Labsco
protonese3 logo

Firebreak

β˜… 6

from protonese3

Security MCP server that turns your AI into a penetration tester.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup
<p align="center"> <img src="assets/logo.png" alt="Firebreak" width="400"> <br><br> <strong>The security MCP server that turns your AI into a penetration tester.</strong> <br> <p align="center"> <a href="#quick-start">Quick Start</a> &middot; <a href="#how-it-works">How It Works</a> &middot; <a href="#tool-reference">Tool Reference</a> &middot; <a href="#contributing">Contributing</a> &middot; <a href="#license">License</a> </p> <p align="center"> <a href="https://github.com/protonese3/Firebreak/actions"><img src="https://github.com/protonese3/Firebreak/actions/workflows/ci.yml/badge.svg" alt="CI"></a> <a href="https://github.com/protonese3/Firebreak/blob/master/LICENSE"><img src="https://img.shields.io/badge/license-AGPL--3.0-blue.svg" alt="License"></a> <img src="https://img.shields.io/badge/rust-1.77+-orange.svg" alt="Rust"> <img src="https://img.shields.io/badge/MCP-2025--03--26-green.svg" alt="MCP Protocol"> <img src="https://img.shields.io/badge/tools-20-blueviolet.svg" alt="20 Tools"> <img src="https://img.shields.io/badge/checks-32-red.svg" alt="32 Checks"> <img src="https://img.shields.io/badge/VCVD-47_patterns-yellow.svg" alt="47 VCVD Patterns"> </p> </p>

Connect Firebreak to Claude, Cursor, or any MCP-compatible client. Then just ask:

You:    "Is my app secure?"
Claude: [calls firebreak tools] Found 6 vulnerabilities. 1 high (CORS misconfiguration),
        5 medium (missing security headers). Security score: B. Want me to fix them?

No CLI to learn. No reports to read. The AI runs the scans, interprets the results, and walks you through the fixes.


Why Firebreak

AI-generated code ships with predictable vulnerabilities: inconsistent auth middleware, permissive RLS policies, IDOR on every endpoint, secrets in the JS bundle. Developers who use AI to build don't always know how to test what it builds.

Firebreak flips the problem. Instead of expecting developers to learn security tooling, it gives the AI the security tooling. The same AI that wrote the code can now test it, find the holes, and fix them.

What makes it different:

  • MCP-native β€” not a CLI wrapper. Built from the ground up for AI tool calling.
  • VCVD β€” 47 vulnerability patterns specific to AI-generated code that traditional scanners miss.
  • Proof over theory β€” every finding includes the actual HTTP request/response that proves the vulnerability.
  • Safe by design β€” rate limited, scope-locked, non-destructive. Can't accidentally DROP your database.

How It Works

<p align="center"> <img src="assets/howitworks.png" alt="How Firebreak Works" width="700"> </p>

The AI is the orchestrator. Firebreak doesn't decide what to test β€” it provides the tools. The AI picks the strategy based on what the user asks and what it finds along the way.

Typical flow

1. User: "Test my app at https://myapp.com"

2. AI calls firebreak_scan_quick({ target_url: "https://myapp.com" })
   └── Firebreak probes headers, paths, CORS, TLS
   └── Returns: 4 findings, score B

3. AI explains results in plain language
   └── "Found a CORS misconfiguration and 3 missing headers..."

4. User: "Fix the CORS issue"

5. AI calls firebreak_finding_fix({ finding_id: "...", framework: "express" })
   └── Returns: before/after code diff for Express

6. User applies fix

7. AI calls firebreak_replay({ finding_id: "..." })
   └── Returns: "Fixed. Server no longer reflects arbitrary origins."

Tool Reference

Knowledge Tools

These don't hit any external service. They query Firebreak's built-in security knowledge base.

ToolDescriptionExample
firebreak_best_practiceSecurity best practices for a topic{ topic: "jwt-auth" }
firebreak_check_patternScan code for insecure patterns{ code: "...", language: "javascript" }
firebreak_explain_vulnExplain a vulnerability type{ vuln_id: "IDOR" }
firebreak_security_checklistGenerate a security checklist{ stack: ["nextjs", "supabase"] }
firebreak_owasp_checkMap a finding to OWASP Top 10{ description: "SQL injection in login" }
firebreak_analyze_rlsAnalyze SQL for RLS policy issues{ sql: "CREATE POLICY..." }

Scan Tools

These make HTTP requests to the target. Rate limited and scope-locked.

