Mcp Security Sandbox
What is Mcp Security Sandbox
mcp-security-sandbox is an experimental sandbox and lab designed for exploring MCP hosts, clients, and servers. It allows users to perform attacks against MCP servers and experiment with various vulnerabilities in a user-friendly environment.
Use cases
Use cases include testing the security of MCP servers, experimenting with LLMs in chat applications, and demonstrating vulnerabilities in a safe environment for educational purposes.
How to use
To use mcp-security-sandbox, start by setting up the frontend by installing the necessary dependencies and activating the virtual environment. Then, run the MCP server and the frontend application using the provided commands.
Key features
Key features include the ability to explore and interact with multiple MCP servers, perform attacks, and abuse LLMs in a controlled environment. It also supports integration with tools like Burp Suite for enhanced functionality.
Where to use
mcp-security-sandbox can be used in cybersecurity research, vulnerability assessment, and educational settings where users can learn about security practices and test various attack vectors.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Mcp Security Sandbox
mcp-security-sandbox is an experimental sandbox and lab designed for exploring MCP hosts, clients, and servers. It allows users to perform attacks against MCP servers and experiment with various vulnerabilities in a user-friendly environment.
Use cases
Use cases include testing the security of MCP servers, experimenting with LLMs in chat applications, and demonstrating vulnerabilities in a safe environment for educational purposes.
How to use
To use mcp-security-sandbox, start by setting up the frontend by installing the necessary dependencies and activating the virtual environment. Then, run the MCP server and the frontend application using the provided commands.
Key features
Key features include the ability to explore and interact with multiple MCP servers, perform attacks, and abuse LLMs in a controlled environment. It also supports integration with tools like Burp Suite for enhanced functionality.
Where to use
mcp-security-sandbox can be used in cybersecurity research, vulnerability assessment, and educational settings where users can learn about security practices and test various attack vectors.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
mcp-security-sandbox
An experimental sandbox and a lab to explore mcp hosts, mcp clients, and mcp servers. Perform attacks agaisnt mcp servers and abuse LLMs
Preview
MCP Aware Chat - retrieval
This repository defines an MCP server(github retrieval), and integrate it into a chat agent playground.
Burp Suite MCP Server
Use to chain and interact with multiple MCP servers, in this example, we’ve enabled intercept and performed a revtrieval using the github tool to describe this repository!
note: install Burps MCP Server first
Quick Start
to start the frontend:
uv install uv venv source .venv/bin/activate # Start he MCP serer uv run -- src/mcp-security-sandbox/mcp/github/server.py streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py
make sure you install ollama, and set it’s url in the ollama client initializations
Roadmap
- [x] use the environment to setup the ollama api
- [x] integrate mcp into the chat context(currently it’s history aware only)
- [x] Allow for streamlit pages/navigation
- [x] unify streamlit server(s) to initiate all of the frontend once
- [x] add more mcp servers
- [ ] allow for dynamically loading of mcp servers
- [x] create a malicious server
- [ ] perfrom mcp attacks and poc vulnerabilities
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
