Labsco
operantlabs logo

operant-mcp

β˜… 12

from operantlabs

Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeQuick setup

operant-mcp

NPM Version npm downloads GitHub stars License: MIT TypeScript MCP Server smithery badge

Install in VS Code Install in Cursor

<a href="https://glama.ai/mcp/servers/operantlabs/operant-mcp"> <img width="380" height="200" src="https://glama.ai/mcp/servers/operantlabs/operant-mcp/badge" alt="operant-mcp MCP server" /> </a>

Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.

Tools (51)

SQL Injection (6)

  • sqli_where_bypass β€” Test OR-based WHERE clause bypass
  • sqli_login_bypass β€” Test login form SQL injection
  • sqli_union_extract β€” UNION-based data extraction
  • sqli_blind_boolean β€” Boolean-based blind SQLi
  • sqli_blind_time β€” Time-based blind SQLi
  • sqli_file_read β€” Read files via LOAD_FILE()

XSS (2)

  • xss_reflected_test β€” Test reflected XSS with 10 payloads
  • xss_payload_generate β€” Generate context-aware XSS payloads

Command Injection (2)

  • cmdi_test β€” Test OS command injection
  • cmdi_blind_detect β€” Blind command injection via sleep timing

Path Traversal (1)

  • path_traversal_test β€” Test directory traversal with encoding variants

SSRF (2)

  • ssrf_test β€” Test SSRF with localhost bypass variants
  • ssrf_cloud_metadata β€” Test cloud metadata access via SSRF

PCAP/Network Forensics (8)

  • pcap_overview β€” Protocol hierarchy and endpoint stats
  • pcap_extract_credentials β€” Extract FTP/HTTP/SMTP credentials
  • pcap_dns_analysis β€” DNS query analysis
  • pcap_http_objects β€” Export HTTP objects
  • pcap_detect_scan β€” Detect port scanning
  • pcap_follow_stream β€” Follow TCP/UDP streams
  • pcap_tls_analysis β€” TLS/SNI analysis
  • pcap_llmnr_ntlm β€” Detect LLMNR/NTLM attacks

Reconnaissance (7)

  • recon_quick β€” Quick recon (robots.txt, headers, common dirs)
  • recon_dns β€” Full DNS enumeration
  • recon_vhost β€” Virtual host discovery
  • recon_tls_sans β€” Extract SANs from TLS certificates
  • recon_directory_bruteforce β€” Directory brute-force
  • recon_git_secrets β€” Search git repos for secrets
  • recon_s3_bucket β€” Test S3 bucket permissions

Memory Forensics (3)

  • volatility_linux β€” Linux memory analysis (Volatility 2)
  • volatility_windows β€” Windows memory analysis (Volatility 3)
  • memory_detect_rootkit β€” Linux rootkit detection

Malware Analysis (2)

  • maldoc_analyze β€” Full OLE document analysis pipeline
  • maldoc_extract_macros β€” Extract VBA macros

Cloud Security (2)

  • cloudtrail_analyze β€” CloudTrail log analysis
  • cloudtrail_find_anomalies β€” Detect anomalous CloudTrail events

Authentication (3)

  • auth_csrf_extract β€” Extract CSRF tokens
  • auth_bruteforce β€” Username enumeration + credential brute-force
  • auth_cookie_tamper β€” Cookie tampering test

Access Control (2)

  • idor_test β€” Test for IDOR vulnerabilities
  • role_escalation_test β€” Test privilege escalation

Business Logic (2)

  • price_manipulation_test β€” Test price/quantity manipulation
  • coupon_abuse_test β€” Test coupon stacking/reuse

Clickjacking (2)

  • clickjacking_test β€” Test X-Frame-Options/CSP
  • frame_buster_bypass β€” Test frame-busting bypass

CORS (1)

  • cors_test β€” Test CORS misconfigurations

File Upload (1)

  • file_upload_test β€” Test file upload bypasses

NoSQL Injection (2)

  • nosqli_auth_bypass β€” MongoDB auth bypass
  • nosqli_detect β€” NoSQL injection detection

Deserialization (1)

  • deserialization_test β€” Test insecure deserialization

GraphQL (2)

  • graphql_introspect β€” Full schema introspection
  • graphql_find_hidden β€” Discover hidden fields

Prompts (8)

Methodology guides for structured security assessments:

  • web_app_pentest β€” Full web app pentest methodology
  • pcap_forensics β€” PCAP analysis workflow
  • memory_forensics β€” Memory dump analysis (Linux/Windows)
  • recon_methodology β€” Reconnaissance checklist
  • malware_analysis β€” Malware document analysis
  • cloud_security_audit β€” CloudTrail analysis workflow
  • sqli_methodology β€” SQL injection testing guide
  • xss_methodology β€” XSS testing guide

License

MIT