damn-vulnerable-MCP-server

damn-vulnerable-MCP-server

A deliberately vulnerable MCP server for educational purposes, demonstrating security vulnerabilities.

MCPDevOpen source
Type
MCP
Transport
http
Open source
Yes
GitHub Stars
★ 1.3k
Source
mcp-github

Overview

Damn Vulnerable MCP Server is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 progressively challenging tasks that showcase various types of security flaws and attack vectors. The project is suitable for security researchers, developers, and AI security professionals to understand potential security issues in MCP implementations and their mitigation strategies. Run via Docker, recommended to connect using the CLINE VSCode extension.

Capabilities

  • Demonstrate prompt injection vulnerabilities
  • Demonstrate tool poisoning vulnerabilities
  • Demonstrate privilege escalation vulnerabilities
  • Demonstrate Rug Pull attacks
  • Demonstrate tool shadowing attacks
  • Demonstrate indirect prompt injection

Use cases

Security trainingVulnerability researchAI security testing

Setup

Requires: DockerLinux环境
docker build -t dvmcp .\data && docker run -p 9001-9010:9001-9010 dvmcp

This information was compiled by AI from public sources and may contain inaccuracies — please refer to the source.

FAQ

Who is this project for?

Suitable for security researchers, developers, and AI security professionals.

How do I run this project?

Build and run the container using Docker.

Related skills