- Home
- MCP servers
- XSS MCP Tester Server
XSS MCP Tester Server
- python
11
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"0xtrk-xss-mcp-tester": {
"command": "uv",
"args": [
"run",
"--with",
"mcp[cli]",
"--with",
"playwright",
"mcp",
"run",
"/path/to/your/project/main.py"
]
}
}
}You have a dedicated MCP server that performs XSS tests with AI capabilities. It exposes a focused set of testing tools you can run from an MCP client, enabling practical security testing workflows and automation for web applications.
How to use
To use this MCP server, connect a compatible MCP client and run the server configuration that delegates execution to the uv tool. Set up the client to launch the server with the specified command and arguments, then interact with the available testing tools to probe web pages for XSS behaviors. Start by ensuring your client can reach the local or remote MCP server, then begin testing URLs with payloads, inspecting HTTP responses, and retrieving relevant assets for analysis.
How to install
Prerequisites
- Python 3.8+
- uv package manager
Install uv (if not already installed)
curl -LsSf https://astral.sh/uv/install.sh | sh
Setup
Clone the repository
git clone https://github.com/yourusername/xss-tester-mcp.git
cd xss-tester-mcp
Initialize the project
define
uv init
Install dependencies
uv add mcp playwright fastmcp
Install Playwright browsers
uv run playwright install chromium
Verify installation
uv pip list
Additional sections
Configuration details and concrete usage steps are provided below to help you wire everything up and begin testing right away. Follow these steps to ensure smooth operation and predictable results.
Configuration is done by pointing your MCP client at the XSS tester server configuration. Use the following snippet to register the MCP server in your client’s configuration. This config uses uv to run the server and includes the necessary arguments to initialize the MCP workflow with Playwright support.
{
"mcpServers": {
"XSS tester": {
"command": "uv",
"args": [
"run",
"--with",
"mcp[cli]",
"--with",
"playwright",
"mcp",
"run",
"/path/to/your/project/main.py"
]
}
}
}
Notes and tips
- No sensitive data should be transmitted to or from testing endpoints during automated runs. Use non-production URLs for testing whenever possible. - Ensure Playwright browsers are installed and available for the testing session. - When you run tests, you can engage the AI-enabled agent to guide the XSS analysis and propose payloads or interpretations. - If you need to adjust environment variables or runtime options, update the MCP client configuration accordingly and restart the server as needed.
Available tools
test_xss_url
Tests a URL for XSS vulnerabilities by checking if JavaScript execution is triggered.
get_raw_html_response
Fetches the raw HTML response from a URL using urllib.
search_in_html_response
Searches for specific content within HTML responses.
get_javascript_file
Fetches JavaScript files for manual vulnerability analysis.
get_http_headers
Retrieves HTTP response headers for security analysis.
make_custom_http_request
Makes HTTP requests with custom headers (authentication, cookies, sessions).