MCP Server For Garak LLM Vulnerability Scanner

By EdenYavin GitHub

MCP Server for using Garak LLM vulnerability scanner

Overview

what is Garak-MCP?

Garak-MCP is a server designed to utilize the Garak LLM vulnerability scanner, which helps in identifying and addressing security vulnerabilities in applications.

how to use Garak-MCP?

To use Garak-MCP, set up the server and configure it to scan your applications for vulnerabilities using the Garak LLM.

key features of Garak-MCP?

Integration with Garak LLM for advanced vulnerability scanning
Real-time vulnerability detection
User-friendly interface for managing scans and viewing results

use cases of Garak-MCP?

Scanning web applications for security vulnerabilities
Assessing the security posture of software before deployment
Continuous monitoring of applications for new vulnerabilities

FAQ from Garak-MCP?

What types of vulnerabilities can Garak-MCP detect?

Garak-MCP can detect a wide range of vulnerabilities including SQL injection, cross-site scripting, and more.

Is Garak-MCP free to use?

Yes! Garak-MCP is open-source and free to use under the MIT license.

How can I contribute to Garak-MCP?

You can contribute by reporting issues, submitting pull requests, or improving the documentation on GitHub.

Content

MCP Server For Garak LLM Vulnerability Scanner

A lightweight MCP (Model Context Protocol) server for Garak.

Example:

https://github.com/user-attachments/assets/f6095d26-2b79-4ef7-a889-fd6be27bbbda

Features

List Attacks: List all the attack available on Garak.
Run Attack: Run the attack on a given model.

Prerequisites

Python 3.11 or higher: This project requires Python 3.11 or newer.
```
# Check your Python version
python --version
```
Install uv: A fast Python package installer and resolver.
```
pip install uv
```
Or use Homebrew:
```
brew install uv
```
Optional: Ollama: If you want to run attacks on ollama models be sure that the ollama server is running.

ollama serve

Installation

Clone this repository:

git clone https://github.com/BIGdeadLock/Garak-MCP.git
cd src

Configuration

For Cursor users:

{
  "mcpServers": {
    "garak-mcp": {
      "command": "uv",
      "args": ["--directory", "path-to/Garak-MCP", "run", "garak-server"],
      "env": {}
    }
  }
}

Tools Provided

Overview

Name	Description
list_model_types	List all available model types (ollama, openai, huggingface, ggml)
list_models	List all available models for a given model type
list_garak_probes	List all available Garak attacks/probes
get_report	Get the report of the last run
run_attack	Run an attack with a given model and probe

Detailed Description

list_model_types
- List all available model types that can be used for attacks
- Returns a list of supported model types (ollama, openai, huggingface, ggml)
list_models
- List all available models for a given model type
- Input parameters:
  - model_type (string, required): The type of model to list (ollama, openai, huggingface, ggml)
- Returns a list of available models for the specified type
list_garak_probes
- List all available Garak attacks/probes
- Returns a list of available probes/attacks that can be run
get_report
- Get the report of the last run
- Returns the path to the report file
run_attack
- Run an attack with the given model and probe
- Input parameters:
  - model_type (string, required): The type of model to use
  - model_name (string, required): The name of the model to use
  - probe_name (string, required): The name of the attack/probe to use
- Returns a list of vulnerabilities found

Future Steps

Add support for Smithery AI: Docker and config
Improve Reporting
Test and validate OpenAI models (GPT-3.5, GPT-4)
Test and validate HuggingFace models
Test and validate local GGML models

No tools information available.

No content found.