logo
Login
Cover image
该死的可vlynerable-MCP服务器
Private

该死的可vlynerable-MCP服务器

Try Now
22 小时前

该死的脆弱的MCP服务器

3 years

Works with Finder

782

Github Watches

40

Github Forks

782

Github Stars

Damn Vulnerable Model Context Protocol (DVMCP)

A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes.

Overview

The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors.

This project is intended for security researchers, developers, and AI safety professionals to learn about potential security issues in MCP implementations and how to mitigate them.

What is MCP?

The Model Context Protocol (MCP) is a standardized protocol that allows applications to provide context for Large Language Models (LLMs) in a structured way. It separates the concerns of providing context from the actual LLM interaction, enabling applications to expose resources, tools, and prompts to LLMs.

Recommended MCP Clients

CLINE - VSCode Extension refer this https://docs.cline.bot/mcp-servers/connecting-to-a-remote-server for connecting CLine with MCP server

getting started

once you have cloned the repository, run the following commands:

docker build -t dvmcp .
docker run -p 9001-9010:9001-9010 dvmcp

disclaimer

its not stable in windows environment if you don't want to docker please use linux environment I recommend Docker to run the LAB and I am 100% percent sure it works well in docker environment

Security Risks

While MCP provides many benefits, it also introduces new security considerations. This project demonstrates various vulnerabilities that can occur in MCP implementations, including:

  1. Prompt Injection: Manipulating LLM behavior through malicious inputs
  2. Tool Poisoning: Hiding malicious instructions in tool descriptions
  3. Excessive Permissions: Exploiting overly permissive tool access
  4. Rug Pull Attacks: Exploiting tool definition mutations
  5. Tool Shadowing: Overriding legitimate tools with malicious ones
  6. Indirect Prompt Injection: Injecting instructions through data sources
  7. Token Theft: Exploiting insecure token storage
  8. Malicious Code Execution: Executing arbitrary code through vulnerable tools
  9. Remote Access Control: Gaining unauthorized system access
  10. Multi-Vector Attacks: Combining multiple vulnerabilities

Project Structure

damn-vulnerable-mcs/
├── README.md                 # Project overview
├── requirements.txt          # Python dependencies
├── challenges/               # Challenge implementations
│   ├── easy/                 # Easy difficulty challenges (1-3)
│   │   ├── challenge1/       # Basic Prompt Injection
│   │   ├── challenge2/       # Tool Poisoning
│   │   └── challenge3/       # Excessive Permission Scope
│   ├── medium/               # Medium difficulty challenges (4-7)
│   │   ├── challenge4/       # Rug Pull Attack
│   │   ├── challenge5/       # Tool Shadowing
│   │   ├── challenge6/       # Indirect Prompt Injection
│   │   └── challenge7/       # Token Theft
│   └── hard/                 # Hard difficulty challenges (8-10)
│       ├── challenge8/       # Malicious Code Execution
│       ├── challenge9/       # Remote Access Control
│       └── challenge10/      # Multi-Vector Attack
├── docs/                     # Documentation
│   ├── setup.md              # Setup instructions
│   ├── challenges.md         # Challenge descriptions
│   └── mcp_overview.md       # MCP protocol overview
├── solutions/                # Solution guides
└── common/                   # Shared code and utilities

Getting Started

See the Setup Guide for detailed instructions on how to install and run the challenges.

Challenges

The project includes 10 challenges across three difficulty levels:

Easy Challenges

  1. Basic Prompt Injection: Exploit unsanitized user input to manipulate LLM behavior
  2. Tool Poisoning: Exploit hidden instructions in tool descriptions
  3. Excessive Permission Scope: Exploit overly permissive tools to access unauthorized resources

Medium Challenges

  1. Rug Pull Attack: Exploit tools that change their behavior after installation
  2. Tool Shadowing: Exploit tool name conflicts to override legitimate tools
  3. Indirect Prompt Injection: Inject malicious instructions through data sources
  4. Token Theft: Extract authentication tokens from insecure storage

Hard Challenges

  1. Malicious Code Execution: Execute arbitrary code through vulnerable tools
  2. Remote Access Control: Gain remote access to the system through command injection
  3. Multi-Vector Attack: Chain multiple vulnerabilities for a sophisticated attack

See the Challenges Guide for detailed descriptions of each challenge.

Solutions

Solution guides are provided for educational purposes. It's recommended to attempt the challenges on your own before consulting the solutions.

See the Solutions Guide for detailed solutions to each challenge.

Disclaimer

This project is for educational purposes only. The vulnerabilities demonstrated in this project should never be implemented in production systems. Always follow security best practices when implementing MCP servers.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

This project is created by Harish Santhanalakshmi Ganesan using cursor IDE and Manus AI.

