MCPScan - HackDB

Recent Category Tag Pricing Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

The Ultimate Directory for Offensive Security

Resources

Recent
Category

Home
Items
MCPScan

MCPScan

Offensive auditor for MCP servers. Detects RCE, tool poisoning, credential leaks, and SSRF across stdio, HTTP, and SSE transports.

Visit Website Share on X

image of MCPScan

Introduction

Information

Publisher
Admin
Websitegithub.com
Created date03/11/2026
Published date03/11/2026

Categories

AI Security

Tags

AI

More Resources

Listing

Pricing
FAQ
Submit

Pages

Home
Support
Sitemap
llms.txt

Company

About Us
Privacy Policy
Terms of Service

Copyright © 2026 All Rights Reserved.

image of Cygeniq

AI Security

Cygeniq

Cygeniq secures AI systems across their lifecycle with Hexashield AI, GRCortex AI, and CyberTiX AI.

image of Xygeni Security

AI SecurityApplication SecurityVulnerability IntelligenceInfrastructure Security

Xygeni Security

Xygeni is an AI-powered ASPM platform that secures the software supply chain by detecting malware, secrets, and vulnerabilities across CI/CD pipelines.

AI Static Analysis Vulnerability Intelligence OSINT API

image of OWASP AI Testing Guide

AI Security

OWASP AI Testing Guide

The OWASP AI Testing Guide provides a framework for assessing AI security, covering adversarial robustness, data poisoning, and privacy for AI systems.

Key Features

Scans Model Context Protocol (MCP) servers across stdio, HTTP, and SSE transports.
Detects 8 vulnerability categories including tool poisoning (Unicode/RTL overrides), RCE vectors, and SSRF.
Automated discovery of MCP configuration files for Claude Desktop, Cursor, and other AI clients.
Identifies credential leaks in tool metadata (AWS keys, Anthropic/OpenAI tokens, JWTs, and DB strings).
Supports terminal, JSON, and SARIF 2.1.0 output formats for CI/CD integration and GitHub Code Scanning.
Severity-based filtering and network sweeping for unauthenticated servers exposed on localhost.

Use Cases

Auditing third-party MCP tools for malicious behavior before integration into enterprise AI agent workflows.
Red teamers identifying remote command execution or data exfiltration paths in developer environments.
Pentesters sweeping internal networks for unauthenticated MCP servers exposed on 0.0.0.0.
Validating supply chain security for MCP modules and checking against known CVEs like CVE-2025-6514.