ZAP-MCP
ZAP-MCP is a powerful protocol for integrating OWASP ZAP with AI models. It enables AI-driven security testing, allowing direct interaction with scanning capabilities. Features include real-time scan monitoring and automated analysis, providing flexible integration with various AI models.
GitHub Stars
11
User Rating
Not Rated
Favorites
0
Views
51
Forks
2
Issues
0
ZAP-MCP: Model Context Protocol for OWASP ZAP
A powerful integration between OWASP ZAP and AI models through the Model Context Protocol (MCP). This project enables AI-driven security testing by allowing AI models to directly interact with ZAP's scanning capabilities.
Star History
Overview
ZAP-MCP provides a bridge between AI models (like Claude) and OWASP ZAP, enabling automated security testing and analysis. It uses a client-server architecture where ZAP-MCP acts as the server, exposing standardized functions that can be called by AI models through the MCP protocol.
Features
- AI-Driven Security Testing: Enable AI models to perform security scans and analysis
- Real-time Scan Monitoring: Track scan progress and get instant alerts
- Automated Analysis: Generate security reports and recommendations
- Flexible Integration: Works with various AI models through the MCP protocol
- WebSocket Communication: Real-time updates and interactions
Prerequisites
- Python 3.8+
- OWASP ZAP running locally or remotely
- Claude Desktop App (or other MCP-compatible client)
Installation
- Clone the repository:
git clone https://github.com/tazer/ZAP-MCP.git
cd ZAP-MCP
- Install dependencies:
pip install -r requirements.txt
- Set up the MCP server:
./setup_mcp.sh
- Configure ZAP-MCP:
- Copy
claude_desktop_config.jsonto your Claude app's config directory - Update the ZAP API key and URL in the config file
- Copy
Usage
- Start the MCP server:
mcp-server --config claude_desktop_config.json --model-dir ./models
Configure your Claude desktop app:
- Open Claude app settings
- Enable MCP server integration
- Set the WebSocket URL to:
ws://localhost:7456/ws
Start using ZAP-MCP:
- The Claude app will now have access to ZAP scanning tools
- You can request security scans, get alerts, and generate reports
Available Tools
The MCP server exposes these ZAP-specific tools:
start_scan: Start a new ZAP scan on a target URLget_scan_status: Check the status of a running scanget_alerts: Get all alerts from the current scanget_scan_summary: Get a summary of the current scan
Configuration
The claude_desktop_config.json file contains all necessary settings:
{
"mcp_server": {
"host": "localhost",
"port": 7456,
"model": "claude-instant-v1",
"max_tokens": 1000,
"temperature": 0.7,
"zap_api_key": "your-zap-api-key",
"zap_url": "http://localhost:8080"
},
"local_models": {
"path": "./models",
"prefer_local": true
},
"zap_settings": {
"scan_timeout": 300,
"max_concurrent_scans": 5,
"alert_threshold": "HIGH",
"scan_policy": "default"
}
}
Development
This project was developed using Cursor AI, an intelligent coding assistant that helped streamline the development process and ensure code quality.
Author
- TAZER - Initial work and maintenance
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- OWASP ZAP team for their excellent security testing tool
- Anthropic for Claude AI
- Cursor AI for their assistance in development
33
Followers
29
Repositories
12
Gists
0
Total Contributions
The Cyberbro MCP Server is a simple application that extracts Indicators of Compromise (IoCs) from unstructured input and checks their reputation using multiple threat intelligence services. It leverages the Model Context Protocol (MCP) to facilitate interaction with the Cyberbro platform.