Cybermcp

@ricautson a year ago

8 MIT

FreeCommunity

AI Systems

CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.

What is Cybermcp

CyberMCP is a Model Context Protocol (MCP) server designed specifically for testing backend APIs for security vulnerabilities. It offers a range of specialized tools and resources that assist LLMs in identifying common security issues within APIs.

Use cases

Use cases for CyberMCP include testing APIs for security vulnerabilities during development, conducting security audits, and ensuring compliance with security standards in applications.

How to use

To use CyberMCP, clone the repository, install the dependencies, and build the project. You can run the server using stdio transport for integration with LLM platforms or HTTP transport for local development and testing.

Key features

Key features include authentication vulnerability testing, injection testing (SQL injection, XSS), data leakage testing, rate limiting testing, security headers testing, comprehensive resources for API security testing, and support for multiple authentication methods.

Where to use

CyberMCP can be used in various fields including software development, cybersecurity, and API development, where security testing of backend APIs is essential.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Overview

What is Cybermcp

Use cases

Use cases for CyberMCP include testing APIs for security vulnerabilities during development, conducting security audits, and ensuring compliance with security standards in applications.

How to use

Key features

Where to use

CyberMCP can be used in various fields including software development, cybersecurity, and API development, where security testing of backend APIs is essential.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Content

🔒 CyberMCP

AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)

CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.

🚀 Quick Start

# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build

# Test the server
npm run test-server

# Start interactive testing
npm run test-interactive

✨ Features

🔐 Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
💉 Injection Testing - SQL injection, XSS vulnerability detection
📊 Data Protection - Sensitive data exposure, path traversal checks
⏱️ Rate Limiting - DoS vulnerability assessment
🛡️ Security Headers - OWASP security header validation
📚 Comprehensive Resources - Security checklists and testing guides

🛠️ Security Tools (14 Total)

Category	Tools
Authentication	`basic_auth`, `token_auth`, `oauth2_auth`, `api_login`, `auth_status`, `clear_auth`, `jwt_vulnerability_check`, `auth_bypass_check`
Injection Testing	`sql_injection_check`, `xss_check`
Data Protection	`sensitive_data_check`, `path_traversal_check`
Infrastructure	`rate_limit_check`, `security_headers_check`

🎯 IDE Integration

CyberMCP works with all major AI-powered IDEs:

Claude Desktop - Direct MCP integration
Cursor IDE - Built-in MCP support
Windsurf (Codeium) - Native MCP protocol
VS Code + Cline - Extension-based integration

📖 Complete Setup Guide - Detailed configuration for each IDE

📋 Usage Example

"Use basic_auth with username 'admin' and password 'secret123' 
then use auth_bypass_check on https://api.example.com/users 
to test for authentication bypass vulnerabilities"

The AI agent will:

Configure authentication credentials
Test the protected endpoint for bypass vulnerabilities
Provide detailed security analysis and recommendations

📊 Testing & Validation

# Comprehensive tool testing
npm run test-tools

# Manual interactive testing  
npm run test-interactive

# Quick setup verification
npm run quick-start

# MCP Inspector (GUI)
npm run inspector

📁 Project Structure

CyberMCP/
├── src/                    # TypeScript source code
│   ├── tools/             # 14 security testing tools
│   ├── resources/         # Security checklists & guides
│   └── utils/             # Authentication & utilities
├── docs/                  # Documentation
├── scripts/               # Testing & utility scripts  
├── examples/              # Configuration examples
├── dist/                  # Built JavaScript (generated)
└── README.md              # This file

🔧 Development

# Development mode with hot reload
npm run dev

# Build TypeScript
npm run build

# Start server (stdio mode)
npm start

# Start HTTP server
TRANSPORT=http PORT=3000 npm start

📖 Documentation

Setup Guide - Detailed installation and configuration
Project Summary - Complete feature overview
Testing Results - Validation and test coverage

🤝 Contributing

Fork the repository
Create a feature branch: git checkout -b feature/new-security-tool
Make your changes and add tests
Submit a pull request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔗 Resources

Model Context Protocol - Official MCP documentation
OWASP API Security - API security best practices
MCP TypeScript SDK - Development framework

🔒 Secure your APIs with AI-powered testing!

For support and questions, please create an issue.

Dev Tools Supporting MCP

The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.

Zed: High-performance collaborative code editor, supports MCP protocol, providing a smooth programming experience. zed.dev

Cursor: AI code editor built on VS Code, supports MCP protocol for context-aware programming. cursor.com

Windsurf: AI code editor from Codeium, integrates MCP protocol to provide intelligent code assistance. windsurf.com

Continue: Open-source AI programming assistant plugin, supports VS Code and JetBrains, compatible with MCP protocol. continue.dev

Trae: AI-driven code editor, supports MCP protocol, focusing on enhancing developer programming experience. trae.ai

View More MCP Dev Tools

Tools

No tools

Comments

Recommend MCP Servers

Tavily MCP Server The Tavily MCP server provides: search, extract, map, crawl tools Real-time web search capabilities through the tavily-search tool Intelligent data extraction from web pages via the tavily-extract tool Powerful web mapping tool that creates a structured map of website Web crawler that systematically explores websites.

MCP Server Chart This is a TypeScript-based MCP server that provides chart generation capabilities. It allows you to create various types of charts through MCP tools. You can also use it in Dify.

GitHub MCP Server MCP Server for the GitHub API, enabling file operations, repository management, search functionality, and more.

Brave Search MCP Server Web and local search using Brave's Search API

Firecrawl MCP Server Advanced web scraping with JavaScript rendering, PDF support, and smart rate limiting

Context7 MCP LLMs rely on outdated or generic information about the libraries you use. You get:

Slack MCP server Channel management and messaging capabilities

Sequential Thinking MCP Server Dynamic and reflective problem-solving through thought sequences

Fetch MCP Server A Model Context Protocol server that provides web content fetching capabilities.

Playwright MCP A Model Context Protocol (MCP) server that provides browser automation capabilities using [Playwright](https://playwright.dev). This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.

View All MCP Servers