[Skip to main content](https://glama.ai/mcp/servers/@ricauts/<#main-content>)
[Glama](https://glama.ai/mcp/servers/@ricauts/</>)
[Chat](https://glama.ai/mcp/servers/@ricauts/</chat>)[MCP](https://glama.ai/mcp/servers/@ricauts/</mcp>)[Gateway](https://glama.ai/mcp/servers/@ricauts/</gateway>)[Models](https://glama.ai/mcp/servers/@ricauts/</models>)[Pricing](https://glama.ai/mcp/servers/@ricauts/</pricing>)[Community](https://glama.ai/mcp/servers/@ricauts/</discord>)[Sign In](https://glama.ai/mcp/servers/@ricauts/</sign-in>)
[Chat](https://glama.ai/mcp/servers/@ricauts/</chat>)MCP[Gateway](https://glama.ai/mcp/servers/@ricauts/</gateway>)[Models](https://glama.ai/mcp/servers/@ricauts/</models>)[Pricing](https://glama.ai/mcp/servers/@ricauts/</pricing>)[Community](https://glama.ai/mcp/servers/@ricauts/</discord>)[Sign In](https://glama.ai/mcp/servers/@ricauts/</sign-in>)
[Glama](https://glama.ai/mcp/servers/@ricauts/</>)
[MCP](https://glama.ai/mcp/servers/@ricauts/</mcp>)
[Servers](https://glama.ai/mcp/servers/@ricauts/</mcp/servers>)
[en](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#readme-md> "English")[es](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=es-ES#readme-md> "Spanish")[ja](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=ja-JP#readme-md> "Japanese")[ko](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=ko-KR#readme-md> "Korean")[zh](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=zh-CN#readme-md> "Chinese")
[English](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#readme-md> "English")[Spanish](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=es-ES#readme-md> "Spanish")[Japanese](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=ja-JP#readme-md> "Japanese")[Korean](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=ko-KR#readme-md> "Korean")[Chinese](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP?locale=zh-CN#readme-md> "Chinese")
# CyberMCP
by [ricauts](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/ricauts>)
Claim
[GitHub](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/ricauts/CyberMCP>)
  * [API Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/api-testing>)
  * [Penetration Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/penetration-testing>)
  * [Security](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/security-and-iam>)


[TypeScript](https://glama.ai/mcp/servers/@ricauts/</mcp/servers?attributes=language%3Atypescript>)
MIT License
1
[Overview](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP>)[InspectNew](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/inspect>)[Schema](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/schema>)[Related Servers](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/related-servers>)[Reviews](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/reviews>)[Score](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/score>)
[Need Help?](https://glama.ai/mcp/servers/@ricauts/</mcp/discord>)[View Source Code](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/ricauts/CyberMCP>)[Report Issue](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/punkpeye/awesome-mcp-servers/issues/new?body=Server%3A+CyberMCP%0AURL%3A+https%3A%2F%2Fgithub.com%2Fricauts%2FCyberMCP%0AAuthor%3A+%40ricauts%0A%0A---%0A%0A&labels=glama+server+listing&title=%5BCyberMCP%5D+>)
#### Integrations
  * Provides authentication capabilities via OAuth2 for testing secured [GitHub](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/integrations/github>) API endpoints to identify security vulnerabilities in authentication flows, token handling, and data access controls.
  * Supports the installation and dependency management through package.json, allowing the MCP server to be installed and run for cybersecurity API testing purposes.
  * Provides [TypeScript](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/integrations/typescript>) integration for implementing strongly-typed security testing tools and utilities, with configuration through tsconfig.json to support the MCP server development.


## CyberMCP - Cybersecurity API Testing with MCP
CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.
### Features
  * **Authentication Vulnerability Testing** : Check for JWT vulnerabilities, authentication bypass, and weak authentication mechanisms
  * **Injection Testing** : Test for SQL injection, XSS, and other injection vulnerabilities
  * **Data Leakage Testing** : Identify sensitive data exposure issues
  * **Rate Limiting Testing** : Test for rate limiting bypass and DDoS vulnerabilities
  * **Security Headers Testing** : Check for missing or misconfigured security headers
  * **Comprehensive Resources** : Access checklists and guides for API security testing
  * **Authentication Support** : Multiple authentication methods to test secured endpoints


### Project Structure
Copy
CyberMCP/ ├── src/ │ ├── tools/ # MCP tools for security testing │ ├── resources/ # MCP resources (checklists, guides) │ ├── transports/ # Custom transport implementations │ ├── utils/ # Utility functions and auth management │ └── index.ts # Main entry point ├── package.json # Dependencies and scripts ├── tsconfig.json # TypeScript configuration └── README.md # This file
### Installation
  1. Clone the repository:
Copy
git clone https://github.com/your-username/CyberMCP.git cd CyberMCP
  2. Install dependencies:
Copy
npm install
  3. Build the project:
Copy
npm run build


