A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Turn your AI agent into a hacker by plugging in this MCP
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
npx operant-mcp
Or install globally:
npm install -g operant-mcp
operant-mcp
Add to your MCP config:
{
"mcpServers": {
"operant": {
"command": "npx",
"args": ["-y", "operant-mcp"]
}
}
}
sqli_where_bypass — Test OR-based WHERE clause bypasssqli_login_bypass — Test login form SQL injectionsqli_union_extract — UNION-based data extractionsqli_blind_boolean — Boolean-based blind SQLisqli_blind_time — Time-based blind SQLisqli_file_read — Read files via LOAD_FILE()xss_reflected_test — Test reflected XSS with 10 payloadsxss_payload_generate — Generate context-aware XSS payloadscmdi_test — Test OS command injectioncmdi_blind_detect — Blind command injection via sleep timingpath_traversal_test — Test directory traversal with encoding variantsssrf_test — Test SSRF with localhost bypass variantsssrf_cloud_metadata — Test cloud metadata access via SSRFpcap_overview — Protocol hierarchy and endpoint statspcap_extract_credentials — Extract FTP/HTTP/SMTP credentialspcap_dns_analysis — DNS query analysispcap_http_objects — Export HTTP objectspcap_detect_scan — Detect port scanningpcap_follow_stream — Follow TCP/UDP streamspcap_tls_analysis — TLS/SNI analysispcap_llmnr_ntlm — Detect LLMNR/NTLM attacksrecon_quick — Quick recon (robots.txt, headers, common dirs)recon_dns — Full DNS enumerationrecon_vhost — Virtual host discoveryrecon_tls_sans — Extract SANs from TLS certificatesrecon_directory_bruteforce — Directory brute-forcerecon_git_secrets — Search git repos for secretsrecon_s3_bucket — Test S3 bucket permissionsvolatility_linux — Linux memory analysis (Volatility 2)volatility_windows — Windows memory analysis (Volatility 3)memory_detect_rootkit — Linux rootkit detectionmaldoc_analyze — Full OLE document analysis pipelinemaldoc_extract_macros — Extract VBA macroscloudtrail_analyze — CloudTrail log analysiscloudtrail_find_anomalies — Detect anomalous CloudTrail eventsauth_csrf_extract — Extract CSRF tokensauth_bruteforce — Username enumeration + credential brute-forceauth_cookie_tamper — Cookie tampering testidor_test — Test for IDOR vulnerabilitiesrole_escalation_test — Test privilege escalationprice_manipulation_test — Test price/quantity manipulationcoupon_abuse_test — Test coupon stacking/reuseclickjacking_test — Test X-Frame-Options/CSPframe_buster_bypass — Test frame-busting bypasscors_test — Test CORS misconfigurationsfile_upload_test — Test file upload bypassesnosqli_auth_bypass — MongoDB auth bypassnosqli_detect — NoSQL injection detectiondeserialization_test — Test insecure deserializationgraphql_introspect — Full schema introspectiongraphql_find_hidden — Discover hidden fieldsMethodology guides for structured security assessments:
web_app_pentest — Full web app pentest methodologypcap_forensics — PCAP analysis workflowmemory_forensics — Memory dump analysis (Linux/Windows)recon_methodology — Reconnaissance checklistmalware_analysis — Malware document analysiscloud_security_audit — CloudTrail analysis workflowsqli_methodology — SQL injection testing guidexss_methodology — XSS testing guideTools require various CLI utilities depending on the module:
curltshark (Wireshark CLI)dig, hostvolatility / vol.py / vol3olevba, oledump.pyjqgitMIT
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
English-first Korean equity intelligence MCP — DART filings, foreign-holder 5%-rule flows, activist filings, KRX news. F
Unity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control sc
via CLI
