mcpserver.so LogoMCPFly
Submit
OWASP MCP Server logo

OWASP MCP Server

by shadsidd

SecurityOWASP ZAPsecurity scanningautomationWebSocketCI/CDvulnerability assessment

A WebSocket-based Mission Control Protocol (MCP) server for OWASP ZAP, enabling real-time control and monitoring of security assessments. It provides a powerful SDK and CLI for automating and managing ZAP scans.

View on GitHub

Last updated: N/A

What is OWASP MCP Server?

The OWASP MCP Server is a WebSocket-based server that provides real-time control and monitoring for OWASP ZAP security scans. It offers a command-line interface (CLI) and SDK for automating and managing security assessments, making it ideal for CI/CD integration and batch processing.

How to use OWASP MCP Server?

To use the MCP Server, first install OWASP ZAP and the required Python packages. Start ZAP in daemon mode, then start the MCP Server. Use the provided CLI (mcp_cli.py) to initiate scans, specifying target URLs and scan types. The examples/ directory contains scripts demonstrating key features and integrations.

Key features of OWASP MCP Server

  • Real-time updates via WebSocket

  • Full automation capabilities

  • Native CI/CD integration

  • Batch processing support

  • Concurrent scanning of multiple domains

  • Robust error handling

Use cases of OWASP MCP Server

  • Automated security scanning in CI/CD pipelines

  • Real-time monitoring of security assessments

  • Batch processing of multiple website scans

  • Custom security rule implementation

  • Team notifications for scan results

FAQ from OWASP MCP Server

What are the prerequisites for running the MCP Server?

Python 3.8+, OWASP ZAP 2.12.0+, Java Runtime Environment (JRE) 8+, and Sudo/Administrator privileges (required for ZAP).

How do I start OWASP ZAP in daemon mode?

Use the command sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080 (macOS/Linux) or "C:\Program Files\OWASP\Zed Attack Proxy\zap.bat" -daemon -port 8080 (Windows as Administrator).

What ports does the MCP Server use?

ZAP uses port 8080 by default, and the MCP Server uses port 3000. Ensure these ports are not in use before starting.

How do I run a quick spider scan?

Use the command python mcp_cli.py scan example.com.

How do I resolve the 'Address already in use' error?

Check what's using the port with sudo lsof -i :8080 and kill the process if needed with sudo kill -9 <PID>.