### Usage
#### Running the MCP Server
You can run the server using either the stdio transport (default) or HTTP transport:
**Using stdio transport (for integration with LLM platforms):**
Copy
npm start
**Using HTTP transport (for local development and testing):**
Copy
TRANSPORT=http PORT=3000 npm start
#### Connecting to the Server
The MCP server can be connected to any MCP client, including LLM platforms that support the Model Context Protocol.
### Security Tools
#### Authentication
CyberMCP supports several authentication methods to test secured APIs:
  * **Basic Authentication** : Set up HTTP Basic Auth with username and password
  * **Token Authentication** : Use bearer tokens, JWT, or custom token formats
  * **OAuth2 Authentication** : Full OAuth2 flow support with different grant types
  * **Custom API Login** : Authenticate against any login API endpoint


Authentication Tools:
  * `basic_auth`: Authenticate with username/password
  * `token_auth`: Set up token-based authentication
  * `oauth2_auth`: Perform OAuth2 authentication
  * `api_login`: Login using a custom API endpoint
  * `auth_status`: Check current authentication status
  * `clear_auth`: Clear the current authentication state


#### Authentication Testing
  * **JWT Vulnerability Check** : Analyzes JWT tokens for security issues
  * **Authentication Bypass Check** : Tests endpoints for authentication bypass vulnerabilities


#### Injection Testing
  * **SQL Injection Check** : Tests parameters for SQL injection vulnerabilities
  * **XSS Check** : Tests for Cross-Site Scripting vulnerabilities


#### Data Leakage Testing
  * **Sensitive Data Check** : Identifies leaked PII, credentials, and sensitive information
  * **Path Traversal Check** : Tests for directory traversal vulnerabilities


#### Security Headers Testing
  * **Security Headers Check** : Analyzes HTTP headers for security best practices


### Resources
#### Checklists
Access security checklists via `cybersecurity://checklists/{category}` where category can be:
  * `authentication`
  * `injection`
  * `data_leakage`
  * `rate_limiting`
  * `general`


#### Guides
Access detailed testing guides via `guides://api-testing/{topic}` where topic can be:
  * `jwt-testing`
  * `auth-bypass`
  * `sql-injection`
  * `xss`
  * `rate-limiting`


### Required Information for API Testing
To effectively test an API for security vulnerabilities, you'll need:
  1. **API Endpoints** : URLs of the endpoints to test
  2. **Authentication Information** : Credentials or tokens for accessing secured endpoints
  3. **Parameter Names** : Names of the parameters that accept user input
  4. **Test Data** : Sample valid data for parameters
  5. **Expected Behavior** : What the normal response should look like
  6. **Authentication Flow** : How authentication works in the target API


### Authentication Examples
#### Basic Authentication
Copy
basic_auth: username: "admin" password: "secure_password"
#### Token Authentication
Copy
token_auth: token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." token_type: "Bearer" expires_in: 3600
#### OAuth2 Authentication
Copy
oauth2_auth: client_id: "client_123" client_secret: "secret_456" token_url: "https://example.com/oauth/token" grant_type: "client_credentials" scope: "read write"
#### Custom API Login
Copy
api_login: login_url: "https://example.com/api/login" credentials: username: "admin" password: "secure_password" token_path: "data.access_token"
### License
MIT
Install Server
This server [cannot be installed](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP/score>)
-
security - not tested
A
license - permissive license
-
quality - not tested
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.
  1. [Features](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#features>)
  2. [Project Structure](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#project-structure>)
  3. [Installation](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#installation>)
  4. [Usage](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#usage>)
    1. [Running the MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#running-the-mcp-server>)
    2. [Connecting to the Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#connecting-to-the-server>)
  5. [Security Tools](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#security-tools>)
    1. [Authentication](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#authentication>)
    2. [Authentication Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#authentication-testing>)
    3. [Injection Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#injection-testing>)
    4. [Data Leakage Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#data-leakage-testing>)
    5. [Security Headers Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#security-headers-testing>)
  6. [Resources](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#resources>)
    1. [Checklists](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#checklists>)
    2. [Guides](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#guides>)
  7. [Required Information for API Testing](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#required-information-for-api-testing>)
  8. [Authentication Examples](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#authentication-examples>)
    1. [Basic Authentication](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#basic-authentication>)
    2. [Token Authentication](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#token-authentication>)
    3. [OAuth2 Authentication](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#oauth2-authentication>)
    4. [Custom API Login](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#custom-api-login>)
  9. [License](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ricauts/CyberMCP#license>)


