findmy-mcp
Verified Safeby cbxss
Overview
Fast, concurrent Model Context Protocol (MCP) server discovery and analysis tool for security research.
Installation
mcp-scan scanEnvironment Variables
- MCP_SCANNER_SHODAN_API_KEY
- MCP_SCANNER_MAX_RESULTS_PER_FILTER
- MCP_SCANNER_MAX_CONCURRENT_VERIFICATIONS
- MCP_SCANNER_VERIFICATION_TIMEOUT
- MCP_SCANNER_OUTPUT_DIR
- MCP_SCANNER_VERIFY_SSL
- MCP_SCANNER_FOLLOW_REDIRECTS
- MCP_SCANNER_MAX_REDIRECTS
- MCP_SCANNER_USER_AGENT
- MCP_SCANNER_FILTERS_FILE
Security Notes
The project is explicitly designed for security research, involving network scanning and interaction with external services (Shodan API, discovered MCP servers). It uses Pydantic for robust data validation, `httpx` for secure HTTP requests with configurable SSL verification, and `asyncio` with semaphores for controlled concurrency. Shodan API keys are properly managed via environment variables or `.env` files, preventing hardcoding. File operations for saving results use `pathlib.Path` which helps mitigate simple path traversal. No `eval` or similar dangerous patterns were found. The project clearly states ethical usage guidelines. The main 'risk' is inherent to its function as a scanning tool, which is properly mitigated by design choices and ethical disclaimers.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
mcp-server-fuzzer
Fuzzing and security testing of Model Context Protocol (MCP) servers across multiple transport protocols (HTTP, SSE, Stdio) to validate functionality, robustness, and protocol compliance.