AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)
CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.
# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build
# Test the server
npm run test-server
# Start interactive testing
npm run test-interactive- 🔐 Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
- 💉 Injection Testing - SQL injection, XSS vulnerability detection
- 📊 Data Protection - Sensitive data exposure, path traversal checks
- ⏱️ Rate Limiting - DoS vulnerability assessment
- 🛡️ Security Headers - OWASP security header validation
- 📚 Comprehensive Resources - Security checklists and testing guides
| Category | Tools |
|---|---|
| Authentication | basic_auth, token_auth, oauth2_auth, api_login, auth_status, clear_auth, jwt_vulnerability_check, auth_bypass_check |
| Injection Testing | sql_injection_check, xss_check |
| Data Protection | sensitive_data_check, path_traversal_check |
| Infrastructure | rate_limit_check, security_headers_check |
CyberMCP works with all major AI-powered IDEs:
- Claude Desktop - Direct MCP integration
- Cursor IDE - Built-in MCP support
- Windsurf (Codeium) - Native MCP protocol
- VS Code + Cline - Extension-based integration
📖 Complete Setup Guide - Detailed configuration for each IDE
"Use basic_auth with username 'admin' and password 'secret123'
then use auth_bypass_check on https://api.example.com/users
to test for authentication bypass vulnerabilities"
The AI agent will:
- Configure authentication credentials
- Test the protected endpoint for bypass vulnerabilities
- Provide detailed security analysis and recommendations
# Comprehensive tool testing
npm run test-tools
# Manual interactive testing
npm run test-interactive
# Quick setup verification
npm run quick-start
# MCP Inspector (GUI)
npm run inspectorCyberMCP/
├── src/ # TypeScript source code
│ ├── tools/ # 14 security testing tools
│ ├── resources/ # Security checklists & guides
│ └── utils/ # Authentication & utilities
├── docs/ # Documentation
├── scripts/ # Testing & utility scripts
├── examples/ # Configuration examples
├── dist/ # Built JavaScript (generated)
└── README.md # This file
# Development mode with hot reload
npm run dev
# Build TypeScript
npm run build
# Start server (stdio mode)
npm start
# Start HTTP server
TRANSPORT=http PORT=3000 npm start- Setup Guide - Detailed installation and configuration
- Project Summary - Complete feature overview
- Testing Results - Validation and test coverage
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-security-tool - Make your changes and add tests
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Model Context Protocol - Official MCP documentation
- OWASP API Security - API security best practices
- MCP TypeScript SDK - Development framework
🔒 Secure your APIs with AI-powered testing!
For support and questions, please create an issue.