ToolDescriptionExample
firebreak_scan_quickFast scan, critical+high only (2-3 min){ target_url: "https://myapp.com" }
firebreak_scan_fullFull pen test (black/gray/white box){ target_url: "...", mode: "gray", credentials: [...] }
firebreak_scan_targetFocused scan on one area{ target_url: "...", focus: "auth" }
firebreak_scan_statusCheck progress of a running scan{ scan_id: "..." }
firebreak_scan_stopStop a scan, keep partial results{ scan_id: "..." }

Analysis Tools

These work with stored scan results. No external requests.

ToolDescription
firebreak_resultsScan summary with security score (A-F)
firebreak_finding_detailFull evidence for a specific finding
firebreak_finding_fixGenerate fix code for a finding
firebreak_replayRe-test a finding to verify it's fixed
firebreak_compareDiff two scans (fixed / new / unchanged)
firebreak_scan_historyList previous scans for a target
firebreak_attack_chainMulti-step attack chains
firebreak_report_generateExport report (JSON, Markdown, HTML)
firebreak_report_executiveNon-technical executive summary

Scan Checks β€” 32 Security Checks

Every scan runs a subset of these checks depending on the scan type (quick, full, targeted). Each check produces findings with full HTTP evidence.

Headers & TLS

CheckWhat it tests
Security headersHSTS, X-Content-Type-Options, X-Frame-Options, CSP presence
CSP quality analysisunsafe-inline, unsafe-eval, wildcard sources
Permissions-PolicyFeature policy header presence and configuration
Server version disclosureServer, X-Powered-By, X-AspNet-Version headers
Information header leaksX-Debug-Token, X-Backend-Server, Via, X-Request-ID
HTTPS enforcementHTTP-to-HTTPS redirect chain analysis
HSTS qualitymax-age value, includeSubDomains, preload directives
Advanced headersCross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, Cross-Origin-Embedder-Policy

Authentication & Session

CheckWhat it tests
Cookie securityHttpOnly, Secure, SameSite flags on session cookies
Missing auth on API endpointsUnauthenticated access to protected routes
Rate limiting detectionLogin and API endpoint throttling
HTTP method enumerationTRACE, PUT, DELETE enabled on endpoints that shouldn't allow them
Host header injectionManipulated Host header reflected in responses or redirects

Data & API

CheckWhat it tests
Unauthenticated API discoveryCommon API paths accessible without credentials
Sequential ID detectionIDOR risk from predictable resource identifiers
CORS misconfigurationOrigin reflection, null origin acceptance, wildcard with credentials
Open redirect testingUnvalidated redirect parameters in URLs

Content & Frontend

CheckWhat it tests
Technology fingerprintingCMS detection, framework identification, server software
Vulnerable JS librariesjQuery, Angular, Bootstrap, Lodash with known CVEs
Source map exposure.map files accessible in production
Secrets in JS bundlesAPI keys, tokens, credentials in client-side JavaScript
Mixed content detectionHTTP resources loaded on HTTPS pages
Form CSRF analysisForms missing CSRF tokens or using GET for state changes

Recon & Discovery

CheckWhat it tests
Web crawlerHTML links, JS endpoints, sitemap, robots.txt (recursive depth 3)
Sensitive path probingAdmin panels, config files, backups (with content validation to eliminate false positives)
robots.txt / sitemap.xmlDisallowed paths and sitemap endpoint analysis
security.txtRFC 9116 compliance and contact information
Error page disclosureStack traces, debug info, internal paths in error responses
Subdomain reference discoverySubdomains referenced in HTML, JS, and headers
Cache header securityCache-Control, Pragma, Expires on sensitive responses

VCVD β€” Vibe Coding Vulnerability Database

47 vulnerability patterns that AI-generated code gets wrong. Traditional scanners don't look for these because they're specific to how LLMs write code.

Auth & Identity

IDPatternSeverity
VC-AUTH-001Inconsistent auth middleware β€” AI applies auth to some routes but not othersCRITICAL
VC-AUTH-002Client-only validation β€” role checks exist in React but not in the APICRITICAL
VC-AUTH-003JWT decoded without verification β€” jwt.decode() instead of jwt.verify()CRITICAL
VC-AUTH-004Service key in client code β€” Supabase service_role key in the JS bundleCRITICAL
VC-AUTH-005Token expiry >30 days β€” "for convenience"HIGH
VC-AUTH-006OAuth without state parameterHIGH
VC-AUTH-007Password in URL query stringHIGH
VC-AUTH-008Session not regenerated after loginMEDIUM

Data Access

IDPatternSeverity
VC-DATA-001IDOR β€” sequential IDs without ownership checkCRITICAL
VC-DATA-002USING (true) in RLS β€” AI's "temporary" policy that ships to prodCRITICAL
VC-DATA-003Table created without enabling RLSCRITICAL
VC-DATA-004SELECT * exposing password hashes and PIIHIGH
VC-DATA-005...req.body spread into DB insert without field whitelistHIGH
VC-DATA-006GraphQL introspection enabled in productionMEDIUM
VC-DATA-007Unbounded N+1 queries as DoS vectorMEDIUM
VC-DATA-008Multi-tenant queries missing tenant_id filterCRITICAL

