# mcpsec - Security Scanner for MCP Servers
[](https://github.com/augmnt/mcpsec/actions)
[](https://opensource.org/licenses/MIT)
[](https://crates.io/crates/mcpsec)
[](https://crates.io/crates/mcpsec)
🔍 Find security vulnerabilities in Model Context Protocol (MCP) servers before they find you.
## Quick Start
### Installation
```bash
cargo install mcpsec
```
**Requirements:**
- Rust 1.70.0 or higher
- Works on Linux, macOS, and Windows
### Usage Options
#### 🎨 Interactive TUI Mode (Recommended)
```bash
# Launch interactive interface
mcpsec tui
# Launch with target pre-selected
mcpsec tui ./my-mcp-server
```
#### 📝 Traditional CLI Mode
```bash
# Scan local MCP server
mcpsec scan ./my-mcp-server
# Scan GitHub repository
mcpsec scan https://github.com/user/mcp-server
# Get JSON output for CI/CD
mcpsec scan ./server --output json --fail-below 70
```
## Features
- 🎨 **Interactive TUI** - Beautiful terminal user interface with real-time navigation
- 🔍 **Static Analysis** - Detects security vulnerabilities without executing code
- 🎯 **MCP-Specific** - Understands MCP server patterns and common mistakes
- 📊 **Risk Scoring** - Clear 0-100 risk assessment with actionable recommendations
- 🖥️ **Dual Interface** - Both interactive TUI and traditional CLI modes
- 🔧 **CI/CD Ready** - JSON/SARIF output formats for automation
- ⚡ **Fast** - Scan typical MCP servers in seconds
- 🌍 **MCP SDK Support** - Python FastMCP and TypeScript/JavaScript MCP SDK
- 📱 **Responsive Design** - Adapts to different terminal sizes
- ⌨️ **Keyboard Navigation** - Intuitive vim-like shortcuts
## Supported MCP SDKs
mcpsec currently supports MCP servers built with:
| **FastMCP** | Python | ✅ Fully Supported | ✅ 5 specialized rules |
| **@modelcontextprotocol/sdk** | TypeScript/JavaScript | ✅ Fully Supported | ✅ 5 specialized rules |
| Other SDKs | C#, Java, Kotlin, Ruby, Rust, Swift | ❌ Limited Support | ⚠️ Generic rules only |
> **Note**: For unsupported SDKs, mcpsec will still detect generic security issues (command injection, file operations, etc.) but may miss MCP-specific vulnerability patterns.
## Security Checks
mcpsec detects these vulnerability categories:
### MCP-Specific Vulnerabilities
*Detected in Python FastMCP and TypeScript/JavaScript MCP SDK servers*
| **MCP Tool Injection** | `subprocess.run(user_cmd, shell=True)` in tools | 🔴 Critical |
| **MCP Resource Traversal** | `open(../../../etc/passwd)` in resources | 🟠 High |
| **MCP Prompt Injection** | "Ignore previous instructions" in descriptions | 🟠 High |
| **MCP Input Validation** | Missing validation in tool parameters | 🟡 Medium |
| **MCP Auth Bypass** | `DISABLE_AUTH=true`, hardcoded credentials | 🟠 High |
### General Vulnerabilities
*Detected in all supported languages*
| **Command Injection** | `exec(userInput)`, `system(command)` | 🔴 Critical |
| **Network Exposure** | Binding to `0.0.0.0` without auth | 🟠 High |
| **Input Validation** | Unsafe file operations | 🟡 Medium |
## Example Output
```bash
┌─ Security Assessment ────────────────────────────────┐
│ Overall Score: 15/100 (CRITICAL) │
│ │
│ 🔴 3 Critical Issues │
│ 🟠 2 High Issues │
│ 🟡 1 Medium Issue │
│ │
│ ❌ DO NOT USE - Fix critical issues first │
└─────────────────────────────────────────────────────┘
🔴 CRITICAL: MCP Tool Command Injection in server.ts:52
MCP tool 'execute-command' uses unsafe execSync() with user input
Fix: Use subprocess with shell=False and validated arguments
Ref: CWE-78, OWASP Command Injection
🟠 HIGH: MCP Resource Path Traversal in server.py:67
