Скачать или смотреть We Built 9 Vulnerable MCP Servers So You Can Learn to Hack Them

We're releasing a free, open-source lab environment with 9 intentionally vulnerable MCP servers for learning MCP security testing.

Each server comes with detailed setup instructions and attack walkthroughs. No guesswork, just hands-on practice.

What's inside

9 vulnerable MCP servers (Node.js & Python)
Local and remote MCP server configurations
Step-by-step exploitation guides

Vulnerabilities covered

📌 File system boundary manipulation
📌 Indirect prompt injection (local & remote)
📌 Eval-based RCE
📌 Malicious tools & typo squatting
📌 Supply chain attacks
📌 PII exposure
📌 Public content injection → prompt injection

This lab aligns with our BSides London MCP Security workshop material.

Watch Part 1 of the workshop    • Hacking & Pentesting MCP Servers | BSides ...  

Get notified when we release
→ LinkedIn:   / appsecco  
→ GitHub: https://github.com/appsecco
→ Subscribe to this channel

Built by Appsecco. We've been pentesting MCP servers since the protocol launched.

#MCPSecurity #AIAgentSecurity #PenetrationTesting #OpenSource #CyberSecurity #RedTeam #redteaming