mcp-security-scanner
Verified Safeby sidhpurwala-huzaifa
Overview
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Installation
No command providedSecurity Notes
The project itself is a security scanner designed to identify vulnerabilities. It includes an `insecure-mcp-server` component which is *deliberately insecure* for testing purposes. Running the scanner (`mcp-scan`) against a target is generally safe, as it performs non-destructive checks. However, the `insecure-mcp-server` should only be run in isolated, controlled environments (e.g., locally on 127.0.0.1 as demonstrated) and never exposed publicly, as it contains known vulnerabilities. No obvious obfuscation or direct 'eval' use in the scanner is indicated, and it operates by sending structured RPC requests.
Similar Servers
mcp-scanner
A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings by combining Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge to detect malicious MCP tools.
mcp-interviewer
A Python CLI tool designed to evaluate, test, and generate reports on Model Context Protocol (MCP) servers to ensure compatibility and quality for LLM agent use cases.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects various vulnerabilities in MCP implementations.
mcp-server-fuzzer
A comprehensive CLI-based fuzzing tool for Model Context Protocol (MCP) servers, designed to find vulnerabilities and validate server conformance through both tool argument fuzzing and protocol type fuzzing across multiple transport protocols (HTTP, SSE, Stdio, StreamableHTTP).