CyberMCP
CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.
GitHub Stars
10
User Rating
Not Rated
Forks
4
Issues
2
Views
0
Favorites
0
š CyberMCP
AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)
CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.
š Quick Start
# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build
# Test the server
npm run test-server
# Start interactive testing
npm run test-interactive
āØ Features
- š Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
- š Injection Testing - SQL injection, XSS vulnerability detection
- š Data Protection - Sensitive data exposure, path traversal checks
- ā±ļø Rate Limiting - DoS vulnerability assessment
- š”ļø Security Headers - OWASP security header validation
- š Comprehensive Resources - Security checklists and testing guides
š ļø Security Tools (14 Total)
| Category | Tools |
|---|---|
| Authentication | basic_auth, token_auth, oauth2_auth, api_login, auth_status, clear_auth, jwt_vulnerability_check, auth_bypass_check |
| Injection Testing | sql_injection_check, xss_check |
| Data Protection | sensitive_data_check, path_traversal_check |
| Infrastructure | rate_limit_check, security_headers_check |
šÆ IDE Integration
CyberMCP works with all major AI-powered IDEs:
- Claude Desktop - Direct MCP integration
- Cursor IDE - Built-in MCP support
- Windsurf (Codeium) - Native MCP protocol
- VS Code + Cline - Extension-based integration
š Complete Setup Guide - Detailed configuration for each IDE
š Usage Example
"Use basic_auth with username 'admin' and password 'secret123'
then use auth_bypass_check on https://api.example.com/users
to test for authentication bypass vulnerabilities"
The AI agent will:
- Configure authentication credentials
- Test the protected endpoint for bypass vulnerabilities
- Provide detailed security analysis and recommendations
š Testing & Validation
# Comprehensive tool testing
npm run test-tools
# Manual interactive testing
npm run test-interactive
# Quick setup verification
npm run quick-start
# MCP Inspector (GUI)
npm run inspector
š Project Structure
CyberMCP/
āāā src/ # TypeScript source code
ā āāā tools/ # 14 security testing tools
ā āāā resources/ # Security checklists & guides
ā āāā utils/ # Authentication & utilities
āāā docs/ # Documentation
āāā scripts/ # Testing & utility scripts
āāā examples/ # Configuration examples
āāā dist/ # Built JavaScript (generated)
āāā README.md # This file
š§ Development
# Development mode with hot reload
npm run dev
# Build TypeScript
npm run build
# Start server (stdio mode)
npm start
# Start HTTP server
TRANSPORT=http PORT=3000 npm start
š Documentation
- Setup Guide - Detailed installation and configuration
- Project Summary - Complete feature overview
- Testing Results - Validation and test coverage
š¤ Contributing
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-security-tool - Make your changes and add tests
- Submit a pull request
š License
This project is licensed under the MIT License - see the LICENSE file for details.
š Resources
- Model Context Protocol - Official MCP documentation
- OWASP API Security - API security best practices
- MCP TypeScript SDK - Development framework
š Secure your APIs with AI-powered testing!
For support and questions, please create an issue.