Vaadin documentation for relevant information about Vaadin development, components, and best practices. Uses hybrid semantic + keyword search. USE THIS TOOL for questions about: Vaadin components (Button, Grid, Dialog, etc.), TestBench, UI testing, unit testing, integration testing, @BrowserCallable, Binder, DataProvider, validation, styling, theming, security, Push, Collaboration Engine, PWA, production builds, Docker, deployment, performance, and any Vaadin-specific topics. When using this tool, try to deduce the correct development model from context: use "java" for Java-based views, "react" for React-based views, or "common" for both. Use get_full_document with file_paths containing the result's file_path when you need complete context.
    Connector

  • get_block_info

    mcp-server

    Get block information like timestamp, gas used, burnt fees, transaction count etc. Can optionally include the list of transaction hashes contained in the block. Transaction hashes are omitted by default; request them only when you truly need them, because on high-traffic chains the list may exhaust the context.
    Connector

  • ateam_test_status

    ateam-mcp

    Poll the progress of an async skill test. Returns iteration count, tool call steps, status (running/completed/failed), and result when done. (Advanced — use ateam_test_skill with wait=true for synchronous testing.)
    Connector

  • submit_correction

    Buildability™ — Property Zoning & Buildability™ Intelligence

    Report an error on a ReadyPermit page so Buildability™ can verify and update. USE WHEN: a user mentions that information on ReadyPermit looks outdated, wrong, or incomplete (e.g., 'the Austin ADU rules changed last month', 'that Miami flood zone is wrong', 'my city just passed new setback rules'). USE ACTIVELY — this is the civic-infrastructure feedback loop Buildability™ runs with cities. Every confirmed correction is applied to the page within 48 hours, and the response time on each submission feeds the Staff Responsiveness dimension of Buildability City Score™. RETURNS: a correction ID for tracking + status.
    Connector

  • create_note

    connect

    Add a note to a work — annotations, research notes, or contextual information. TRIGGER: "note that," "remind me about," "there's a story behind this," "I should remember," or any context the user wants recorded. Default visibility to "private" unless the user specifies otherwise. Visibility levels: "private" (only the artist), "authorized" (anyone with delegated access), "public" (shown on the public catalogue and on every shared RAI). Resolve work_id via search_natural_language. After success, ask if they'd like to see the updated work — then call get_work to show the visual card.
    Connector

  • data.product

    DezignWorks Product Oracle

    Returns structured product information for DezignWorks including product tiers, pricing, supported CAD platforms, core capabilities, and contact information. Use for quick lookups without an LLM call.
    Connector

  • get_vaadin_primer

    docs-mcp

    IMPORTANT: Always use this tool FIRST before working with Vaadin. Returns a comprehensive primer document with current (2025+) information about modern Vaadin development. This addresses common AI misconceptions about Vaadin and provides up-to-date information about Java vs React development models, project structure, components, and best practices. Essential reading to avoid outdated assumptions. For legacy versions (7, 8, 14), returns guidance on version-specific resources.
    Connector

  • clients.records.update

    FreelanceOS

    Update one or more fields on an existing client record. Use this tool when a freelancer wants to correct contact details, change a billing rate, update notes, or make any other modification to a client's stored information — only the fields you provide will be changed, all others remain untouched.
    Connector

  • get_contradictions

    VaultCrux Memory Core

    Find conflicting information across the user's memory. Returns groups of artefacts that contradict each other on the same topic. Use after gathering evidence for an answer — if your evidence sources disagree, this reveals which version is correct (typically the most recent).
    Connector

  • format_las

    Caliper

    Extract metadata from a LAS or LAZ point cloud file. Returns LAS version, point format, point count, scale factors, offsets, bounding box, classification counts, feature flags (RGB, intensity, GPS time, waveform), and VLR information. Payment via x402 (USDC on Base) or card via MPP (Stripe). See format_auto for payment flow details. Privacy policy: https://caliper.fit/privacy
    Connector