mcpsec 0.3.0

Security scanner for Model Context Protocol (MCP) servers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

# mcpsec TUI Demo

## Interactive Features Demonstrated

### 1. Launch Interactive Mode
```bash
cargo run -- tui
```

**Features to try:**
- Welcome screen with system status
- Press `t` to select target directory
- Press `s` to start scan (if target selected)
- Press `r` to browse security rules
- Press `?` to view help with keyboard shortcuts

### 2. Launch with Pre-selected Target
```bash
cargo run -- tui examples/vulnerable-mcp-typescript/
```

**Demo Flow:**
1. **Welcome Screen**: Shows target is pre-selected ✅
2. **Press `s`**: Starts live scanning with progress bar
3. **Results View**: 
   - Color-coded severity levels (🔴 Critical, 🟠 High, 🟡 Medium, 🔵 Low)
   - Overall security score (0/100 - CRITICAL RISK for MCP servers)
   - Findings breakdown by severity (31+ findings for vulnerable MCP servers)
4. **Navigate Findings**: Use ↑↓ or j/k to navigate
5. **Press Enter**: View detailed finding information
6. **Finding Details**:
   - Complete vulnerability description
   - Code snippet highlighting
   - Fix suggestions
   - Reference links (CWE, OWASP)
   - Confidence level
7. **Press Backspace**: Return to results
8. **Press `r`**: Rescan to show live updates

### 3. Browse Security Rules
```bash
cargo run -- tui
# Then press 'r' for rules browser
```

**Features:**
- Interactive rules list
- Real-time rule details when navigating
- Rule severity, category, and description
- Examples of vulnerable vs safe code patterns

### 4. Built-in Help System
- Press `?` or `F1` from any screen
- Comprehensive keyboard shortcuts
- Context-sensitive help

## Key TUI Advantages

1. **🎨 Visual**: Beautiful color-coded interface
2. **⚡ Fast**: Real-time navigation without command retyping
3. **🔍 Interactive**: Drill down into findings instantly
4. **📚 Educational**: Browse rules and learn about security
5. **⌨️ Efficient**: Vim-like keyboard shortcuts
6. **📱 Responsive**: Adapts to terminal size

## Traditional CLI Still Available

All existing CLI functionality remains:
```bash
cargo run -- scan examples/vulnerable-mcp-typescript/ --output json
cargo run -- scan examples/vulnerable-mcp-python/ --output json
cargo run -- rules list
cargo run -- doctor
```

The TUI and CLI modes complement each other perfectly:
- **TUI**: Interactive exploration and analysis
- **CLI**: Automation, CI/CD, and scripting