mcp-security-scanner
Verified Safeby sidhpurwala-huzaifa
Overview
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Installation
No command providedSecurity Notes
The project itself is a security scanner designed to identify vulnerabilities. It includes an `insecure-mcp-server` component which is *deliberately insecure* for testing purposes. Running the scanner (`mcp-scan`) against a target is generally safe, as it performs non-destructive checks. However, the `insecure-mcp-server` should only be run in isolated, controlled environments (e.g., locally on 127.0.0.1 as demonstrated) and never exposed publicly, as it contains known vulnerabilities. No obvious obfuscation or direct 'eval' use in the scanner is indicated, and it operates by sending structured RPC requests.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-server-fuzzer
Fuzzing and security testing of Model Context Protocol (MCP) servers across multiple transport protocols (HTTP, SSE, Stdio) to validate functionality, robustness, and protocol compliance.
pentesting-mcp-servers-checklist
Provides a comprehensive checklist for security practitioners to pentest Model Context Protocol (MCP) servers and AI agents.