MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

S
Silksploit MCP
by @BobongKu
GitHub Repo(1 stars)

MCP server by BobongKu

Created 4/4/2026
Updated about 5 hours ago
README
View Source
Repository documentation and setup instructions

silksploit-mcp

MCP server bringing an arsenal of 29 autonomous security tools to AI assistants. Empower LLMs with full browser automation, traffic interception, fuzzing, and code execution capabilities.

Python MCP Mitmproxy Nodriver

📖 Overview

SilkSploit is an ultra-lightweight Model Context Protocol (MCP) server engineered specifically for AI Agents (Cursor, Claude) to perform autonomous web penetration testing, bypassing the bloat of traditional UI-heavy tools.

It provides three core modules integrated into a single cohesive pipeline:

  1. Headless Proxy Module (High-speed SQLite archiving via mitmproxy)
  2. CDP Browser Automation (Bot-detection bypass simulation via nodriver)
  3. Native Code Sandbox (Isolated python subprocesses for real-time exploit generation)

✨ Features

| Category | Capabilities | |----------|-------------| | Optimized Footprint | Hardened against FastMCP EOF IPC crashes with detached processes. Runs strictly in headless mode by default for zero memory-rendering overhead. | | Opt-in GUI Debugging | Toggle manage_proxy(ui=True) or browser_open(headless=False) for instant visual interception dashboards and browser interaction playback. | | Fuzz & Intercept | Run multi-threaded baseline Fuzzing against targets, or drop real-time traffic rules (body regex replace, header injection, block) onto the proxy. | | Auth Indexing | Automatically scrape and identify JWTs, OAuth tokens, and Session Cookies from millions of background proxy flow records. |

🛠️ MCP Tools (29 Total)

The SilkSploit framework exposes the following comprehensive tool suite to your AI agent.

🛡️ Proxy Core (13 Tools)

| Tool | Description | |------|-------------| | manage_proxy | Control proxy daemon. Opt-in to launch the mitmweb UI dashboard | | set_scope | Restrict packet archiving to specific target domains | | get_traffic_summary | Retrieve paginated list and metadata of intercepted proxy flows | | inspect_flow | Dive into deep packet inspection (headers, untruncated bodies) | | search_traffic | Search through millions of archived flows using keywords and regex | | extract_from_flow | Extract tokens from response bodies via JSON Path, Regex, or CSS Selectors | | extract_session_variable | Save dynamic tokens from packets directly into global session arrays | | clear_traffic | Flush SQLite traffic archive database | | replay_flow | Modifies captured HTTP packets (via Regex) to replay them instantly | | send_raw_request | Send completely raw HTTP/Multipart traffic payloads (Burp Repeater parity) | | add_interception_rule | Inject conditional traffic routing rules on the network stream | | detect_auth_pattern | Autonomously indexes hidden Auth mechanisms (JWT/Keys) from logged flows | | fuzz_endpoint | Multithreaded concurrent fuzzer comparing baseline behavior against anomalies |

🌐 Browser Automation (15 Tools)

| Tool | Description | |------|-------------| | browser_open / browser_close | Launch and destroy isolated Chrome sessions native enough to bypass Anti-Bot | | browser_list_sessions | Retrieve list of active headless CDP sessions | | browser_list_tabs | Retrieve specific tab IDs in an active session | | browser_go | Navigate and perform simulated page load waits | | browser_back | Trigger internal history navigation | | browser_click | CSS-driven button clicking and UI interaction | | browser_type | Inject strings/payloads organically into input forms or search bars | | browser_get_dom | Forcibly parse dynamically generated DOM trees invisible to normal proxies | | browser_get_text | Extract semantic string layers inside targeting UI components | | browser_get_storage | Scrape Client-Side localStorage / sessionStorage tokens | | browser_get_console | Bleed target JS console outputs to hunt for frontend developer errors | | browser_screenshot | Agent validation to visually verify if it has hit a CAPTCHA wall | | browser_set_cookie | Implant hijacked HTTPOnly/Secure cookies physically into the browser | | browser_js | Inject and execute arbitrary JS payloads directly inside the live page context |

🧪 Sandbox Engine (1 Tool)

| Tool | Description | |------|-------------| | execute_security_code | Dynamically generate and execute Python logic internally. Network tunnels are strictly routed through the internal proxy architecture. |

🏗 Architecture Context

graph TD
    %% Entities
    Client["🤖 AI Agent\n(Cursor / Claude)"]
    FastMCP["🔌 FastMCP Server\n(stdio IPC)"]
    
    %% SilkSploit Engine
    subgraph SilkSploit ["SilkSploit Framework"]
        Proxy["🛡️ Proxy Core (Port: 8080)"]
        Browser["🌐 CDP Browser Emulator"]
        Sandbox["🧪 Python Isolation Engine"]
    end
    
    %% Storage & Targets
    ExternalWeb[("🎯 Target Web App / API")]
    SQLite[("📂 Traffic Archive (SQLite)")]
    
    %% Relationships
    Client <-->|"Invokes 29 Tools"| FastMCP
    FastMCP --> Proxy
    FastMCP --> Browser
    FastMCP --> Sandbox
    
    %% Subsystem routing
    Proxy <-->|"mitmdump interception"| ExternalWeb
    Proxy -->|"Persists payload flows"| SQLite
    
    %% Internal tunneling
    Browser -->|"Headless steering"| Proxy
    Sandbox -->|"Routes generated exploits"| Proxy

🚀 Quick Start

It is highly recommended to run this MCP server via uvx, Python's lightning-fast project runner. Dependency environment isolation is handled automatically.

Cursor IDE Configuration

  1. Open Cursor Settings -> MCP Servers tab
  2. Click + Add New MCP Server (Type: command)
  3. Apply details:
    • Name: silksploit-mcp
    • Command: uvx
    • Args: --from . silksploit-mcp (Replace . with absolute path if configuring globally)

Claude Desktop Configuration

Add the configuration to claude_desktop_config.json:

{
  "mcpServers": {
    "silksploit-mcp": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/BobongKu/silksploit-mcp",
        "silksploit-mcp"
      ]
    }
  }
}

🚨 Troubleshooting

| Issue | Resolution | |------|-------------| | Command uvx not found | Install Astral's uv package manager: curl -LsSf https://astral.sh/uv/install.sh | sh | | Proxy Port (8080) Conflict | The background routing proxy attempts to bind to 8080. Kill background rogue processes or initialize manage_proxy(port=XXXX) | | FastMCP EOF Socket Crash | (Resolved) All subsystems (mitmdump and sandboxes) are spun up in detached start_new_session=True environments. Process life pipelines are guaranteed. |

Quick Setup
Installation guide for this server

Install Package (if required)

uvx silksploit-mcp

Cursor configuration (mcp.json)

{ "mcpServers": { "bobongku-silksploit-mcp": { "command": "uvx", "args": [ "silksploit-mcp" ] } } }