A comprehensive security testing framework for analyzing Model Context Protocol (MCP) server implementations. Automatically executes MCP servers in isolated Docker containers while capturing and analyzing network traffic to detect security vulnerabilities including data exfiltration, unauthorized access, command injection, and privilege escalation.
MCP Security Analyzer helps security teams and developers validate the security posture of MCP server implementations by:
- Automated Testing: Run predefined security test scenarios against any MCP server
- Network Monitoring: Capture and analyze all network traffic during execution
- Threat Detection: Identify suspicious patterns, sensitive data exposure, and unauthorized access
- AI-Powered Analysis: Optional Claude API integration for intelligent threat assessment
- Comprehensive Reports: Generate detailed security reports in HTML, JSON, and CSV formats
- Pre-configured security use cases (file access, data exfiltration, command injection, privilege escalation)
- MCP protocol method testing (tools/call, resources/list, prompts/list)
- Sensitive data pattern detection (credentials, API keys, PII)
- Path traversal and command injection detection
- Sandboxed execution environment with resource limits
- Network isolation and monitoring
- Automatic cleanup of containers and resources
- Deep packet inspection with Scapy
- Connection analysis and payload inspection
- Claude AI-powered threat assessment (optional)
- Multi-format reporting (HTML, JSON, CSV)
- No complex tool definitions required
- Pass MCP server command directly
- Choose from predefined security test scenarios
- Get actionable security reports
- Python: 3.9 or higher
- Docker: Docker Engine running (tested with Docker 20.10+)
- Network: Packet capture capabilities (libpcap on Linux/macOS, WinPcap/Npcap on Windows)
- Resources: Minimum 4GB RAM, 10GB disk space
- ✅ Linux: Ubuntu 20.04+, RHEL 8+, CentOS 8+, Debian 11+
- ✅ macOS: 10.15 (Catalina) or higher
- ✅ Windows: Windows 10+ with WSL2 (recommended) or native with limitations
sudo apt-get update
sudo apt-get install -y python3 python3-pip docker.io libpcap-dev tcpdump
sudo systemctl start docker
sudo usermod -aG docker $USER# Install Homebrew if not already installed
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install dependencies
brew install python@3.9
brew install libpcap
brew install --cask docker
# Start Docker Desktop
open -a Docker# Install WSL2 and Ubuntu
wsl --install
# Inside WSL2, follow Ubuntu instructions above# Clone the repository
git clone https://github.com/yair4data/mcp-security-analyzer.git
cd mcp-security-analyzer
# Create virtual environment
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -e .# Check Docker is running
docker version
# Verify analyzer installation
mcp-security-analyzer --versionFor AI-powered threat analysis:
export CLAUDE_API_KEY="your-anthropic-api-key"
# Or add to ~/.bashrc or ~/.zshrc for persistenceGet your API key from: https://console.anthropic.com/
# 1. Copy example configuration
cp config/simple-usecases.yaml config/my-config.yaml
# 2. Run security inspection
mcp-security-analyzer --config config/my-config.yaml inspect \
"npx -y @modelcontextprotocol/server-filesystem /tmp" \
--use-case basic_security_scan
# 3. View report
open ./mcp_analysis/security_report.htmlTest any MCP server with predefined security scenarios:
# Run specific security test
mcp-security-analyzer inspect \
"npx -y @modelcontextprotocol/server-filesystem /tmp" \
--use-case sensitive_file_access
# Run all available security tests
mcp-security-analyzer inspect \
"python my_mcp_server.py"
# Custom output directory
mcp-security-analyzer inspect \
"node mcp-server.js" \
--use-case data_exfiltration \
--output ./security_reportsexport CLAUDE_API_KEY="your-key"
mcp-security-analyzer inspect \
"npx -y @modelcontextprotocol/server-brave-search" \
--use-case basic_security_scanmcp-security-analyzer inspect \
"python server.py" \
--use-case command_injection \
--no-aiThe tool includes 5 pre-configured security test scenarios:
| Use Case | Description | Test Actions | Duration |
|---|---|---|---|
basic_security_scan |
Overview of server capabilities | 3 | ~2 min |
sensitive_file_access |
File permission testing | 3 | ~3 min |
data_exfiltration |
Data theft scenarios | 2 | ~3 min |
command_injection |
Injection vulnerability testing | 2 | ~2 min |
privilege_escalation |
Privilege escalation attempts | 2 | ~2 min |
# Test filesystem server
mcp-security-analyzer inspect \
"npx -y @modelcontextprotocol/server-filesystem /tmp" \
--use-case sensitive_file_access
# Test GitHub server
mcp-security-analyzer inspect \
"npx -y @modelcontextprotocol/server-github" \
--use-case basic_security_scan
# Test Brave Search server
mcp-security-analyzer inspect \
"npx -y @modelcontextprotocol/server-brave-search" \
--use-case data_exfiltrationmcp-security-analyzer inspect \
"python /path/to/my_mcp_server.py" \
--use-case basic_security_scan \
--output ./my_server_analysisAfter running an analysis, you'll find:
mcp_analysis/
├── security_report.html # Interactive HTML report (open in browser)
├── security_report.json # Machine-readable JSON data
├── findings.csv # Tabular security findings
└── mcp_traffic.pcap # Network traffic capture (for deep analysis)
HTML Report includes:
- ✅ Executive Summary
- ✅ Inspector Execution Results
- ✅ Network Traffic Analysis
- ✅ Security Findings by Severity (Critical/High/Medium/Low)
- ✅ AI-Powered Threat Analysis (if enabled)
- ✅ Remediation Recommendations
- 🔴 Critical: Immediate security threats (e.g., credential exposure, RCE)
- 🟠 High: Significant risks (e.g., unauthorized file access, SQLi)
- 🟡 Medium: Moderate concerns (e.g., information disclosure)
- 🟢 Low: Minor issues (e.g., verbose error messages)
Create config/my-config.yaml:
# Use cases (test scenarios)
use_cases:
- name: 'basic_security_scan'
description: 'Basic security checks'
tools: [] # No tool definitions needed!
