Back to Browse
Free
Server data from the Official MCP Registry
Security testing MCP server for penetration testing, forensics, and vulnerability assessment
About
Security testing MCP server for penetration testing, forensics, and vulnerability assessment
Security Report
6.6
Moderate6.6Moderate RiskValid MCP server (2 strong, 1 medium validity signals). 3 code issues detected. 3 known CVEs in dependencies (0 critical, 3 high severity) Imported from the Official MCP Registry. 3 finding(s) downgraded by scanner intelligence.
3 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-operantlabs-operant-mcp": {
"args": [
"-y",
"operant-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
operant-mcp
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
Quick Start
npx operant-mcp
Or install globally:
npm install -g operant-mcp
operant-mcp
Usage with Claude Code
Add to your MCP config:
{
"mcpServers": {
"operant": {
"command": "npx",
"args": ["-y", "operant-mcp"]
}
}
}
Tools (51)
SQL Injection (6)
sqli_where_bypass— Test OR-based WHERE clause bypasssqli_login_bypass— Test login form SQL injectionsqli_union_extract— UNION-based data extractionsqli_blind_boolean— Boolean-based blind SQLisqli_blind_time— Time-based blind SQLisqli_file_read— Read files via LOAD_FILE()
XSS (2)
xss_reflected_test— Test reflected XSS with 10 payloadsxss_payload_generate— Generate context-aware XSS payloads
Command Injection (2)
cmdi_test— Test OS command injectioncmdi_blind_detect— Blind command injection via sleep timing
Path Traversal (1)
path_traversal_test— Test directory traversal with encoding variants
SSRF (2)
ssrf_test— Test SSRF with localhost bypass variantsssrf_cloud_metadata— Test cloud metadata access via SSRF
PCAP/Network Forensics (8)
pcap_overview— Protocol hierarchy and endpoint statspcap_extract_credentials— Extract FTP/HTTP/SMTP credentialspcap_dns_analysis— DNS query analysispcap_http_objects— Export HTTP objectspcap_detect_scan— Detect port scanningpcap_follow_stream— Follow TCP/UDP streamspcap_tls_analysis— TLS/SNI analysispcap_llmnr_ntlm— Detect LLMNR/NTLM attacks
Reconnaissance (7)
recon_quick— Quick recon (robots.txt, headers, common dirs)recon_dns— Full DNS enumerationrecon_vhost— Virtual host discoveryrecon_tls_sans— Extract SANs from TLS certificatesrecon_directory_bruteforce— Directory brute-forcerecon_git_secrets— Search git repos for secretsrecon_s3_bucket— Test S3 bucket permissions
Memory Forensics (3)
volatility_linux— Linux memory analysis (Volatility 2)volatility_windows— Windows memory analysis (Volatility 3)memory_detect_rootkit— Linux rootkit detection
Malware Analysis (2)
maldoc_analyze— Full OLE document analysis pipelinemaldoc_extract_macros— Extract VBA macros
Cloud Security (2)
cloudtrail_analyze— CloudTrail log analysiscloudtrail_find_anomalies— Detect anomalous CloudTrail events
Authentication (3)
auth_csrf_extract— Extract CSRF tokensauth_bruteforce— Username enumeration + credential brute-forceauth_cookie_tamper— Cookie tampering test
Access Control (2)
idor_test— Test for IDOR vulnerabilitiesrole_escalation_test— Test privilege escalation
Business Logic (2)
price_manipulation_test— Test price/quantity manipulationcoupon_abuse_test— Test coupon stacking/reuse
Clickjacking (2)
clickjacking_test— Test X-Frame-Options/CSPframe_buster_bypass— Test frame-busting bypass
CORS (1)
cors_test— Test CORS misconfigurations
File Upload (1)
file_upload_test— Test file upload bypasses
NoSQL Injection (2)
nosqli_auth_bypass— MongoDB auth bypassnosqli_detect— NoSQL injection detection
Deserialization (1)
deserialization_test— Test insecure deserialization
GraphQL (2)
graphql_introspect— Full schema introspectiongraphql_find_hidden— Discover hidden fields
Prompts (8)
Methodology guides for structured security assessments:
web_app_pentest— Full web app pentest methodologypcap_forensics— PCAP analysis workflowmemory_forensics— Memory dump analysis (Linux/Windows)recon_methodology— Reconnaissance checklistmalware_analysis— Malware document analysiscloud_security_audit— CloudTrail analysis workflowsqli_methodology— SQL injection testing guidexss_methodology— XSS testing guide
System Requirements
Tools require various CLI utilities depending on the module:
- Most tools:
curl - PCAP analysis:
tshark(Wireshark CLI) - DNS recon:
dig,host - Memory forensics:
volatility/vol.py/vol3 - Malware analysis:
olevba,oledump.py - Cloud analysis:
jq - Secrets scanning:
git
License
MIT
Reviews
No reviews yet
Be the first to review this server!
More Security MCP Servers
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
404
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
55
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
89.9K
Stars
15
Installs
6.0
Security
5.0
Local
mcp-creator-typescript
Freeby mcp-marketplace · Developer Tools
Scaffold, build, and publish TypeScript MCP servers to npm — conversationally
-
Stars
14
Installs
10.0
Security
5.0
Local
FinAgent
Freeby mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.
-
Stars
13
Installs
10.0
Security
No ratings yet
Local
Google Workspace MCP
Freeby Taylorwilsdon · Productivity
Control Gmail, Calendar, Docs, Sheets, Drive, and more from your AI
1.6K
Stars
11
Installs
7.0
Security
No ratings yet
Local