Get the FREE Ultimate OpenClaw Setup Guide →

mcp_server_pt

MCP server from yallasec/mcp_server_pt

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio yallasec-mcp_server_pt python web_app_mcp.py \
  --env PASSWORD="Password for authenticated scanning (optional)" \
  --env USERNAME="Username for authenticated scanning (optional)" \
  --env TARGET_URL="URL to analyze (required)"

How to use

This MCP server implements a Web Application Penetration Testing assistant focused on business logic security. It crawls and maps a web application, identifies input fields and their types, and analyzes workflows to surface potential business logic vulnerabilities such as IDORs and multi-step flow weaknesses. It supports authentication mechanisms and can generate a visual sitemap in DOT format for Graphviz viewing. To use it, start the server script with a target URL and optional authentication details, then inspect the generated mcp_results.json for the application structure, identified fields, and potential edge cases. Use the --visual option to produce a sitemap.dot that can be converted to an image for easier review.

How to install

Prerequisites:

  • Python 3.8+ and pip
  • Access to install dependencies listed in requirements.txt

Installation steps:

  1. Clone the repository: git clone https://github.com/yourusername/web-app-penetration-testing-mcp.git
  2. Change into the project directory: cd web-app-penetration-testing-mcp
  3. Install dependencies: pip install -r requirements.txt
  4. Run the MCP server (example using the provided script): python web_app_mcp.py https://example.com
  5. Optional: run with authentication: python web_app_mcp.py https://example.com --username user@example.com --password yourpassword

Note: The README example uses a Python script named web_app_mcp.py; ensure you have the correct entry point for your environment.

Additional notes

Tips and common issues:

  • Ensure Python version and dependencies in requirements.txt are compatible with your environment.
  • If you encounter network or rate limiting issues, adjust the --delay and --max-pages settings to throttle requests.
  • The visual sitemap is generated when using the --visual flag and can be converted with Graphviz (dot -Tpng sitemap.dot -o sitemap.png).
  • For authenticated scans, you can provide --username and --password or use --headers or --cookies to supply authentication tokens.
  • The mcp_results.json output contains sections like application_map, potential_edge_cases, and authentication details. Review the potential_edge_cases section for high-value targets.
  • If the script expects specific command-line options, refer to the README for available arguments and adjust your usage accordingly.

Related MCP Servers

mcp-vegalite

96

MCP server from isaacwasserman/mcp-vegalite-server

github-chat

84

A Model Context Protocol (MCP) for analyzing and querying GitHub repositories using the GitHub Chat API.

nautex

67

MCP server for guiding Coding Agents via end-to-end requirements to implementation plan pipeline

pagerduty

52

PagerDuty's official local MCP (Model Context Protocol) server which provides tools to interact with your PagerDuty account directly from your MCP-enabled client.

futu-stock

45

mcp server for futuniuniu stock

mcp -boilerplate

18

Boilerplate using one of the 'better' ways to build MCP Servers. Written using FastMCP

Sponsor this space

Reach thousands of developers