test_actions:
- method: 'tools/list'
timeout: 30
- method: 'resources/list'
timeout: 30
expected_threats:
- 'Unexpected tool exposure'
duration: 120
# Optional: Claude AI settings
claude:
api_key: null # Set via CLAUDE_API_KEY environment variable
# Optional: Network monitoring
network:
interface: 'any'
max_packets: 50000
# Optional: Docker settings
docker:
memory_limit: '1024m'
cpu_limit: '1.0'Add custom security tests to your configuration:
use_cases:
- name: 'my_custom_test'
description: 'Custom security test scenario'
tools: []
test_actions:
# List available tools
- method: 'tools/list'
timeout: 30
# Call specific tool
- method: 'tools/call'
tool_name: 'read_file'
arguments:
path: '/etc/passwd'
timeout: 30
# List resources
- method: 'resources/list'
timeout: 30
expected_threats:
- 'Unauthorized file access'
- 'Sensitive data exposure'
duration: 180tools/list- List all available toolstools/call- Execute a specific tool with argumentsresources/list- List available resourcesresources/read- Read a specific resourceprompts/list- List available promptsprompts/get- Get a specific prompt template
┌─────────────────────────────────────────────────────────────┐
│ MCP Security Analyzer CLI │
└──────────────────────┬──────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ SimpleMCPOrchestrator │
│ • Coordinates security testing workflow │
│ • Manages Docker lifecycle │
│ • Synchronizes packet capture with execution │
└──────────┬────────────────────┬──────────────────┬──────────┘
│ │ │
▼ ▼ ▼
┌──────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ SimpleMCPInspector│ │ PacketCapture │ │ ClaudeAnalyzer │
│ • Runs MCP │ │ • Network │ │ • AI-powered │
│ Inspector │ │ monitoring │ │ threat │
│ • Executes tests │ │ • Deep packet │ │ analysis │
│ • Parses results │ │ inspection │ │ • Remediation │
└──────────────────┘ └─────────────────┘ └─────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Docker Container │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ MCP Inspector (Official Tool) │ │
│ │ • Protocol-compliant MCP client │ │
│ │ • Executes user's MCP server │ │
│ │ • Captures all MCP interactions │ │
│ └────────────────────────────────────────────────────────┘ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ User's MCP Server │ │
│ │ • Filesystem server, API client, database, etc. │ │
│ └────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Security Reporter │
│ • Generates HTML/JSON/CSV reports │
│ • Severity classification │
│ • Remediation recommendations │
└─────────────────────────────────────────────────────────────┘
# Run all tests
pytest
# Run with coverage
pytest --cov=src --cov-report=html
# Run specific test module
pytest tests/core/inspector/test_inspector_config.py -v
# Run integration tests (requires Docker)
pytest -m integration# Format code
black src tests
# Sort imports
isort src tests
# Lint
flake8 src tests
# Type checking
mypy srcError: Cannot connect to Docker daemon
Solution: Start Docker and verify with `docker version`
Error: Permission denied when capturing packets
Solution: Run with sudo or add user to docker group
Error: Use case 'my-test' not found in configuration
Solution: Check config file has the use case defined, or use example config:
cp config/simple-usecases.yaml config/my-config.yaml
Error: AI analysis failed: API key not configured
Solution: Set environment variable:
export CLAUDE_API_KEY="your-key"
Or disable AI: --no-ai
Error: npx command not found in container
Solution: Ensure the Docker image includes Node.js and npm
- MCP Specification: https://modelcontextprotocol.io/
- MCP Inspector: https://github.com/modelcontextprotocol/inspector
- Anthropic Claude API: https://www.anthropic.com/api
- Docker Documentation: https://docs.docker.com/
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Add tests for new functionality
- Ensure all tests pass (
pytest) - Run code quality checks (
black,isort,flake8,mypy) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is designed for defensive security testing only. Please use responsibly and only on systems you have permission to test. Report security vulnerabilities privately to the project maintainers.
- Anthropic for Claude API
- Model Context Protocol for the MCP specification
- MCP Inspector for the official testing tool
- Scapy for packet manipulation and analysis
- Docker for containerization technology
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Made with ❤️ for the security community