Skip to main content
Glama
262,002 tools. Last updated 2026-07-05 16:07

"Information on Security Testing" matching MCP tools:

  • Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector
  • Health & security posture of a software package (npm / PyPI / Go / Maven / Cargo / NuGet / RubyGems) from deps.dev (Google Open Source Insights, keyless): latest version, license, count of known security advisories, the OpenSSF Scorecard (0-10 security-posture score for the source repo + its weakest checks) and popularity (stars/forks). The "should I depend on this?" check — pairs with check_vulnerability (is a version vulnerable) and software_version (is the runtime current). Args: package (e.g. "lodash", "requests"), ecosystem (npm|pypi|go|maven|cargo|nuget|rubygems), version (optional — defaults to the latest). Every value is returned in an Ed25519-signed, provenance-stamped envelope (source and observation time) you can verify offline against /.well-known/keys, no account required.
    Connector
  • Active website security scan: runs the ContrastScan C engine (11 modules — HTTP security headers, SSL/TLS, DNS, redirect chain, information disclosure, cookie flags, DNSSEC, HTTP methods, CORS, HTML hygiene, deep CSP analysis) against the live site and enriches the raw result with severity-ranked vulnerability findings and a letter grade. Use for a hands-on misconfiguration scan; use audit_domain for passive recon (DNS/WHOIS/SSL/threat intel) and scan_headers for headers only. Active outbound fetch — a per-target eTLD+1 throttle (60 req/min) applies. Free: 30/hr (costs 6 tokens), Pro: 500/hr. Returns {domain, resolved_ip, total_score, max_score, grade, findings, findings_count, headers, ssl, dns, redirect, disclosure, cookies, dnssec, methods, cors, html, csp_analysis, enterprise, summary, next_calls}.
    Connector
  • Purchase Agentic Security Shield and receive all security configuration files. TWO-PHASE FLOW (you MUST do BOTH steps): STEP 1 — on-chain payment + token exchange: a) Send 19 USDC on Base network to the recipient address in /pricing or /.well-known/mcp/server-card.json (payTo field). b) POST /purchase (HTTP REST, not this MCP tool!) Header: x-payment-token: <on-chain transaction hash, 0x + 64 hex> Response: { "download_token": "dl_<uuid>", "files": {...} } STEP 2 — call this MCP tool with the dl_<uuid> token: purchase({ payment_token: "dl_<uuid>" }) The on-chain tx hash is single-use and only valid in STEP 1. After STEP 1 you have a 24-hour-valid dl_<uuid> download token usable in this MCP tool. Most agents will get the files inline from STEP 1's response and never need to call this MCP tool — it exists for clients that prefer MCP-native delivery.
    Connector
  • SHIP DEV TO PROD. Merges the `dev` branch into `main` and auto-tags the new main HEAD as safe-YYYY-MM-DD-NNN. Use after testing your dev work, when you're ready to deploy changes to production. Workflow: 1) ateam_github_patch (writes to dev) → 2) ateam_github_promote (merges dev→main) → 3) ateam_build_and_run (deploys main). Pass dry_run:true to see what's about to ship without merging. On merge conflict the call returns 409 — resolve manually on GitHub (open a PR or use the web UI), then retry.
    Connector
  • Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Execute JavaScript or Python code in an isolated sandbox. Use for: data processing, math, CSV parsing, JSON transformation, crypto calculations, algorithm testing. Secure — no filesystem access, no network. Returns: { output: string, runtime_ms: number, language: string }. Requires API key.
    Connector
  • Generate realistic mock data from a JSON Schema. Supports all common types (string, number, integer, boolean, array, object, null), format hints (email, date, date-time, uri, uuid), enum, const, and nested schemas. Perfect for testing MCP tools with realistic data.
    Connector
  • Look up a MITRE ATT&CK technique by ID or keyword for authorized penetration testing and security research. Returns the full technique record: name, associated tactics, description, detection opportunities (log sources, behavioral indicators), real-world procedure examples from public reporting, recommended mitigations, and related sub-techniques. The detection and mitigation sections make this equally useful for defenders building detection coverage. Accepts exact IDs (T1190, T1059.001) or keyword search (e.g., "sql injection", "pass the hash", "web shell upload").
    Connector
  • USE THIS to verify a French social-security number (NIR / numéro de sécurité sociale, INSEE) before relying on it — do not guess the key. Checks the 13-digit body (Corsica 2A/2B handled) and the mod-97 two-digit key. Validates structure only.
    Connector
  • Return a short, human-readable walkthrough for testing this server: the endpoint, the tool/prompt/resource names, and ready-to-paste sample prompts. Use to give someone a guided demo. For the full machine-readable capability catalog, use list_capabilities instead.
    Connector
  • Returns the latest public web-security scan results for turva.dev's own domain (Hardenize, Internet.nl), with the scan date. Use this when a user asks about turva.dev's own security posture or wants evidence beyond agent-readiness scores. Read-only: returns static JSON and changes nothing.
    Connector
  • Fetch HTTP response headers for a URL. Use when inspecting server configuration, security headers, or caching policies.
    Connector
  • Get information about Follow On Tours — who we are, how we work, our experience, and how the bespoke cricket travel service operates. Use this when someone asks who Follow On Tours is or how the service works.
    Connector
  • Aggregated intelligence feed combining research findings, active security threats, and live staking APY snapshot in a single call ($0.005 USDC). Sources: ChromaDB research library + Guardian log + staking.db. Best for: broad situational awareness — replaces three separate calls. Requires x402 payment on Base mainnet.
    Connector
  • Deploy an ERC-20 token on Sepolia testnet with no wallet required — TESTNET ONLY, always free. The platform wallet signs and broadcasts the transaction on your behalf. Use for integration testing before mainnet. Blocks until deployed (polls up to 3 minutes) and returns the final contract address in one call. Returns: { ok, status, contractAddress, tokenName, tokenSymbol, chain, chainId, txHash, explorerUrl, tokenUrl, intentId }. On timeout returns status='timeout' with a status_url to poll manually via ava_get_deployment_status. On failure returns ok=false with errorMessage. For mainnet deployments use ava_create_token_intent — your agent signs with its own wallet and pays gas + $10 fee directly.
    Connector
  • Audit the security attributes of cookies set by any URL. Fetches the URL and inspects all Set-Cookie headers for: HttpOnly, Secure, SameSite, Domain scope, Path scope, Max-Age/Expires, __Host-/__Secure- prefixes. Flags insecure patterns: missing HttpOnly on session cookies, missing Secure flag, SameSite=None without Secure, overly broad Domain, and excessive TTL. Returns per-cookie grades and an overall security score (0–100).
    Connector
  • USE THIS to verify an ISIN (international securities identifier) before relying on it — never assume a 12-character code is valid. Checks the format and the ISO 6166 Luhn check digit, and returns the country code. Call this when a user supplies a security/instrument identifier.
    Connector
  • Génère (sans appliquer) un artefact AEO, déterministe et gratuit. Types : jsonld, robots, llms, meta, faq (params faqs[]), ai-txt, humans-txt, security-txt, sitemap. jsonld/robots/llms/meta/faq sont applicables (cf. aeo_apply) ; ai-txt/humans-txt/security-txt/sitemap sont à publier par l’agence.
    Connector
  • FREE triage tool — send whatever context you have (message content, sender info, URLs, attachments, draft replies, thread messages, image/video URLs) and get back a prioritized list of which security tools to run. No AI call, no charge, instant response. Always call this first to get the best security coverage.
    Connector