CyberMCP (API Security Testing) MCP server

Provides API security testing tools for authentication testing, SQL injection detection, data leakage analysis, and vulnerability scanning with detailed severity ratings and remediation recommendations.
Back to servers
Setup instructions
Provider
ricauts
Release date
Apr 01, 2025
Language
TypeScript
Stats
10 stars

CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.

Quick Start

# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build

# Test the server
npm run test-server

# Start interactive testing
npm run test-interactive

Features

  • Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
  • Injection Testing - SQL injection, XSS vulnerability detection
  • Data Protection - Sensitive data exposure, path traversal checks
  • Rate Limiting - DoS vulnerability assessment
  • Security Headers - OWASP security header validation
  • Comprehensive Resources - Security checklists and testing guides

Available Security Tools

CyberMCP provides 14 specialized security testing tools across several categories:

Authentication Tools

  • basic_auth - Basic authentication setup
  • token_auth - Token-based authentication
  • oauth2_auth - OAuth2 authentication flows
  • api_login - API login testing
  • auth_status - Authentication status checking
  • clear_auth - Clear authentication credentials
  • jwt_vulnerability_check - JWT vulnerability scanning
  • auth_bypass_check - Authentication bypass detection

Injection Testing Tools

  • sql_injection_check - SQL injection vulnerability scanning
  • xss_check - Cross-site scripting detection

Data Protection Tools

  • sensitive_data_check - Sensitive data exposure testing
  • path_traversal_check - Path traversal vulnerability scanning

Infrastructure Tools

  • rate_limit_check - Rate limiting and DoS vulnerability assessment
  • security_headers_check - OWASP security header validation

IDE Integration

CyberMCP works with all major AI-powered IDEs:

  • Claude Desktop - Direct MCP integration
  • Cursor IDE - Built-in MCP support
  • Windsurf (Codeium) - Native MCP protocol
  • VS Code + Cline - Extension-based integration

Usage Example

To use CyberMCP for testing API security, you can instruct the AI agent with commands like:

"Use basic_auth with username 'admin' and password 'secret123' 
then use auth_bypass_check on https://api.example.com/users 
to test for authentication bypass vulnerabilities"

The AI agent will:

  1. Configure authentication credentials
  2. Test the protected endpoint for bypass vulnerabilities
  3. Provide detailed security analysis and recommendations

Testing & Validation

CyberMCP offers several testing modes:

# Comprehensive tool testing
npm run test-tools

# Manual interactive testing  
npm run test-interactive

# Quick setup verification
npm run quick-start

# MCP Inspector (GUI)
npm run inspector

Running the Server

For regular operation:

# Start server (stdio mode)
npm start

# Start HTTP server on port 3000
TRANSPORT=http PORT=3000 npm start

For development:

# Development mode with hot reload
npm run dev

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "cybermcp" '{"command":"npm","args":["start"],"cwd":"${workspaceFolder}"}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cybermcp": {
            "command": "npm",
            "args": [
                "start"
            ],
            "cwd": "${workspaceFolder}"
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "cybermcp": {
            "command": "npm",
            "args": [
                "start"
            ],
            "cwd": "${workspaceFolder}"
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later