mcpsecurity

3.3

If you are the rightful owner of mcpsecurity and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

This project is an intentionally vulnerable MCP app designed for security research.

The Vulnerable MCP Server is a command execution server that integrates FastAPI for HTTP interfacing, SQLite for database management, and Ollama LLM for interpreting natural language queries. It uses JSON-RPC as the main API protocol to route natural language inputs to SQL queries or shell commands. This server is specifically built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities through FastAPI, JSON-RPC, and LLM-based decision logic. It is crucial to note that this server is intentionally insecure, lacking authentication, access control, and input validation, making it suitable only for isolated environments, Capture The Flag (CTF) events, or research labs.

Features

LLM-based decision logic for command routing (SQL or CLI)
Native execution of SQL and terminal commands
Auto-initializing SQLite database with sample data
Simple, pluggable JSON-RPC methods
Vulnerable by design — suitable for offensive/defensive testing

Related MCP Servers

View all security servers →

better-auth-mcp-server

by nahmanmate

MCP Server for Authentication Management

kubectl-mcp-server

by rohitg00

Kubectl MCP Server is a Model Context Protocol server for Kubernetes, enabling AI assistants to interact with Kubernetes clusters using natural language.

mcp

by semgrep

Semgrep MCP Server is a Model Context Protocol server that uses Semgrep to scan code for security vulnerabilities.

osv-mcp

by StacklokLabs

An MCP server providing access to the OSV database for querying vulnerability information.

win-cli-mcp-server

by SimonB97

MCP server for secure command-line interactions on Windows systems, enabling controlled access to PowerShell, CMD, Git Bash shells, and remote systems via SSH.

BloodHound-MCP-AI

by MorDavid

BloodHound-MCP is a Model Context Protocol Server integration for BloodHound, enabling natural language analysis of Active Directory data.

ida-mcp-server-plugin

by taida957789

IDA Pro MCP Server is a plugin that allows remote querying and control of IDA Pro through the Model Context Protocol (MCP) interface.

developer_tools

mcp-maigret

by BurtTheCoder

Maigret MCP Server is a Model Context Protocol server for Maigret, an OSINT tool that collects user account information from various public sources.

apktool-mcp-server

by zinja-coder

apktool-mcp-server is a fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude, providing live reverse engineering support.

mcp-shodan

by BurtTheCoder

A Model Context Protocol (MCP) server for querying the Shodan API and Shodan CVEDB, providing access to network intelligence and security services.

web3-mcp

by strangelove-ventures

A Model-Context-Protocol server for interacting with multiple blockchains including Solana, Ethereum, THORChain, XRP Ledger, TON, Cardano, and UTXO chains.

mcp-server-wazuh

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

mythic_mcp

by xpn

Mythic MCP is a model context protocol server designed to facilitate automated penetration testing using LLMs.

TriageMCP

by eversinc33

TriageMCP is an MCP server designed to enable a Language Model (LLM) to perform basic static triage of Portable Executable (PE) files.

auth0-mcp-server

by auth0

The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language.

developer_tools

Snyk

by snyk

MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.

roadrecon_mcp_server

by atomicchonk

The ROADrecon MCP Server provides AI assistants like Claude with access to ROADRecon Azure AD data for security analysis.

nutrient-dws-mcp-server

by PSPDFKit

A Model Context Protocol (MCP) server implementation that integrates with the Nutrient Document Web Service (DWS) Processor API, providing powerful PDF processing capabilities for AI assistants.

developer_tools

MetasploitMCP

by GH05TCREW

This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform.

mcp_zoomeye

by zoomeye-ai

A Model Context Protocol (MCP) server that provides network asset information based on query conditions.

research_and_data

mcp-dnstwist

by BurtTheCoder

DNStwist MCP Server is a Model Context Protocol server for the DNStwist tool, designed to detect typosquatting and phishing domains.

ExternalAttacker-MCP

by MorDavid

ExternalAttacker is a Model Context Protocol (MCP) server designed for external attack surface management, integrating automated scanning with a natural language interface.

pyATS_MCP

by automateyournetwork

The pyATS MCP Server is a Model Context Protocol Server that integrates with Cisco pyATS and Genie, enabling structured interaction with network devices using JSON-RPC 2.0 over STDIO.

developer_tools

BurpSuite-MCP-Server

by X3r0K

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

NGCBot-MCP

by ngc660sec

NGCBot-MCP-Server is a WeChat bot based on the HOOK mechanism, supporting various features like security news push, AI responses, and more.

C4Diagrammer

by jonverrier

C4Diagrammer is a Model Context Protocol (MCP) server implementation designed to generate documentation for existing systems, providing tools for generating code summaries and C4 architecture diagrams using Mermaid.js.

developer_tools

onepassword-mcp-server

by dkvdm

This MCP server is a proof of concept for educational purposes, utilizing the 1Password Python SDK to securely retrieve credentials.