CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.
# Clone and setup
git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP
npm install
npm run build
# Test the server
npm run test-server
# Start interactive testing
npm run test-interactive
CyberMCP provides 14 specialized security testing tools across several categories:
basic_auth
- Basic authentication setuptoken_auth
- Token-based authenticationoauth2_auth
- OAuth2 authentication flowsapi_login
- API login testingauth_status
- Authentication status checkingclear_auth
- Clear authentication credentialsjwt_vulnerability_check
- JWT vulnerability scanningauth_bypass_check
- Authentication bypass detectionsql_injection_check
- SQL injection vulnerability scanningxss_check
- Cross-site scripting detectionsensitive_data_check
- Sensitive data exposure testingpath_traversal_check
- Path traversal vulnerability scanningrate_limit_check
- Rate limiting and DoS vulnerability assessmentsecurity_headers_check
- OWASP security header validationCyberMCP works with all major AI-powered IDEs:
To use CyberMCP for testing API security, you can instruct the AI agent with commands like:
"Use basic_auth with username 'admin' and password 'secret123'
then use auth_bypass_check on https://api.example.com/users
to test for authentication bypass vulnerabilities"
The AI agent will:
CyberMCP offers several testing modes:
# Comprehensive tool testing
npm run test-tools
# Manual interactive testing
npm run test-interactive
# Quick setup verification
npm run quick-start
# MCP Inspector (GUI)
npm run inspector
For regular operation:
# Start server (stdio mode)
npm start
# Start HTTP server on port 3000
TRANSPORT=http PORT=3000 npm start
For development:
# Development mode with hot reload
npm run dev
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "cybermcp" '{"command":"npm","args":["start"],"cwd":"${workspaceFolder}"}'
See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"cybermcp": {
"command": "npm",
"args": [
"start"
],
"cwd": "${workspaceFolder}"
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json
%APPDATA%\Claude\claude_desktop_config.json
~/.config/Claude/claude_desktop_config.json
2. Add this to your configuration file:
{
"mcpServers": {
"cybermcp": {
"command": "npm",
"args": [
"start"
],
"cwd": "${workspaceFolder}"
}
}
}
3. Restart Claude Desktop for the changes to take effect