Injection

IDPatternSeverity
VC-INJ-001Template literals in SQL queriesCRITICAL
VC-INJ-002innerHTML with user inputHIGH
VC-INJ-003User content stored and rendered without sanitizationCRITICAL
VC-INJ-004User input in exec() / spawn()CRITICAL
VC-INJ-005File paths built from user inputHIGH
VC-INJ-006Server-side fetch with user-provided URL (SSRF)HIGH
VC-INJ-007User input passed as template sourceHIGH
VC-INJ-008MongoDB operators in JSON inputHIGH

Infrastructure

IDPatternSeverity
VC-INFRA-001Debug mode / stack traces in productionHIGH
VC-INFRA-002Access-Control-Allow-Origin: * with credentialsHIGH
VC-INFRA-003Missing HSTS, X-Frame-Options, CSPMEDIUM
VC-INFRA-004Unnecessary Docker ports exposedMEDIUM
VC-INFRA-005User uploads stored without encryptionMEDIUM
VC-INFRA-006TLS 1.0/1.1 still enabledMEDIUM
VC-INFRA-007Admin panel accessible from public internetHIGH
VC-INFRA-008Default credentials unchangedCRITICAL

Frontend

IDPatternSeverity
VC-FE-001API keys in JavaScript bundleCRITICAL
VC-FE-002Auth guard only in React Router, not in APIHIGH
VC-FE-003JWT stored in localStorageMEDIUM
VC-FE-004Forms without CSRF protectionHIGH
VC-FE-005Redirect URL from query param without validationMEDIUM
VC-FE-006postMessage handler without origin checkMEDIUM
VC-FE-007Source maps accessible in productionLOW
VC-FE-008Sensitive fields without autocomplete="off"LOW

Security Scoring

Every scan produces a letter grade based on what was found:

GradeCriteriaInterpretation
AZero critical or high. Max 2 medium.Ship it.
BZero critical. Some high or medium.Fix the highs soon.
CMultiple high severity issues.Needs work before production.
D1-2 critical or >5 high.Significant risk. Prioritize fixes.
F3+ critical or a full compromise chain.Do not deploy.

Safety Guardrails

Firebreak is designed for authorized testing only.

GuardrailHow it works
Rate limiting10 requests/second to the target (configurable). Sliding window.
Scope lockOnly attacks the specified target URL. No lateral movement, no subdomain enumeration.
Non-destructiveNo DELETE, DROP, UPDATE, or POST requests that modify data. Probing only.
ConsentThe AI asks for confirmation before the first scan.
Audit trailEvery HTTP request is logged with timestamp, target, and reason.

Project Structure

firebreak/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ main.rs                 # Axum HTTP server, AppState, routing
β”‚   β”œβ”€β”€ types.rs                # Shared types: Scan, Finding, Evidence, ScanSummary
β”‚   β”‚
β”‚   β”œβ”€β”€ mcp/                    # MCP protocol implementation
β”‚   β”‚   β”œβ”€β”€ protocol.rs         #   JSON-RPC 2.0 types
β”‚   β”‚   └── handler.rs          #   Request dispatch (initialize, tools/list, tools/call)
β”‚   β”‚
β”‚   β”œβ”€β”€ tools/                  # MCP tool implementations
β”‚   β”‚   β”œβ”€β”€ knowledge/          #   Knowledge tools (best practices, pattern check, OWASP)
β”‚   β”‚   β”œβ”€β”€ scan.rs             #   Scan tools (quick, full, targeted, status, stop)
β”‚   β”‚   └── analysis.rs         #   Analysis tools (results, fix, replay, compare, reports)
β”‚   β”‚
β”‚   β”œβ”€β”€ engine/                 # HTTP scanning engine
β”‚   β”‚   β”œβ”€β”€ mod.rs              #   Scan orchestration (quick/full/targeted/replay)
β”‚   β”‚   └── checks.rs           #   32 security checks (headers, TLS, auth, CORS, cookies, IDOR...)
β”‚   β”‚
β”‚   β”œβ”€β”€ vcvd/                   # Vibe Coding Vulnerability Database
β”‚   β”‚   └── data.rs             #   47 patterns with descriptions, detection, fixes
β”‚   β”‚
β”‚   β”œβ”€β”€ store/                  # SQLite persistence
β”‚   β”‚   └── mod.rs              #   CRUD for scans, findings, audit log
β”‚   β”‚
β”‚   β”œβ”€β”€ safety/                 # Safety guardrails
β”‚   β”‚   └── mod.rs              #   Rate limiter, scope lock, consent, audit trail
β”‚   β”‚
β”‚   β”œβ”€β”€ rls/                    # RLS policy analyzer
β”‚   β”‚   └── mod.rs              #   SQL parsing with sqlparser-rs
β”‚   β”‚
β”‚   └── report/                 # Report generation
β”‚       └── mod.rs              #   JSON, Markdown, HTML, executive summary
β”‚
β”œβ”€β”€ knowledge/
β”‚   └── best-practices/         # 100 security guides (JWT, RLS, CORS, uploads, CSP...)
β”‚
β”œβ”€β”€ frontend/                   # React dashboard (Vite + TypeScript + Tailwind)
β”‚
β”œβ”€β”€ Dockerfile                  # Multi-stage build, non-root user
β”œβ”€β”€ docker-compose.yml          # Firebreak + headless Chromium
└── .github/workflows/ci.yml   # Build, test, lint, artifacts