相关推荐

LLM命令

LLM命令

  • sigoden

    • 使用普通的bash/javascript/python函数轻松创建LLM工具和代理。

    1 (1)
    Rulego

    Rulego

  • rulego

    • ⛓️Rulego是一种轻巧,高性能,嵌入式,下一代组件编排规则引擎框架。

    3.7 (10)
    minima

    minima

  • dmayboroda

    • 带有可配置容器的本地对话抹布

    3 (5)
    神经

    神经

  • evilsocket

    • 简单的代理开发套件。

    3.4 (5)
    快速代理

    快速代理

  • evalstate

    • 定义,提示和测试启用MCP的代理和工作流程

    5 (0)
    库布

    库布

  • kubb-labs

    • 使用API​​的最终工具包。

    2.9 (7)
    llm-search

    llm-search

  • snexus

    • 查询由LLM提供支持的本地文件

    5 (0)
    ai-infra-guard

    ai-infra-guard

  • Tencent

    • 全面,智能,易于使用和轻量级的AI基础架构漏洞发现和MCP服务器安全风险扫描工具。

    5 (0)
    nginx-ui

    nginx-ui

  • 0xJacky

    • nginx的另一个webui

    5 (0)
    Shippie

    Shippie

  • mattzcarey

    • 可扩展的代码审查代理🚢

    5 (0)

    Reviews

    2.3 (9)
    Avatar
    user_JWQFXqy1
    2025-04-23

    As a dedicated user of the MCP application, I must say that the damn-vulnerable-MCP-server by harishsg993010 is an invaluable resource for anyone looking to deeply understand and identify vulnerabilities. The setup process is straightforward, and the server offers a realistic environment for testing and learning. For security enthusiasts and professionals, this is a must-try tool!

    Avatar
    user_GQlzJrq2
    2025-04-23

    As a dedicated user of the damn-vulnerable-MCP-server created by harishsg993010, I'm truly impressed. This server provides an excellent platform for testing vulnerability and strengthening security measures in a real-world context. The seamless integration and user-friendly interface make it a valuable tool for both beginners and experts in cybersecurity. Highly recommended for leveraging its practical applications to improve security protocols effectively!

    Avatar
    user_fTHaC2Yt
    2025-04-23

    I recently tried the damn-vulnerable-MCP-server by harishsg993010, and it has been an eye-opener for security testing. It provides an excellent environment to practice various secure coding techniques and penetration testing skills. If you're serious about improving your server security knowledge, this tool is a must-have.

    Avatar
    user_7OVKvHDS
    2025-04-23

    The damn-vulnerable-MCP-server by harishsg993010 is an insightful and essential tool for MCP enthusiasts. Its robust vulnerability features make it an ideal platform for honing one's skills in a safe environment. The detailed documentation and easy-to-navigate interface further enhance the learning experience. Highly recommended for developers looking to improve their security expertise with MCP applications!

    Avatar
    user_QBYO4dpG
    2025-04-23

    I have been using the damn-vulnerable-MCP-server by harishsg993010, and it's an excellent tool for learning and testing security vulnerabilities. It provides a realistic environment for honing my skills in MCP application security. The setup is straightforward, and the welcoming information is helpful for starters. Highly recommended for anyone looking to improve their MCP security knowledge!

    Avatar
    user_hiAAb53i
    2025-04-23

    As a dedicated user of the damn-vulnerable-MCP-server by harishsg993010, I must say it's an exceptional tool for learning and testing my cybersecurity skills. The server's vulnerabilities provide a realistic environment to practice identifying and mitigating various security threats. Highly recommended for anyone looking to improve their MCP application hacking abilities!

    Avatar
    user_rCQCfGW6
    2025-04-23

    I recently tried the damn-vulnerable-MCP-server by harishsg993010 and found it absolutely amazing for security testing and learning purposes. The server's intentional vulnerabilities provide an excellent environment for honing your skills. Highly recommended for anyone looking to gain hands-on experience in identifying and exploiting server vulnerabilities!

    Avatar
    user_Dz1z9DwS
    2025-04-23

    As a dedicated user of the damn-vulnerable-MCP-server, I find it incredibly useful for testing and honing my cybersecurity skills. Created by harishsg993010, this tool provides a realistic environment to understand and address common vulnerabilities. It's a must-have for anyone serious about penetration testing and learning about security in an MCP context. Highly recommended!

    Avatar
    user_W4EZbyHb
    2025-04-23

    Damn-vulnerable-MCP-server is an incredible tool by harishsg993010 for those looking to test and enhance their MCP (Model-View-Controller) skills in a secure environment. The challenging yet insightful vulnerabilities presented in the server provide a practical way for users to learn and master their debugging and security skills. Highly recommended for developers and security enthusiasts!