A Model Context Protocol (MCP) server for web application security scanning.
- MCP Protocol Support - Full compatibility with MCP clients (Claude, etc.)
- Nikto Integration - Web server vulnerability scanning
- Nuclei Integration - Template-based vulnerability scanning
- Wapiti Integration - Web application vulnerability scanning
- Execution History - Persistent storage of scan results
- Stateless Design - Survives server restarts without session errors
- RESTful HTTP Transport - Streamable HTTP-based MCP protocol
docker run -p 127.0.0.1:8989:8989 tb0hdan/wass-mcpExample command to add WASS-MCP server to Claude MCP clients:
claude mcp add wass-mcp --transport http http://127.0.0.1:8989or Gemini:
gemini mcp add wass-mcp --transport http http://127.0.0.1:8989Perform web server vulnerability scans using Nikto.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host |
string | Yes | Target hostname or IP address |
port |
integer | No | Target port (default: 80) |
vhost |
string | No | Virtual host header |
max_lines |
integer | No | Maximum output lines |
offset |
integer | No | Output line offset |
Example:
{
"host": "192.168.1.100",
"port": 443
}Perform template-based vulnerability scanning using Nuclei.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host |
string | Yes | Target hostname or IP address |
port |
integer | No | Target port (default: 80) |
vhost |
string | No | Virtual host header |
max_lines |
integer | No | Maximum output lines |
offset |
integer | No | Output line offset |
Vulnerabilities Detected:
- CVE detection via community templates
- Misconfigurations
- Exposed panels/dashboards
- Default credentials
- Technology detection
- Security headers analysis
- And many more via 8000+ community templates
Example:
{
"host": "192.168.1.100",
"port": 443
}Perform comprehensive web application vulnerability scans using Wapiti.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host |
string | Yes | Target hostname or IP address |
port |
integer | No | Target port (default: 80) |
vhost |
string | No | Virtual host header |
max_lines |
integer | No | Maximum output lines |
offset |
integer | No | Output line offset |
Vulnerabilities Detected:
- SQL Injection / Blind SQL Injection
- Cross-Site Scripting (XSS)
- File Inclusion / Path Traversal
- Command Execution
- CRLF Injection
- Server-Side Request Forgery (SSRF)
- Open Redirects
- HTTP Security Headers
- Content Security Policy issues
Example:
{
"host": "192.168.1.100",
"port": 8080
}Perform a comprehensive security scan using all available scanners in parallel.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
host |
string | Yes | Target hostname or IP address |
port |
integer | No | Target port (default: 80) |
vhost |
string | No | Virtual host header |
max_lines |
integer | No | Maximum output lines |
offset |
integer | No | Output line offset |
Features:
- Runs nikto, nuclei and wapiti scanners in parallel
- Merges results into a unified report
- Includes timing and status for each scanner
- Gracefully handles missing scanner binaries
Example:
{
"host": "192.168.1.100",
"port": 8080
}Browse and manage tool execution history.
Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
action |
string | Yes | One of: list, get, delete, clear |
id |
integer | For get/delete | Execution ID |
limit |
integer | No | Results per page (default: 10) |
offset |
integer | No | Pagination offset |
Actions:
list- List execution history with paginationget- Get full details of a specific executiondelete- Delete a specific execution by IDclear- Delete all execution history
| Endpoint | Description |
|---|---|
POST /mcp |
MCP protocol endpoint |
GET / |
Service information (JSON) |
GET /debug/pprof/* |
Profiling endpoints |
- Go 1.25+
- Nikto (
apt install niktoor equivalent) - Nuclei (
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest) - Wapiti (
apt install wapitior equivalent) - SQLite3
# Clone the repository
git clone https://github.com/tb0hdan/wass-mcp.git
cd wass-mcp
# Build
make build
# Run
./build/wass-mcp# Default (localhost:8989)
./build/wass-mcp
# Custom bind address
./build/wass-mcp --bind 0.0.0.0:8080
# Custom database path
./build/wass-mcp --db /var/lib/wass-mcp/data.db
# Debug mode
./build/wass-mcp --debug| Flag | Default | Description |
|---|---|---|
--bind |
localhost:8989 |
HTTP server bind address |
--db |
./wass-mcp.db |
SQLite database file path |
--debug |
false |
Enable debug logging |
--version |
- | Print version and exit |
make lintmake testwass-mcp/
├── cmd/wass-mcp/ # Application entry point
├── pkg/
│ ├── server/ # MCP server wrapper
│ ├── storage/ # Database layer (SQLite/GORM)
│ ├── models/ # Data models
│ ├── tools/ # MCP tool implementations
│ │ ├── nikto/ # Nikto web server scanner
│ │ ├── wapiti/ # Wapiti web app scanner
│ │ ├── nuclei/ # Nuclei template scanner
│ │ ├── fullscan/ # Parallel full scan
│ │ └── history/ # History management
│ └── types/ # Shared types and constants
├── docs/ # Documentation
└── build/ # Build output and coverage reports
This tool is intended for authorized security testing only. Ensure you have proper authorization before scanning any systems. Unauthorized scanning may be illegal in your jurisdiction.
For complete project notes, design decisions, and architecture overview, please refer to the Project Notes document.
BSD 3-Clause License - Copyright (c) 2026, Bohdan Turkynevych. See LICENSE for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-tool) - Commit your changes (
git commit -am 'Add new scanning tool') - Push to the branch (
git push origin feature/new-tool) - Create a Pull Request
- Model Context Protocol - Protocol specification
- Nikto - Web server scanner
- Nuclei - Template-based vulnerability scanner
- Wapiti - Web application vulnerability scanner
- GORM - Go ORM library