MCP-Server-Pentest

<h1 align="center">MCP Server Pentest</h1> ## Features - Full browser xss, sql vulnerability automatic detection - Screenshots of the entire page or specific elements - Comprehensive network interaction (navigation, clicks, form filling) - Console log monitoring - JavaScript execution in the browser context ## Installation ### Installing ``` npx playwright install firefox yarn install npm run build ``` ## Configuration The installation process will automatically add the following configuration to your Claude config file: ```json { "mcpServers": { "playwright": { "command": "npx", "args": [ "-y", "/Users/...../dist/index.js" ], "disabled": false, "autoApprove": [] } } } ``` ## Components ### Tools #### `broser_url_reflected_xss` Test whether the URL has an XSS vulnerability ```javascript { "url": "https://test.com", "paramName":"text" } ```  #### `browser_url_sql_injection` Test whether the URL has SQL injection vulnerabilities ```javascript { "url": "https://test.com", "paramName":"text" } ```  #### `browser_navigate` Navigate to any URL in the browser ```javascript { "url": "https://stealthbrowser.cloud" } ``` #### `browser_screenshot` Capture screenshots of the entire page or specific elements ```javascript { "name": "screenshot-name", // required "selector": "#element-id", // optional "fullPage": true // optional, default: false } ``` #### `browser_click` Click elements on the page using CSS selector ```javascript { "selector": "#button-id" } ``` #### `browser_click_text` Click elements on the page by their text content ```javascript { "text": "Click me" } ``` #### `browser_hover` Hover over elements on the page using CSS selector ```javascript { "selector": "#menu-item" } ``` #### `browser_hover_text` Hover over elements on the page by their text content ```javascript { "text": "Hover me" } ``` #### `browser_fill` Fill out input fields ```javascript { "selector": "#input-field", "value": "Hello World" } ``` #### `browser_select` Select an option in a SELECT element using CSS selector ```javascript { "selector": "#dropdown", "value": "option-value" } ``` #### `browser_select_text` Select an option in a SELECT element by its text content ```javascript { "text": "Choose me", "value": "option-value" } ``` #### `browser_evaluate` Execute JavaScript in the browser console ```javascript { "script": "document.title" } ```