io.github.tb0hdan/wass-mcp
MCP server for web application security scanning
Ask AI about io.github.tb0hdan/wass-mcp
Powered by Claude Β· Grounded in docs
I know everything about io.github.tb0hdan/wass-mcp. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
WASS-MCP
A Model Context Protocol (MCP) server for web application security scanning.
Features
- MCP Protocol Support - Full compatibility with MCP clients (Claude, etc.)
- Nikto Integration - Web server vulnerability scanning
- Nuclei Integration - Template-based vulnerability scanning
- Wapiti Integration - Web application vulnerability scanning
- Shcheck Integration - Security headers analysis
- Execution History - Persistent storage of scan results
- Stateless Design - Survives server restarts without session errors
- RESTful HTTP Transport - Streamable HTTP-based MCP protocol
Usage
docker run -p 127.0.0.1:8989:8989 tb0hdan/wass-mcp
MCP Client Configuration
Example command to add WASS-MCP server to Claude MCP clients:
claude mcp add wass-mcp --transport http http://127.0.0.1:8989
or Gemini:
gemini mcp add wass-mcp --transport http http://127.0.0.1:8989
Available Tools
nikto
Perform web server vulnerability scans using Nikto.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host | string | Yes | Target hostname or IP address |
port | integer | No | Target port (default: 80) |
vhost | string | No | Virtual host header |
max_lines | integer | No | Maximum output lines |
offset | integer | No | Output line offset |
Example:
{
"host": "192.168.1.100",
"port": 443
}
nuclei
Perform template-based vulnerability scanning using Nuclei.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host | string | Yes | Target hostname or IP address |
port | integer | No | Target port (default: 80) |
vhost | string | No | Virtual host header |
max_lines | integer | No | Maximum output lines |
offset | integer | No | Output line offset |
Vulnerabilities Detected:
- CVE detection via community templates
- Misconfigurations
- Exposed panels/dashboards
- Default credentials
- Technology detection
- Security headers analysis
- And many more via 8000+ community templates
Example:
{
"host": "192.168.1.100",
"port": 443
}
wapiti
Perform comprehensive web application vulnerability scans using Wapiti.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host | string | Yes | Target hostname or IP address |
port | integer | No | Target port (default: 80) |
vhost | string | No | Virtual host header |
max_lines | integer | No | Maximum output lines |
offset | integer | No | Output line offset |
Vulnerabilities Detected:
- SQL Injection / Blind SQL Injection
- Cross-Site Scripting (XSS)
- File Inclusion / Path Traversal
- Command Execution
- CRLF Injection
- Server-Side Request Forgery (SSRF)
- Open Redirects
- HTTP Security Headers
- Content Security Policy issues
Example:
{
"host": "192.168.1.100",
"port": 8080
}
shcheck_py
Analyze HTTP security headers using shcheck.py.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host | string | Yes | Target hostname or IP address |
port | integer | No | Target port (default: 80) |
vhost | string | No | Virtual host header |
max_lines | integer | No | Maximum output lines |
offset | integer | No | Output line offset |
Headers Analyzed:
- Content-Security-Policy
- Strict-Transport-Security
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- And other security-relevant headers
Example:
{
"host": "example.com",
"port": 443
}
full_scan
Perform a comprehensive security scan using all available scanners in parallel.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host | string | Yes | Target hostname or IP address |
port | integer | No | Target port (default: 80) |
vhost | string | No | Virtual host header |
max_lines | integer | No | Maximum output lines |
offset | integer | No | Output line offset |
Features:
- Runs nikto, nuclei, wapiti and shcheck scanners in parallel
- Merges results into a unified report
- Includes timing and status for each scanner
- Gracefully handles missing scanner binaries
Example:
{
"host": "192.168.1.100",
"port": 8080
}
history
Browse and manage tool execution history.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
action | string | Yes | One of: list, get, delete, clear |
id | integer | For get/delete | Execution ID |
limit | integer | No | Results per page (default: 10) |
offset | integer | No | Pagination offset |
Actions:
list- List execution history with paginationget- Get full details of a specific executiondelete- Delete a specific execution by IDclear- Delete all execution history
API Endpoints
| Endpoint | Description |
|---|---|
POST /mcp | MCP protocol endpoint |
GET / | Service information (JSON) |
GET /debug/pprof/* | Profiling endpoints |
Development and advanced usage
Source build requirements
- Go 1.25+
- Nikto (
apt install niktoor equivalent) - Nuclei (
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest) - Wapiti (
apt install wapitior equivalent) - Shcheck (
pip install shcheckor from GitHub) - SQLite3
# Clone the repository
git clone https://github.com/tb0hdan/wass-mcp.git
cd wass-mcp
# Build
make build
# Run
./build/wass-mcp
Starting the Server
# Default (localhost:8989)
./build/wass-mcp
# Custom bind address
./build/wass-mcp --bind 0.0.0.0:8080
# Custom database path
./build/wass-mcp --db /var/lib/wass-mcp/data.db
# Debug mode
./build/wass-mcp --debug
Configuration Options
| Flag | Default | Description |
|---|---|---|
--bind | localhost:8989 | HTTP server bind address |
--db | ./wass-mcp.db | SQLite database file path |
--debug | false | Enable debug logging |
--version | - | Print version and exit |
Linting
make lint
Testing
make test
Project Structure
wass-mcp/
βββ cmd/wass-mcp/ # Application entry point
βββ pkg/
β βββ server/ # MCP server wrapper
β βββ storage/ # Database layer (SQLite/GORM)
β βββ models/ # Data models
β βββ tools/ # MCP tool implementations
β β βββ nikto/ # Nikto web server scanner
β β βββ wapiti/ # Wapiti web app scanner
β β βββ nuclei/ # Nuclei template scanner
β β βββ shcheck/ # Security headers checker
β β βββ fullscan/ # Parallel full scan
β β βββ history/ # History management
β βββ types/ # Shared types and constants
βββ docs/ # Documentation
βββ build/ # Build output and coverage reports
Security Notice
This tool is intended for authorized security testing only. Ensure you have proper authorization before scanning any systems. Unauthorized scanning may be illegal in your jurisdiction.
Project notes
For complete project notes, design decisions, and architecture overview, please refer to the Project Notes document.
License
BSD 3-Clause License - Copyright (c) 2026, Bohdan Turkynevych. See LICENSE for details.
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-tool) - Commit your changes (
git commit -am 'Add new scanning tool') - Push to the branch (
git push origin feature/new-tool) - Create a Pull Request