Tech Stack

ComponentTechnologyWhy
LanguageRustSingle binary, no runtime, memory safe, fast
HTTP serverAxumAsync, tower middleware ecosystem
HTTP clientreqwestMature, TLS support, redirect control
DatabaseSQLite (rusqlite)Zero setup, embedded, good enough for local scans
SQL parsersqlparser-rsRLS policy analysis without a running database
Async runtimetokioIndustry standard
Serializationserde + serde_jsonFast, derive macros
DashboardReact + TypeScript + Vite + TailwindModern, fast dev server, utility CSS

The release binary is ~8 MB with no runtime dependencies.


Contributing

Contributions are welcome. Here's how to get involved:

Getting started

git clone https://github.com/protonese3/Firebreak.git
cd Firebreak
cargo build
cargo test

The server runs on http://localhost:9090/mcp by default.

Areas where help is needed

New VCVD patterns β€” Found a vulnerability pattern that AI consistently generates? Add it to src/vcvd/data.rs. Each pattern needs an ID, description, severity, detection hint, and fix.

Scan engine checks β€” Add new vulnerability checks in src/engine/checks.rs. Each check function takes a reqwest client, target URL, and safety reference. Return a Vec<Finding>.

Best practice guides β€” Add markdown files to knowledge/best-practices/. Then register them in src/tools/knowledge/best_practices.rs.

Framework-specific fixes β€” The finding_fix tool generates fix code. Add framework support in src/tools/analysis.rs in the framework_fix_example function.

Dashboard β€” The React frontend lives in frontend/. Run npm run dev for the dev server.

Submitting changes

  1. Fork the repo
  2. Create a branch (git checkout -b add-new-check)
  3. Make your changes
  4. Run cargo check && cargo clippy -- -D warnings
  5. Open a pull request with a clear description of what you changed and why

Code style

  • No unnecessary comments. If the code says what it does, don't add a comment.
  • Guard clauses over nested if/else.
  • Match the style of existing code.
  • Every finding must have verifiable evidence β€” no "this might be vulnerable."

Reporting security issues

If you find a security vulnerability in Firebreak itself, please email security@firebreak.dev instead of opening a public issue. We'll respond within 48 hours.


Roadmap

Done

  • MCP server with JSON-RPC 2.0 over HTTP
  • 20 MCP tools (knowledge, scan, analysis, report)
  • VCVD v1 β€” 47 vulnerability patterns
  • HTTP scanning engine with 32 security checks
  • SQLite persistence
  • Safety guardrails
  • Report generation (JSON, Markdown, HTML)
  • RLS policy analyzer (sqlparser-rs)
  • Docker support
  • CI/CD pipeline
  • Web crawler for endpoint discovery
  • False positive elimination (content validation, baseline comparison)
  • Technology fingerprinting
  • Cookie/session security analysis
  • Form CSRF detection
  • Open redirect testing
  • CSP quality analysis
  • Rate limiting detection

Next

  • Web dashboard (React)
  • Gray-box scanning with authenticated sessions
  • Headless browser for frontend-rendered apps
  • Scheduled / recurring scans
  • Webhook notifications (Slack, Discord)
  • PDF report export
  • Cloud-hosted option (managed VPS)
  • Plugin system for custom checks
  • VCVD community contributions via PR

License

AGPL-3.0

If you build a commercial service on top of Firebreak, the AGPL requires you to open-source your modifications. For internal and self-hosted use, no restrictions beyond the standard AGPL terms.


<p align="center"> <code>20 Security Tools Β· 100 Best Practice Guides Β· 47 Vulnerability Patterns Β· 32 Scan Checks</code> </p> <p align="center"> <strong>FIREBREAK</strong> β€” Because if you don't test it, someone else will. </p>