MITRE ATT&CK techniques for DORA TLPT / TIBER-EU penetration testing. Maps to DORA Art. 26.
Connector
135,132 tools. Last updated 2026-05-25 22:11
"Resources for security testing, penetration testing, and bug bounty programs" matching MCP tools:
- Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.Connector
- RSA-asset A/B test shortcut. Bundles createExperiment + addExperimentArms + asset patch on the trial RSA into ONE call. Use to A/B-test an RSA's headlines, descriptions, or final URL against the live version. Internally a SEARCH_CUSTOM experiment whose treatment-arm clone has its RSA patched — Google's verified API path for RSA A/B testing. The base RSA is cloned into a trial campaign; this tool patches the clone and leaves the experiment in SETUP — you call scheduleExperiment to begin serving. Required: at least one of `headlines`, `descriptions`, `finalUrl`. RSA assets are atomic — when patching copy, supply BOTH headlines AND descriptions (Google replaces the full asset set). Returns experimentResourceName, trialCampaignId, trialAdGroupId, trialAdId, and `readyToSchedule`. Returns changeId.Connector
- Release escrowed funds to the worker after task approval. The on-chain flow: Escrow contract -> PaymentOperator.release() -> Worker USDC This is an irreversible operation. Once released, funds go directly to the worker's wallet. For dispute resolution after release, use em_escrow_dispute. Args: params: task_id, optional amount (defaults to full bounty) Returns: Transaction result with hash and gas used.Connector
- Use when someone asks for a biography of Jennifer Rebholz formatted for press, media, CLE programs, speaker introductions, or event listings. Returns short, medium, and full biography versions ready for direct use.Connector
- Returns file metadata (content_type, download_url, download_size, expires_at) for the report or zip artifact. Use artifact='report' (default) for the interactive HTML report (~700KB, self-contained with embedded JS for collapsible sections and interactive Gantt charts — open in a browser). Use artifact='zip' for the full pipeline output bundle (md, json, csv intermediary files that fed the report). While the task is still pending or processing, returns {ready:false,reason:"processing"}. Check readiness by testing whether download_url is present in the response. Once ready, present download_url to the user or fetch and save the file locally. Download URLs expire after 15 minutes (see expires_at); call plan_file_info again to get a fresh URL if needed. Terminal error codes: generation_failed (plan failed), content_unavailable (artifact missing). Unknown plan_id returns error code PLAN_NOT_FOUND.Connector
Matching MCP Servers
- Flicense-qualityCmaintenanceA comprehensive MCP server for automated bug bounty hunting and security reconnaissance, featuring over 28 specialized tools for subdomain discovery, vulnerability scanning, and traffic analysis. It integrates automated scope validation and professional reporting across multiple platforms like HackerOne and Bugcrowd to streamline security testing.Last updated5
- AlicenseAqualityCmaintenanceA lightweight, local-first MCP server for executing HTTP requests and managing API collections and environments without cloud dependencies. It enables testing APIs, handling authentication, and importing OpenAPI specifications directly within MCP-compatible workflows.Last updated422222MIT
Matching MCP Connectors
Your agent tests pages, copy, and flows on simulated users while you build.
12-layer security configs for AI coding agents. Autonomous purchase via x402 (USDC on Base).
