Name: appsecco/vulnerable-mcp-servers-lab
Rating: 20.1 (1 reviews)

appsecco/vulnerable-mcp-servers-lab

Score: 20.1 Rank #12997

A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.

Overview

appsecco/vulnerable-mcp-servers-lab is a JavaScript MCP server licensed under MIT. A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers. Topics: ai-red-teaming, ai-research, hacking, mcp, mcp-client, mcp-server, pentesting, vulnerable-labs, appsecco, bugbounty, learning-pentesting.

Ranked #12997 out of 25632 indexed tools.

Ecosystem

JavaScript MIT

ai-red-teamingai-researchhackingmcpmcp-clientmcp-serverpentestingvulnerable-labsappseccobugbountylearning-pentesting

Signal Breakdown

Stars 238

Freshness 2mo ago

Issue Health 0%

Contributors 1

Dependents 0

Forks 39

Description Good

License MIT

How to Improve

Description low impact

Expand your description to 150+ characters for better discoverability

Freshness high impact

Last commit was 88 days ago — a recent commit would boost your freshness score

Issue Health high impact

You have 1 open vs 0 closed issues — triaging stale issues improves health

Badge

AgentRank score for appsecco/vulnerable-mcp-servers-lab

Markdown

[![AgentRank](https://agentrank-ai.com/api/badge/tool/appsecco--vulnerable-mcp-servers-lab)](https://agentrank-ai.com/tool/appsecco--vulnerable-mcp-servers-lab)

HTML

<a href="https://agentrank-ai.com/tool/appsecco--vulnerable-mcp-servers-lab"><img src="https://agentrank-ai.com/api/badge/tool/appsecco--vulnerable-mcp-servers-lab" alt="AgentRank"></a>

Details

Stars: 238
Forks: 39
Open Issues: 1
Closed Issues: 0
Contributors: 1
Dependents: —
Language: JavaScript
License: MIT
Last Commit: 2mo ago

Matched Queries

"mcp server""mcp-server"

From the README

Vulnerable MCP Servers Lab
==========================

This repository contains **intentionally vulnerable** implementations of Model Context Protocol (MCP) servers (both local and remote). Each server lives in its own folder and includes a dedicated `README.md` with full details on **what it does**, **how to run it**, and **how to demonstrate/attack the vulnerability**.

**Do not run any of this outside a controlled lab environment.**

## What this repo is for

- **Security training / research** into common MCP server and tool-integration failure modes.
- **Hands-on demos** of how vulnerable MCP servers can lead to data exposure, instruction injection, supply-chain compromise, and code execution.

## Safety / lab guidance

- **Use a disposable VM/container** and avoid using real secrets or personal data.
- Prefer running on an **isolated network**; several servers make outbound network calls.
- Treat **all tool output and retrieved content as untrusted data**.
- If you expose any serv

Read full README on GitHub →

View on GitHub →

Are you the maintainer? Claim this listing