CyberMCP
by ricauts
CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides specialized tools and resources for LLMs to identify common security issues in APIs.
Last updated: N/A
What is CyberMCP?
CyberMCP is an MCP server that facilitates security testing of backend APIs. It offers a suite of tools and resources that can be leveraged by LLMs to detect various security vulnerabilities.
How to use CyberMCP?
To use CyberMCP, first clone the repository, install the dependencies using npm install, and build the project with npm run build. Then, start the server using either the stdio transport (npm start) or HTTP transport (TRANSPORT=http PORT=3000 npm start). Connect to the server with any MCP client, including LLM platforms.
Key features of CyberMCP
Authentication Vulnerability Testing
Injection Testing
Data Leakage Testing
Rate Limiting Testing
Security Headers Testing
Comprehensive Resources (checklists and guides)
Multiple Authentication Methods
Use cases of CyberMCP
Automated API security assessments using LLMs
Identifying authentication vulnerabilities in APIs
Detecting injection flaws such as SQL injection and XSS
Pinpointing data leakage issues and sensitive data exposure
FAQ from CyberMCP
What is MCP?
What is MCP?
MCP stands for Model Context Protocol. It is a protocol that allows LLMs to interact with external tools and resources.
What kind of authentication methods does CyberMCP support?
What kind of authentication methods does CyberMCP support?
CyberMCP supports Basic Authentication, Token Authentication (including JWT), OAuth2 Authentication, and Custom API Login.
How do I access the security checklists?
How do I access the security checklists?
You can access the checklists via cybersecurity://checklists/{category}, where category can be authentication, injection, data_leakage, rate_limiting, or general.
How do I access the testing guides?
How do I access the testing guides?
You can access the guides via guides://api-testing/{topic}, where topic can be jwt-testing, auth-bypass, sql-injection, xss, or rate-limiting.
What information do I need to test an API with CyberMCP?
What information do I need to test an API with CyberMCP?
You need the API endpoints, authentication information, parameter names, test data, expected behavior, and authentication flow.