detect exposed mcp servers over the internet and enumerate their tools
Overview
What is MCP Server Scanner?
MCP Server Scanner is a tool designed to detect exposed MCP servers over the internet and enumerate their available tools. It serves as a prototype for testing hypotheses regarding the security of these servers.
How to use MCP Server Scanner?
To use the MCP Server Scanner, provide the base HTTP URL of the MCP server along with an optional timeout parameter. The command format is:
./mcp-scanner -url http://REDACTED -timeout 5
Key features of MCP Server Scanner?
- Detects MCP servers running over Server-Sent Events (SSE).
- Enumerates available tools on the detected servers.
- Provides insights into the security measures implemented by the servers.
Use cases of MCP Server Scanner?
- Identifying internet-exposed MCP servers for security assessments.
- Testing the implementation of security measures on MCP servers.
- Researching the capabilities of various MCP servers.
FAQ from MCP Server Scanner?
- Is MCP Server Scanner production-ready?
No, it is a quick prototype and not intended for production use.
- What programming language is used for MCP Server Scanner?
The tool is developed in Go.
- Can it detect all types of MCP servers?
It is designed to detect MCP servers that utilize Server-Sent Events (SSE).