appsecco/vulnerable-mcp-servers-lab

A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.

44
/ 100
Emerging

Includes nine modular vulnerable servers demonstrating distinct attack vectors: path traversal, indirect prompt injection (via stdio and remote HTTP+SSE), unsafe code evaluation, instruction injection, supply-chain typosquatting, outdated dependencies, and secrets leakage. Each server runs independently with stdio or HTTP transport, integrates with Claude Desktop via `claude_config.json` snippets, and includes runnable exploitation demonstrations. Designed for isolated lab environments to train red teamers on MCP integration risks and untrusted tool/content handling in AI agent workflows.

235 stars.

No Package No Dependents
Maintenance 6 / 25
Adoption 10 / 25
Maturity 9 / 25
Community 19 / 25

How are scores calculated?

Stars

235

Forks

39

Language

JavaScript

License

MIT

Category

security-testing-mcp

Last pushed

Dec 18, 2025

Commits (30d)

0

GitHub
Security Testing MCP · 268 servers

Get this data via API

curl "https://pt-edge.onrender.com/api/v1/quality/mcp/appsecco/vulnerable-mcp-servers-lab"

Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.

Higher-rated alternatives

0x4m4/hexstrike-ai

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...

66

panther-labs/mcp-panther

Write detections, investigate alerts, and query logs from your favorite AI agents

60

duriantaco/skylos

High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security...

60

msaad00/agent-bom

Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime...

60

Wh0am123/MCP-Kali-Server

MCP configuration to connect AI agent to a Linux machine.

60

Explore MCP Servers

All categories Trending MCP Server directory Insights