mcp-security-sandbox
by SirAppSec
An experimental sandbox and lab for exploring MCP hosts, clients, and servers. It allows users to perform attacks against MCP servers and abuse LLMs.
View on GitHub
Last updated: N/A
mcp-security-sandbox
An experimental sandbox and a lab to explore mcp hosts, mcp clients, and mcp servers. Perform attacks agaisnt mcp servers and abuse LLMs
Preview
MCP Aware Chat - retrieval
This repository defines an MCP server(github retrieval), and integrate it into a chat agent playground.
image
Burp Suite MCP Server
Use to chain and interact with multiple MCP servers, in this example, we've enabled intercept and performed a revtrieval using the github tool to describe this repository!
image
Quick Start
to start the frontend:
uv install
uv venv
source .venv/bin/activate
# Start he MCP serer
uv run -- src/mcp-security-sandbox/mcp/github/server.py
streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py
make sure you install ollama, and set it's url in the ollama client initializations
Roadmap
- [x] use the environment to setup the ollama api
- [x] integrate mcp into the chat context(currently it's history aware only)
- [x] Allow for streamlit pages/navigation
- [x] unify streamlit server(s) to initiate all of the frontend once
- [x] add more mcp servers
- [ ] allow for dynamically loading of mcp servers
- [x] create a malicious server
- [ ] perfrom mcp attacks and poc vulnerabilities