appsecco/vulnerable-mcp-servers-lab
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
This collection provides deliberately vulnerable Model Context Protocol (MCP) servers for hands-on learning and demonstrations. Each server exposes a different type of security flaw, allowing you to practice identifying and exploiting vulnerabilities. It's designed for cybersecurity professionals and AI red teamers to understand risks in AI agent integrations and MCP server deployments.
235 stars.
Use this if you are a penetration tester or security researcher looking to develop practical skills in identifying and exploiting vulnerabilities within AI agent systems and MCP servers.
Not ideal if you are looking for secure, production-ready MCP server implementations or a general cybersecurity training lab unrelated to AI agent ecosystems.
Stars
235
Forks
39
Language
JavaScript
License
MIT
Category
Last pushed
Dec 18, 2025
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/appsecco/vulnerable-mcp-servers-lab"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
Wh0am123/MCP-Kali-Server
MCP configuration to connect AI agent to a Linux machine.
DMontgomery40/pentest-mcp
NOT for educational purposes: An MCP server for professional penetration testers including...
BurtTheCoder/mcp-shodan
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and...
cyproxio/mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like...
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...