Welcome back, aspiring cyberwarriors!
More and more AI applications are using Model Context Protocol (MCP) servers, which let AI agents handle files, run commands, and get access to sensitive information. But with that comes some serious security risks.
The usual security scanners don’t look for issues with this protocol, leaving a big hole in our defenses. It gets even more problematic since MCP servers usually have top-level permissions and can access crucial system resources. If an AI agent connects to a compromised MCP server, it opens the door for attackers to not only mess with the server but also with any system the agent links up to. This can set off a domino effect where one small vulnerability risks the whole infrastructure.
In this article, we’ll dive into a tool that’s meant to help us spot vulnerabilities in MCP servers. Let’s get rolling!
What is Mcpwn
Mcpwn is a security scanner designed to identify vulnerabilities in Model Context Protocol servers. Unlike traditional security tools that primarily focus on system crashes and memory issues, Mcpwn analyzes how servers respond to detect signs of successful attacks. It can uncover a range of security problems, including remote code execution through command injection, path traversal weaknesses in file handling, and risks associated with prompt injection.
Step #1: Installing Mcpwn on Your System
Clone the Mcpwn repository from GitHub with the following command:
kali> git clone https://github.com/Teycir/Mcpwn.git
To verify that everything is working correctly, let’s run the help command to see all available options:
kali> ./mcpwn.py –help
Mcpwn is now installed and ready to start hunting for vulnerabilities.
Step #2: Understanding Mcpwn’s Detection Capabilities
Before we start scanning actual MCP servers, let’s try to understand what Mcpwn is looking for and how it finds vulnerabilities.
Mcpwn detects vulnerabilities by seeking actual signs instead of relying on crashes or errors. For remote code execution, it sends payloads like id or whoami and checks for patterns such as “uid=1000” or “root:x:0:0” to confirm command execution is possible. In path traversal detection, it attempts to access files outside intended directories using sequences like “../../../etc/passwd”. Successful access is confirmed with specific markers, requiring at least two to minimize false positives.
Step #3: Running Your First Security Scan
Let’s run our first scan against a real MCP server. For this tutorial, I’ll use different public MCP servers from the NPM registry.
The basic command structure is straightforward:
kali> ./mcpwn.py npx -y
In this case, Mcpwn outputs capability validation bypass and capability DoS. Not bad results, but sometimes we don’t need a comprehensive audit, and in these situations, we can use a quick flag. Quick mode makes two significant changes to the scanning process. First, it reduces the timeout for each request from the default 10 seconds down to just 5 seconds. Second, and more importantly, quick mode stops as soon as it finds the first tool injection vulnerability. Since tool injection leading to remote code execution is typically the most severe vulnerability type, finding one is often sufficient to determine that a server needs immediate attention.
kali> ./mcpwn.py –quick npx -y
To make the scan even faster, we can use the –rce-only flag to focus exclusively on remote code execution vulnerabilities:
kali> ./mcpwn.py –quick –rce-only npx -y
In this case, we didn’t find any RCE (Remote Code Execution) vulnerabilities. Therefore, let’s transition from using a public MCP server to one that you could develop on your own. For example, if you have a Python-based MCP server, you can test it using the following command:
kali > ./mcpwn.py –quick python3
For a Node.js server, you would use:
kali > python3 mcpwn.py node
Summary
In this article, we explored how to install Mcpwn and how to use it effectively. As AI agents become more advanced and the number of MCP servers increases, the attack surface expands significantly. To stay ahead of potential threats, it’s important to make security testing a standard component of your MCP development workflow.
Source: HackersArise
Source Link: https://hackers-arise.com/artificial-intelligence-in-cybersecurity-part-9-how-to-test-mcp-servers-for-security-vulnerabilities/