🔒 CyberMCP

AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)

CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.

🚀 Quick Start

# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build

# Test the server
npm run test-server

# Start interactive testing
npm run test-interactive

✨ Features

🔐 Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
💉 Injection Testing - SQL injection, XSS vulnerability detection
📊 Data Protection - Sensitive data exposure, path traversal checks
⏱️ Rate Limiting - DoS vulnerability assessment
🛡️ Security Headers - OWASP security header validation
📚 Comprehensive Resources - Security checklists and testing guides

🛠️ Security Tools (14 Total)

Category	Tools
Authentication	`basic_auth`, `token_auth`, `oauth2_auth`, `api_login`, `auth_status`, `clear_auth`, `jwt_vulnerability_check`, `auth_bypass_check`
Injection Testing	`sql_injection_check`, `xss_check`
Data Protection	`sensitive_data_check`, `path_traversal_check`
Infrastructure	`rate_limit_check`, `security_headers_check`

🎯 IDE Integration

CyberMCP works with all major AI-powered IDEs:

Claude Desktop - Direct MCP integration
Cursor IDE - Built-in MCP support
Windsurf (Codeium) - Native MCP protocol
VS Code + Cline - Extension-based integration

📖 Complete Setup Guide - Detailed configuration for each IDE

📋 Usage Example

"Use basic_auth with username 'admin' and password 'secret123' 
then use auth_bypass_check on https://api.example.com/users 
to test for authentication bypass vulnerabilities"

The AI agent will:

Configure authentication credentials
Test the protected endpoint for bypass vulnerabilities
Provide detailed security analysis and recommendations

📊 Testing & Validation

# Comprehensive tool testing
npm run test-tools

# Manual interactive testing  
npm run test-interactive

# Quick setup verification
npm run quick-start

# MCP Inspector (GUI)
npm run inspector

📁 Project Structure

CyberMCP/
├── src/                    # TypeScript source code
│   ├── tools/             # 14 security testing tools
│   ├── resources/         # Security checklists & guides
│   └── utils/             # Authentication & utilities
├── docs/                  # Documentation
├── scripts/               # Testing & utility scripts  
├── examples/              # Configuration examples
├── dist/                  # Built JavaScript (generated)
└── README.md              # This file

🔧 Development

# Development mode with hot reload
npm run dev

# Build TypeScript
npm run build

# Start server (stdio mode)
npm start

# Start HTTP server
TRANSPORT=http PORT=3000 npm start

📖 Documentation

Setup Guide - Detailed installation and configuration
Project Summary - Complete feature overview
Testing Results - Validation and test coverage

🤝 Contributing

Fork the repository
Create a feature branch: git checkout -b feature/new-security-tool
Make your changes and add tests
Submit a pull request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔗 Resources

Model Context Protocol - Official MCP documentation
OWASP API Security - API security best practices
MCP TypeScript SDK - Development framework

🔒 Secure your APIs with AI-powered testing!

For support and questions, please create an issue.

CyberMCP

README Documentation