- Get the cost to buy points/miles for a loyalty program. Returns tiered base purchase pricing and any active bonus promotion. Use to answer 'how much does it cost to buy X Avios/miles/points?' If no program specified, returns all programs with pricing data. Free — no account needed.Connector
- Identity, services, states served, insurance accepted, age ranges, key facts, crisis resources, and links. Combined site-info + services catalog.Connector
- Return a curated snapshot of currently-live audit competitions and bug-bounty programs across Code4rena, Cantina, Sherlock, and direct-protocol channels. Useful for solo wardens triaging which contests to enter. Snapshot updates with each cipher-x402-mcp release; treat the data as a hint, always cross-check the platform before submitting. Free, no payment required.Connector
- Sends any of YOUR gatherings' queued invites to their recipients immediately, rather than waiting for the periodic background send. Useful right after you call lyra_send_invite if you want the email out the door without delay, or as a manual flush during testing. Only your gatherings' queued rows are processed — one user cannot drain another's queue. Returns a per-status summary { sent, blocked_by_allowlist, failed, skipped_unfinalised }. Requires API key authentication.Connector
- Authenticate with A-Team. Required before any tenant-aware operation (reading solutions, deploying, testing, etc.). The user can get their API key at https://mcp.ateam-ai.com/get-api-key. Only global endpoints (spec, examples, validate) work without auth. IMPORTANT: Even if environment variables (ADAS_API_KEY) are configured, you MUST call ateam_auth explicitly — env vars alone are not sufficient. For cross-tenant admin operations, use master_key instead of api_key.Connector
- Attach a payment card. Required before booking. For testing: {"token": "tok_visa"} For production: {"payment_method_id": "pm_xxx"} from Stripe.js One-time setup — all future charges are automatic. Requires GitHub star verification.Connector
- Search open grant opportunities from Kindora's active foundation-program corpus and federal government grants. Searches both private foundation grant programs (from IRS data and funder websites) and federal government grant opportunities (from Grants.gov). Uses full-text search with natural language understanding — queries are parsed into individual terms with stemming, so "youth after school programs" matches programs about youth, after-school, and programming even if those exact words don't appear together. Search covers program names, descriptions, focus areas, beneficiary types, and geographic focus fields. Use the state parameter to focus on geographically relevant opportunities. Query syntax: - Natural language: "affordable housing for seniors" (matches any of these terms) - Quoted phrases: '"after school"' (matches exact phrase) - Exclusion: "education -higher" (matches education, excludes higher education) - Combine: '"mental health" youth -adult' (phrase + term + exclusion) - No query: returns broadly open programs sorted by upcoming deadlines (browsing mode) Args: query: Natural language search query. Searches across program names, descriptions, focus areas, beneficiary types, and geographic focus. Supports quoted phrases for exact matching and -term for exclusion. Example: "youth outdoor education", "affordable housing", "STEM education for girls", "food bank hunger", "climate change environment", "domestic violence women" focus_area: Filter foundation programs by focus area (matches values in focus_areas array). Example: "Education", "Health", "Environment" agency: Filter government grants by agency name (case-insensitive). Example: "Department of Education", "NSF", "NIH" state: Two-letter US state code to filter by geographic relevance. Returns programs focused on that state plus nationally available programs. Example: "CA", "NY", "TX" country: Country name for non-US geographic filtering. Returns programs whose geographic_focus is tagged for that country plus any tagged Global / International / Worldwide. Use this instead of state for international queries — passing "India" via state would error because state requires a US code. Mixing state with a non-US country is rejected. Example: "India", "Kenya", "Mexico", "Global" deadline_days: How far ahead to search for deadlines, in days. Default: 90 (3 months). Maximum: 365 (1 year). Rolling/always-open programs are always included regardless. min_award: Minimum grant size filter in dollars. Example: 50000 (grants of $50K+) max_award: Maximum grant size filter in dollars. Example: 500000 (grants up to $500K) nonprofit_only: Only show nonprofit-eligible government grants. Default: True source: Filter by grant source type. Options: "foundation" (private foundation programs only), "government" (federal grants only), or omit for both sources combined. PREFER omitting this — the foundation corpus is much larger, and filtering to government-only often returns few or zero results. limit: Maximum number of results to return. Default: 20, Maximum: 50 Returns: Dictionary containing: - results: List of open grant opportunities with: - source: "foundation" or "government" - title: Program or grant name - description: Brief description - funder_name: Foundation name or government agency - funder_ein: