A Model Context Protocol (MCP) server that acts as a bridge to Caido, allowing AI Agents (like Claude, LangChain, etc.) to perform automated security testing and analysis.
This server connects to your local Caido instance (default port 8080) and exposes tools to:
- View Request History: Analyze traffic captured by Caido proxy.
- Send Requests: Forge and send HTTP requests via Caido's engine.
- Scan for Mitigation: Run basic automated XSS/SQLi checks.
- Get Findings: Retrieve reported vulnerabilities.
See MCP_CAPABILITIES.md for a detailed power list.
-
Prerequisites:
- Node.js installed.
- Caido running (usually on port 8080).
- Caido API Token (Settings -> API).
-
Installation:
git clone https://github.com/FazcomIA/mcp-caido.git cd mcp-caido npm install -
Configuration: Create a
.envfile in the root:CAIDO_URL=http://127.0.0.1:8080/graphql CAIDO_API_TOKEN=your_token_here MCP_PORT=3000 MCP_API_KEY=mcp-dev-key
Start the server:
node server.jsThe MCP server listens on http://localhost:3000/mcp/call.
Required Header: X-API-Key: mcp-dev-key
Example Curl:
curl -X POST http://localhost:3000/mcp/call \
-H "Content-Type: application/json" \
-H "X-API-Key: mcp-dev-key" \
-d '{"tool": "getStatus", "params": {}}'- API Key: Protected by
MCP_API_KEY. - Local Only: By default, runs locally. Be careful if exposing to a network.