Resource allows ../../../etc/passwd access via path parameter
Fix: Validate paths with Path.resolve() and allowlists
Ref: CWE-22, Path Traversal
🟠 HIGH: MCP Auth Bypass in config.ts:12
DISABLE_AUTH=true exposes server without authentication
Fix: Remove auth bypass flags and implement proper authentication
Ref: CWE-306, Missing Authentication
```
## TUI Interface
The interactive TUI provides:
- **📁 Welcome Screen** - Project overview and quick actions
- **🎯 Target Selection** - Browse and select MCP servers to scan
- **⚡ Live Scanning** - Real-time progress with visual feedback
- **📋 Results Dashboard** - Security assessment with color-coded findings
- **🔍 Finding Details** - In-depth vulnerability analysis with fix suggestions
- **📚 Rules Browser** - Explore and understand security rules
- **❓ Help System** - Built-in keyboard shortcuts and documentation
### TUI Navigation
- `q` or `Esc` - Quit/Go back
- `?` or `F1` - Toggle help
- `↑↓` or `j/k` - Navigate lists
- `Enter` - Select/Confirm
- `Tab` - Switch focus
- `s` - Start scan
- `r` - Browse rules/Rescan
## CLI Commands
### Interactive Mode
```bash
mcpsec tui # Launch TUI interface
mcpsec tui ./my-mcp-server # Launch with target selected
```
### Scanning
```bash
mcpsec scan ./my-mcp-server # Basic scan with table output
mcpsec scan ./server --output json # JSON output for CI/CD
mcpsec scan ./server --fail-below 80 # Exit with error if score < 80
```
### Rule Management
```bash
mcpsec rules list # Show all available rules
mcpsec rules info mcp-tool-injection-001 # Rule details
```
### Utilities
```bash
mcpsec doctor # System health check
mcpsec --version # Show version
mcpsec --help # Show help
```
## Documentation
- 🔧 CLI Reference: Run `mcpsec --help` for full command reference
- 🛡️ Security Rules: Run `mcpsec rules list` to see all available rules
- 🏗️ Architecture: See [CONTRIBUTING.md](CONTRIBUTING.md) for development details
## Contributing
We welcome contributions! Please see:
- 🤝 [Contributing Guide](CONTRIBUTING.md)
- 🐛 [Issue Templates](.github/ISSUE_TEMPLATE/)
- 🔒 [Security Policy](SECURITY.md)
- 📜 [Code of Conduct](CODE_OF_CONDUCT.md)
### Quick Development Setup
```bash
git clone https://github.com/augmnt/mcpsec
cd mcpsec
cargo build
cargo test
cargo run -- scan examples/vulnerable-mcp-typescript
# Test with Python FastMCP example
cargo run -- scan examples/vulnerable-mcp-python
```
## Community & Support
- 💬 [Discussions](https://github.com/augmnt/mcpsec/discussions) - Questions and ideas
- 🐛 [Issues](https://github.com/augmnt/mcpsec/issues) - Bug reports
- 🔒 [Security](SECURITY.md) - Vulnerability disclosure
## Language Support
### ✅ Currently Supported
- **Python** (FastMCP) - Full MCP-specific security rules
- **TypeScript/JavaScript** (@modelcontextprotocol/sdk) - Full MCP-specific security rules
### 🔄 Roadmap
- **Rust** - Community MCP implementations
- **Go** - Community MCP implementations
- **Java/Kotlin** - Enterprise MCP servers
- **C#/.NET** - Enterprise MCP implementations
> **Want to contribute?** See [CONTRIBUTING.md](CONTRIBUTING.md) for guidance on adding language support.
## Risk Assessment Scale
| 0-19 | CRITICAL | ❌ Do not use |
| 20-39 | HIGH | 🔴 High risk - fix issues first |
| 40-69 | MEDIUM | 🟠 Use with caution |
| 70-89 | LOW | ⚠️ Review issues before use |
| 90-100 | SAFE | ✅ Safe to use |
## License
Licensed under the [MIT License](LICENSE).
## Acknowledgments
- The MCP community for building awesome servers
- Security researchers who inspired this tool
- Contributors who make mcpsec better