Testing MCP Servers for Security Vulnerabilities with Mcpwn

What is Mcpwn

Mcpwn is a security scanner specifically designed for Model Context Protocol (MCP) servers. Unlike traditional tools that focus on crashes, it analyzes server responses to identify real attack traces, detecting remote code execution (RCE), path traversal, and prompt injection vulnerabilities.

Installing Mcpwn

First, clone the repository from GitHub:

git clone https://github.com/Teycir/Mcpwn.git

After installation, run the help command to verify the tool and view available options:

./mcpwn.py --help

Understanding Mcpwn's Detection Capabilities

Mcpwn looks for genuine attack indicators rather than relying on crashes or error messages.

Remote Code Execution detection: It sends payloads such as id or whoami and checks the response for strings like uid=1000 or root:x:0:0 to confirm command execution.

Path Traversal detection: It attempts to access files outside the authorized directory using sequences like ../../../etc/passwd. Successful traversal requires at least two specific markers to reduce false positives.

Running the First Security Scan

Scan public MCP servers using the basic command format:

./mcpwn.py npx -y <target>

The output categorises findings into "capability verification bypass" and "capability denial of service". For faster scans, the --quick mode shortens request timeout from 10 seconds to 5 seconds and stops after the first tool‑injection vulnerability is discovered, since RCE is typically the most critical issue. ./mcpwn.py --quick npx -y <target> To focus exclusively on RCE, add the --rce-only flag:

./mcpwn.py --quick --rce-only npx -y <target>

In the example, no RCE vulnerability was found. The guide then switches to testing a custom Python MCP server and a Node.js MCP server:

./mcpwn.py --quick python3 <target>

python3 mcpwn.py node <target>

Conclusion

The article demonstrates installing Mcpwn and effectively using it to assess MCP server security. As AI agents become more capable and MCP deployments increase, the attack surface expands dramatically. Integrating security testing into the MCP development workflow is essential to stay ahead of emerging threats.