A deliberately insecure MCP server for security testing, scanner validation, and education. 10 vulnerabilities across all MCP attack categories.
Live: dvmcp.co.uk
docker pull razas/dvmcp
docker run -p 3001:3001 razas/dvmcpVerify: sha256:fd3c41f4c44dd31b62fe9e963d48f5977d38a937d7caba66913719618cf66c27
Then visit http://localhost:3001
| # | Category | Vulnerability |
|---|---|---|
| MCP-01 | Tool Integrity | Tool definition tampering (rug pull) |
| MCP-02 | Authentication | Missing auth on sensitive tools |
| MCP-03 | Tool Poisoning | Hidden instructions in descriptions |
| MCP-04 | Supply Chain | Dependency confusion |
| MCP-05 | Input Validation | Command injection via arguments |
| MCP-06 | Excessive Permissions | Admin tools exposed to all |
| MCP-07 | Error Handling | Stack traces in responses |
| MCP-08 | SSRF | Server-side request forgery |
| MCP-09 | Rate Limiting | No rate limiting |
| MCP-10 | Verbose Errors | Internal paths leaked |
- Security scanner validation (ZAP, Cybersecify, custom scanners)
- MCP security training and education
- CIS MCP Benchmark testing
- Red team / blue team exercises
- OWASP MCP Top 10 learning
BSL 1.1 -- Educational and security training use only. Commercial use requires Pro license. Contact: contact@agentsign.dev
CyberSecAI Ltd | cybersecai.co.uk | Raza Sharif