mcp-security-sandbox
by SirAppSec
An experimental sandbox and lab for exploring MCP hosts, clients, and servers. It allows users to perform attacks against MCP servers and abuse LLMs.
Last updated: N/A
What is mcp-security-sandbox?
This is an experimental sandbox and lab environment designed to explore and test the security of MCP (Message Channel Protocol) implementations. It provides tools and resources to understand MCP hosts, clients, and servers, and to identify potential vulnerabilities.
How to use mcp-security-sandbox?
To use this sandbox, first install the necessary dependencies using uv install and create a virtual environment with uv venv. Activate the virtual environment and start the MCP server using uv run -- src/mcp-security-sandbox/mcp/github/server.py. Then, run the frontend using streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py. Ensure that Ollama is installed and its URL is configured in the Ollama client initializations.
Key features of mcp-security-sandbox
MCP server implementation (GitHub retrieval)
Integration with chat agent playground
Burp Suite MCP server interaction
Frontend with Streamlit
Malicious server creation
Use cases of mcp-security-sandbox
Exploring MCP server vulnerabilities
Testing MCP client security
Developing and testing MCP attack strategies
Abusing LLMs through MCP
Security research and experimentation
FAQ from mcp-security-sandbox
What is MCP?
What is MCP?
MCP stands for Message Channel Protocol. It's a protocol used for communication between different components in a system.
What is Ollama?
What is Ollama?
Ollama is a tool that allows you to run open-source large language models locally.
How do I install Ollama?
How do I install Ollama?
Refer to the Ollama documentation for installation instructions.
How do I configure the Ollama API URL?
How do I configure the Ollama API URL?
The Ollama API URL needs to be set in the Ollama client initializations within the code.
What kind of attacks can be performed in this sandbox?
What kind of attacks can be performed in this sandbox?
The sandbox allows for various attacks against MCP servers, including exploiting vulnerabilities and abusing LLMs.