Mcpsecurity
What is Mcpsecurity
mcpsecurity is an intentionally vulnerable MCP (Model Context Protocol) application designed for security research, specifically to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities.
Use cases
Use cases for mcpsecurity include testing for SQL Injection vulnerabilities, practicing Remote Code Execution techniques, and training security professionals in identifying and mitigating security flaws.
How to use
To use mcpsecurity, clone the repository from GitHub, navigate to the project directory, and run the application using Docker Compose. Ensure it is only used in isolated environments, such as CTFs or research labs.
Key features
Key features include LLM-based decision logic for command routing, native execution of SQL and terminal commands, an auto-initializing SQLite database with sample data, and simple, pluggable JSON-RPC methods.
Where to use
mcpsecurity is suitable for use in security research, penetration testing, Capture The Flag (CTF) competitions, and educational environments focused on cybersecurity.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Mcpsecurity
mcpsecurity is an intentionally vulnerable MCP (Model Context Protocol) application designed for security research, specifically to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities.
Use cases
Use cases for mcpsecurity include testing for SQL Injection vulnerabilities, practicing Remote Code Execution techniques, and training security professionals in identifying and mitigating security flaws.
How to use
To use mcpsecurity, clone the repository from GitHub, navigate to the project directory, and run the application using Docker Compose. Ensure it is only used in isolated environments, such as CTFs or research labs.
Key features
Key features include LLM-based decision logic for command routing, native execution of SQL and terminal commands, an auto-initializing SQLite database with sample data, and simple, pluggable JSON-RPC methods.
Where to use
mcpsecurity is suitable for use in security research, penetration testing, Capture The Flag (CTF) competitions, and educational environments focused on cybersecurity.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Vulnerable MCP Server
This project is an intentionally vulnerable MCP (Model Context Protocol) app, designed for security research.
DO NOT use in production environments.
It executes raw SQL and system commands with no authentication or restrictions.
⚙️ MCP SERVER
A command execution server that combines:
- FastAPI for the HTTP interface
- SQLite as a persistent database
- Ollama LLM to interpret natural language queries
- JSON-RPC as the main API protocol
This system routes natural language input to either SQL queries or shell commands, using a locally running LLM via Ollama.
Built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities
via FastAPI, JSON-RPC, and LLM-based decision logic.
⚙️ WARNING: Security Notice
This app is intentionally insecure:
- ❗ No authentication or access control
- ❗ Accepts and executes raw SQL queries and shell commands
- ❗ No input validation
- ❗ LLM responses are blindly executed
Use only in isolated environments, CTFs, or research labs.
⚙️ Features
- LLM-based decision logic for command routing (SQL or CLI)
- Native execution of SQL and terminal commands
- Auto-initializing SQLite database with sample data
- Simple, pluggable JSON-RPC methods
- Vulnerable by design — suitable for offensive/defensive testing
⚙️ Installation
git clone https://github.com/your-repo/mcp-vulnerable-app.git
cd mcp-vulnerable-app
docker-compose up --build
docker network connect mcplab ollama
docker network connect mcplab mcp_internal
docker network connect mcplab mcp_remote
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
