mcp-security-sandbox

mcp-security-sandbox

By SirAppSec GitHub

MCP Security Playground - Hack with MCP Servers, MCP Clients. Try out different vulnerabilities and abuse LLMs and agents in a UI friendly experimentation lab

security playground
Overview

what is mcp-security-sandbox?

The mcp-security-sandbox is an experimental environment designed for exploring mcp hosts, clients, and servers. It allows users to perform attacks against mcp servers and experiment with large language models (LLMs).

how to use mcp-security-sandbox?

To use the mcp-security-sandbox, set up a virtual environment, install the necessary dependencies, and run the MCP server and frontend applications using the provided commands.

key features of mcp-security-sandbox?

  • Experimental sandbox for mcp hosts and clients
  • Ability to perform attacks against mcp servers
  • Integration with local LLMs for enhanced functionality

use cases of mcp-security-sandbox?

  1. Testing the security of mcp servers through simulated attacks.
  2. Exploring the capabilities of LLMs in a controlled environment.
  3. Developing and testing new features for mcp applications.

FAQ from mcp-security-sandbox?

  • What is the purpose of the mcp-security-sandbox?

It serves as a lab for security researchers to explore and test mcp technologies and LLMs.

  • Is there a specific setup required?

Yes, users need to install dependencies and set up the environment as per the instructions provided in the documentation.

  • Can I use this sandbox for production purposes?

No, this is an experimental sandbox and should not be used in production environments.

Content

mcp-security-sandbox

An experimental sandbox and a lab to explore mcp hosts, mcp clients, and mcp servers. Perform attacks agaisnt mcp servers and abuse LLMs

Preview

MCP Aware Chat - retrieval

This repository defines an MCP server(github retrieval), and integrate it into a chat agent playground. image

Burp Suite MCP Server

Use to chain and interact with multiple MCP servers, in this example, we've enabled intercept and performed a revtrieval using the github tool to describe this repository!

image note: install Burps MCP Server first

Quick Start

to start the frontend:

uv install
uv venv
source .venv/bin/activate
# Start he MCP serer
uv run -- src/mcp-security-sandbox/mcp/github/server.py 
streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py

make sure you install ollama, and set it's url in the ollama client initializations

Roadmap

  • use the environment to setup the ollama api
  • integrate mcp into the chat context(currently it's history aware only)
  • Allow for streamlit pages/navigation
  • unify streamlit server(s) to initiate all of the frontend once
  • add more mcp servers
  • allow for dynamically loading of mcp servers
  • create a malicious server
  • perfrom mcp attacks and poc vulnerabilities
No tools information available.
MCP Kali Server
MCP Kali Server by Wh0am123

MCP configuration to connect AI agent to a Linux machine.

security mcp
View Details
MCP Playground
MCP Playground by chatmcp

Call MCP Server Tools Online

mcp-client playground
View Details
😎 Contributing

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

security exploit
View Details
ZeroPath MCP Server
ZeroPath MCP Server by ZeroPathAI

Open-source MCP server for querying ZeroPath security issues, patches, and scans using Claude, Cursor, Windsurf, or any AI assistant.

security appsec
View Details
Arcjet - MCP Server

Arcjet Model Context Protocol (MCP) server. Help your AI agents implement bot detection, rate limiting, email validation, attack protection, data redaction.

security mcp
View Details
MCP Ethical Hacking

MCP Ethical Hacking Security sample for educational

security ai
View Details
MCP Subfinder Server
MCP Subfinder Server by copyleftdev

Model Context Protocol (MCP) server that wraps ProjectDiscovery's subfinder tool for powerful subdomain enumeration through a JSON-RPC API.

security mcp
View Details