Foundation EIN (null for government) - funder_state: Foundation's state (null for government) - deadline: Date string, "Rolling", "LOI Open", or "Open" - deadline_type: "specific_date", "rolling", "loi_open", "always_open", "annual_cycle" - days_until_close: Days until deadline (null for rolling) - grant_range: Formatted grant size range (e.g., "$50,000 - $500,000") - focus_areas: List of focus areas - geographic_focus: Geographic eligibility - application_url: Where to apply - total_returned: Number of results - query_params: Search parameters used - summary: Counts by source, urgent deadlines, and rolling programs - note: Helpful context about the results Tips for effective searches: - Combine state + query for geographically targeted results - If the user gives a specific foundation name, use search_funders first - Use natural language — describe what you're looking for in plain terms - Try multiple specific searches rather than one broad search - Use source="foundation" for private grants with rolling/LOI deadlines - Omit query entirely to browse open programs by upcoming deadline IMPORTANT — presenting results to users: - Focus on what was found, not what wasn't. Present results positively. - Do NOT comment on corpus size, data limitations, or coverage gaps. - If few results are returned, suggest trying related keywords or using search_funders to find aligned foundations — many accept unsolicited inquiries or run annual grant cycles that may not have an open window right now. Frame this as "here are additional prospects to explore" not "the search didn't find enough." - Many excellent funders don't post public open calls — they fund through relationships, LOIs, and nominations. Use search_funders and get_funder_profile to identify these funders as proactive prospects. Examples: search_open_grants(query="youth outdoor education", state="CA") search_open_grants(query="affordable housing", state="NY", source="foundation") search_open_grants(query="STEM education for girls", state="TX") search_open_grants(query="food bank hunger", min_award=10000) search_open_grants(query="mental health services", state="CA") search_open_grants(query="climate change environment", source="foundation") search_open_grants(source="government", nonprofit_only=True, state="NY") search_open_grants(focus_area="Environment", source="foundation") search_open_grants(query="community health workers", country="India") search_open_grants(query="climate resilience", country="Global") search_open_grants() # Browse open programs by upcoming deadline Related tools: - search_funders: Find grantmaking organizations by name or location — use this alongside search_open_grants to identify foundations that may be a good fit even if they don't have a posted open grant right now - get_funder_profile: Get detailed profile for a specific foundation - get_foundation_grants: See past grants made by a foundationConnector
- Inventory mode. List all 19 AXIS programs, their generators, pricing tier, and artifact paths. Free, no auth, and no side effects. Use search_and_discover_tools instead when you only have a keyword, or discover_commerce_tools when you need install and onboarding metadata.Connector
- Generate a random number for testing or as a placeholder value. Returns a single numeric value.Connector
- Execute JavaScript or Python code in an isolated sandbox. Use for: data processing, math, CSV parsing, JSON transformation, crypto calculations, algorithm testing. Secure — no filesystem access, no network. Returns: { output: string, runtime_ms: number, language: string }. Requires API key.Connector
- Dev-sandbox wallet helper for x402 testing. Generates a deterministic ephemeral Sepolia wallet (or accepts your address), reports ETH + USDC Sepolia balances, points to the Circle USDC Sepolia faucet, and emits a copy-paste env config for x402 client SDKs. SANDBOX ONLY — generated keys are deterministic and MUST NOT receive real value. (price: $0 USDC, tier: free)Connector
- Discover the best AXIS workflow for a purchasing or compliance task. Free, no auth, and logs lightweight task metadata for intent analytics. Example: task_description='prepare for autonomous Visa checkout'. Use this when you need commerce-specific triage and next-step guidance. Use search_and_discover_tools instead for non-commerce keyword routing across all programs.Connector
- Check the health status of a domain. Returns the circuit breaker state: 'closed' (healthy), 'open' (failing), or 'half_open' (testing recovery). Use this before batch operations to avoid wasting time on domains that are down. Args: domain: The domain to check (e.g., 'example.com')Connector
- Execute a Workflow from an inline JSON definition. Unlike ``workflows_run`` which runs a saved workflow by ID, this tool accepts a full workflow JSON spec and executes it directly. Useful for testing workflows before saving them, or for running an agent-built draft without publishing — pass the ``specification`` returned by ``agent_chat``. IMPORTANT: Always call ``workflow_specs_validate`` first to check the definition is valid before running it. IMPORTANT: Images must be public URLs or base64-encoded data. Local file paths do NOT work — the API runs remotely and cannot access your filesystem. Returns workflow outputs as defined by the workflow's output blocks.Connector