Operant MCP Server

Security testing MCP server with 51 tools for penetration testing

other 4securitypenetration-testingforensicsvulnerability-assessment
README.md

operant-mcp

Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.

Quick Start

npx operant-mcp

Or install globally:

npm install -g operant-mcp
operant-mcp

Usage with Claude Code

Add to your MCP config:

{
  "mcpServers": {
    "operant": {
      "command": "npx",
      "args": ["-y", "operant-mcp"]
    }
  }
}

Tools (51)

SQL Injection (6)

  • sqli_where_bypass — Test OR-based WHERE clause bypass
  • sqli_login_bypass — Test login form SQL injection
  • sqli_union_extract — UNION-based data extraction
  • sqli_blind_boolean — Boolean-based blind SQLi
  • sqli_blind_time — Time-based blind SQLi
  • sqli_file_read — Read files via LOAD_FILE()

XSS (2)

  • xss_reflected_test — Test reflected XSS with 10 payloads
  • xss_payload_generate — Generate context-aware XSS payloads

Command Injection (2)

  • cmdi_test — Test OS command injection
  • cmdi_blind_detect — Blind command injection via sleep timing

Path Traversal (1)

  • path_traversal_test — Test directory traversal with encoding variants

SSRF (2)

  • ssrf_test — Test SSRF with localhost bypass variants
  • ssrf_cloud_metadata — Test cloud metadata access via SSRF

PCAP/Network Forensics (8)

  • pcap_overview — Protocol hierarchy and endpoint stats
  • pcap_extract_credentials — Extract FTP/HTTP/SMTP credentials
  • pcap_dns_analysis — DNS query analysis
  • pcap_http_objects — Export HTTP objects
  • pcap_detect_scan — Detect port scanning
  • pcap_follow_stream — Follow TCP/UDP streams
  • pcap_tls_analysis — TLS/SNI analysis
  • pcap_llmnr_ntlm — Detect LLMNR/NTLM attacks

Reconnaissance (7)

  • recon_quick — Quick recon (robots.txt, headers, common dirs)
  • recon_dns — Full DNS enumeration
  • recon_vhost — Virtual host discovery
  • recon_tls_sans — Extract SANs from TLS certificates
  • recon_directory_bruteforce — Directory brute-force
  • recon_git_secrets — Search git repos for secrets
  • recon_s3_bucket — Test S3 bucket permissions

Memory Forensics (3)

  • volatility_linux — Linux memory analysis (Volatility 2)
  • volatility_windows — Windows memory analysis (Volatility 3)
  • memory_detect_rootkit — Linux rootkit detection

Malware Analysis (2)

  • maldoc_analyze — Full OLE document analysis pipeline
  • maldoc_extract_macros — Extract VBA macros

Cloud Security (2)

  • cloudtrail_analyze — CloudTrail log analysis
  • cloudtrail_find_anomalies — Detect anomalous CloudTrail events

Authentication (3)

  • auth_csrf_extract — Extract CSRF tokens
  • auth_bruteforce — Username enumeration + credential brute-force
  • auth_cookie_tamper — Cookie tampering test

Access Control (2)

  • idor_test — Test for IDOR vulnerabilities
  • role_escalation_test — Test privilege escalation

Business Logic (2)

  • price_manipulation_test — Test price/quantity manipulation
  • coupon_abuse_test — Test coupon stacking/reuse

Clickjacking (2)

  • clickjacking_test — Test X-Frame-Options/CSP
  • frame_buster_bypass — Test frame-busting bypass

CORS (1)

  • cors_test — Test CORS misconfigurations

File Upload (1)

  • file_upload_test — Test file upload bypasses

NoSQL Injection (2)

  • nosqli_auth_bypass — MongoDB auth bypass
  • nosqli_detect — NoSQL injection detection

Deserialization (1)

  • deserialization_test — Test insecure deserialization

GraphQL (2)

  • graphql_introspect — Full schema introspection
  • graphql_find_hidden — Discover hidden fields

Prompts (8)

Methodology guides for structured security assessments:

  • web_app_pentest — Full web app pentest methodology
  • pcap_forensics — PCAP analysis workflow
  • memory_forensics — Memory dump analysis (Linux/Windows)
  • recon_methodology — Reconnaissance checklist
  • malware_analysis — Malware document analysis
  • cloud_security_audit — CloudTrail analysis workflow
  • sqli_methodology — SQL injection testing guide
  • xss_methodology — XSS testing guide

System Requirements

Tools require various CLI utilities depending on the module:

  • Most tools: curl
  • PCAP analysis: tshark (Wireshark CLI)
  • DNS recon: dig, host
  • Memory forensics: volatility / vol.py / vol3
  • Malware analysis: olevba, oledump.py
  • Cloud analysis: jq
  • Secrets scanning: git

License

MIT

Tools 5

sqli_where_bypassTest OR-based WHERE clause bypass
pcap_overviewProtocol hierarchy and endpoint stats
recon_quickQuick recon (robots.txt, headers, common dirs)
volatility_linuxLinux memory analysis (Volatility 2)
maldoc_analyzeFull OLE document analysis pipeline

Try it

Perform a quick reconnaissance on the target domain to identify robots.txt and common directories.
Analyze the provided PCAP file to extract any credentials found in HTTP or FTP traffic.
Run a Linux memory analysis on the provided dump using Volatility 2.
Execute a full web application penetration test methodology against the target URL.
Scan the git repository for any exposed secrets or sensitive keys.

Frequently Asked Questions

What are the key features of Operant MCP?

Comprehensive suite of 51 security testing tools. Automated penetration testing for web applications. Advanced network forensics and PCAP analysis. Memory forensics for Linux and Windows systems. Malware document analysis and CloudTrail log auditing.

What can I use Operant MCP for?

Automating security audits for web applications. Performing technical investigations on network captures. Conducting memory forensics to detect rootkits. Scanning cloud environments for anomalous activity. Identifying vulnerabilities like SQLi, XSS, and SSRF.

How do I install Operant MCP?

Install Operant MCP by running: npx operant-mcp

What MCP clients work with Operant MCP?

Operant MCP works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Operant MCP docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Open Conare

Related MCP Servers

Nuclear
Free, open-source music player without ads or tracking.
other17.1K stars
Domain Check
Fast domain availability checker with RDAP/WHOIS lookup and batch checking.
other253 stars
Ableton MCP Extended
Control Ableton Live using natural language via AI assistants
other142 stars
US Government Open Data MCP
MCP Server + TypeScript SDK for 40+ U.S. Government APIs
other90 stars
Garmin Connect
Access your fitness, health, and training data from MCP clients.
other71 stars
BinjaLattice MCP
Secure communication protocol for Binary Ninja and MCP servers
other61 stars