playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

Web Security Scanner MCP server

Enables automated web security testing for XSS and SQL injection vulnerabilities through Playwright-powered browser automation with screenshot capture and comprehensive error handling.
Back to servers
Provider
9olidity
Release date
Mar 24, 2025
Language
TypeScript
Stats
13 stars
View on GitHub

This MCP server provides a suite of automated penetration testing tools for browser-based applications, including XSS and SQL injection vulnerability scanning, page navigation, interaction capabilities, and screenshot functionality.

Installation

To install the MCP Server Pentest, follow these steps:

npx playwright install firefox
yarn install 
npm run build

Configuration

The installation process automatically adds configuration to your Claude config file:

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "-y",
        "/Users/...../dist/index.js"
      ],
      "disabled": false,
      "autoApprove": []
    }
  }
}

Security Testing Tools

Testing for Vulnerabilities

XSS Vulnerability Testing

The broser_url_reflected_xss tool tests whether a URL has XSS vulnerabilities:

{
  "url": "https://test.com",
  "paramName": "text"
}

SQL Injection Testing

The browser_url_sql_injection tool checks for SQL injection vulnerabilities:

{
  "url": "https://test.com",
  "paramName": "text"
}

Browser Interaction Tools

Navigation and Screenshots

Navigate to URLs

{
  "url": "https://stealthbrowser.cloud"
}

Capture Screenshots

{
  "name": "screenshot-name",     // required
  "selector": "#element-id",     // optional
  "fullPage": true              // optional, default: false
}

Page Interaction

Click Elements by Selector

{
  "selector": "#button-id"
}

Click Elements by Text

{
  "text": "Click me"
}

Hover Over Elements by Selector

{
  "selector": "#menu-item"
}

Hover Over Elements by Text

{
  "text": "Hover me"
}

Form Manipulation

Fill Input Fields

{
  "selector": "#input-field",
  "value": "Hello World"
}

Select Dropdown Options by Selector

{
  "selector": "#dropdown",
  "value": "option-value"
}

Select Dropdown Options by Text

{
  "text": "Choose me",
  "value": "option-value"
}

JavaScript Execution

Run JavaScript in Browser Context

{
  "script": "document.title"
}

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later