#### Related MCP Servers
  * ## 
Salesforce
[salesforce-mcp-server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@kablewy/salesforce-mcp-server>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/databases>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/app-automation>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/customer-data-platforms>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/remote-capable>)
[kablewy](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/kablewy>)
A
security
F
license
A
quality
A Model Context Protocol server implementation for interacting with Salesforce through its REST API.
Last updated -
4
10
TypeScript
  * ## [Nash MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@nash-app/nash-mcp>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/shell-access>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/code-execution>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/web-scraping>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/hybrid>)
[nash-app](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/nash-app>)
-
security
A
license
-
quality
A Model Context Protocol server that enables seamless execution of commands, Python code, web content fetching, and reusable task management with secure credentials handling.
Last updated -
2
Python
MIT License
    * Apple
  * ## [Echo MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@piebro/echo-mcp-server-for-testing>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/developer-tools>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/testing-and-qa-tools>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/remote-capable>)
[piebro](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/piebro>)
A
security
A
license
A
quality
A simple server implementing the Model Context Protocol (MCP) that echoes messages back, designed for testing MCP clients.
Last updated -
1
Python
MIT License
  * ## [Infisical MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@Infisical/infisical-mcp-server>)official
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/security-and-iam>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/developer-tools>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/cloud-platforms>)
    * [](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/categories/remote-capable>)
[Infisical](https://glama.ai/mcp/servers/@ricauts/<https:/github.com/Infisical>)
A
security
A
license
A
quality
A Model Context Protocol server that enables interaction with Infisical APIs for secret management, allowing users to create, update, delete, and list secrets through function calling.
Last updated -
9
33
16
JavaScript
Apache 2.0


[View all related MCP servers](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/ricauts/CyberMCP/related-servers>)
#### Appeared in Searches
  * [Identifying Vulnerabilities in Phishing Techniques and Analyzing Algorithms and Data](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/search/identifying-vulnerabilities-in-phishing-techniques-and-analyzing-algorithms-and-data>)
  * [How to query data from ServiceNow](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/search/how-to-query-data-from-servicenow>)


#### New MCP Servers
  * [Plane MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@makeplane/plane-mcp-server>)
  * [Ticketmaster Discovery MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ag2-mcp-servers/discovery-api>)
  * [Salesforce MCP Integration](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@jogcruz/mcp_salesforce>)
  * [MCP PDF Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@Dev-91/MCP_PDF_Server>)
  * [WinLog-mcp](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@XD3an/winlog-mcp>)
  * [MongoDB Atlas MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@mongodb-developer/mcp-mongodb-atlas>)
  * [Scenario Word](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@HyunJuHwan/mcp-server>)
  * [LSD MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@lsd-so/internetdata-mcp>)
  * [Groups Migration MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ag2-mcp-servers/groups-migration-api>)
  * [Cloud DLP API MCP Server](https://glama.ai/mcp/servers/@ricauts/</mcp/servers/@ag2-mcp-servers/cloud-data-loss-prevention-dlp-api>)


ID: lp1nvcf0w9
Was this helpful?
YesNo
#### MCP
  * [MCP servers](https://glama.ai/mcp/servers/@ricauts/</mcp/servers>)
  * [MCP clients](https://glama.ai/mcp/servers/@ricauts/</mcp/clients>)
  * [MCP tools](https://glama.ai/mcp/servers/@ricauts/</mcp/tools>)
  * [MCP API](https://glama.ai/mcp/servers/@ricauts/</mcp/api>)


#### Gateway
  * [Documentation](https://glama.ai/mcp/servers/@ricauts/</gateway/docs>)
  * [API Reference](https://glama.ai/mcp/servers/@ricauts/</gateway/reference>)
  * [LLM router](https://glama.ai/mcp/servers/@ricauts/</gateway>)
  * [LLM models](https://glama.ai/mcp/servers/@ricauts/</models>)


#### Policies
  * [Terms of Service](https://glama.ai/mcp/servers/@ricauts/</policies/terms-of-service>)
  * [Privacy Policy](https://glama.ai/mcp/servers/@ricauts/</policies/privacy-policy>)
  * [Security Policy](https://glama.ai/mcp/servers/@ricauts/</policies/security-policy>)


#### Resources
  * [Support](https://glama.ai/mcp/servers/@ricauts/</support>)
  * [Pricing](https://glama.ai/mcp/servers/@ricauts/</pricing>)
  * [Careers](https://glama.ai/mcp/servers/@ricauts/</careers>)
  * [Blog](https://glama.ai/mcp/servers/@ricauts/</blog>)


[Glama](https://glama.ai/mcp/servers/@ricauts/</>) – all-in-one AI workspace.
[All systems online](https://glama.ai/mcp/servers/@ricauts/</status>)[Discord](https://glama.ai/mcp/servers/@ricauts/</discord>)[](https://glama.ai/mcp/servers/@ricauts/<https:/reddit.com/r/glama>)[X](https://glama.ai/mcp/servers/@ricauts/<https:/x.com/glama_ai>)


CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.

CyberMCPServer

💡 Description

📝 JSON Entries

🛠️ Tools

⚡ Features

💬 Example Queries