Get the FREE Ultimate OpenClaw Setup Guide →

mcp -fuzzer

A generic mcp server fuzzer

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio agent-hellboy-mcp-server-fuzzer python -m mcp_fuzzer \
  --env PYTHONWARNINGS="ignore"

How to use

MCP Server Fuzzer is a comprehensive fuzzing tool designed to test MCP servers. It supports both tool-argument fuzzing and protocol-type fuzzing across multiple transport protocols, with built-in safety, asynchronous execution, and rich reporting. The tool can fuzz HTTP, SSE, and Stdio endpoints, generate diverse inputs using grammar- and black-box-based strategies, and export results in formats like JSON, CSV, HTML, and Markdown. Use the fuzzer to assess conformance to the MCP schema while uncovering robustness and safety gaps.

To use it, install the package (via PyPI or from source) and run the mcp_fuzzer CLI. You can fuzz a live server over HTTP, or test a local/stdio server by pointing the endpoint to a command that starts the server in the same process or container. The tool supports two-phase fuzzing, safety system options, and multiple output configurations, allowing you to tailor the run for production-like scenarios or rapid iteration during development.

How to install

Prerequisites:

  • Python 3.10+ installed on your system
  • pip (Python package manager)

Installation options:

  1. Install from PyPI (recommended): pip install mcp-fuzzer

  2. Install from source (includes MCP spec submodule): git clone --recursive https://github.com/Agent-Hellboy/mcp-server-fuzzer.git cd mcp-server-fuzzer

    If you cloned without submodules, initialize them:

    git submodule update --init --recursive pip install -e .

Validation:

  • Ensure the mcp_fuzzer command is available in PATH by running: mcp-fuzzer --help

Additional notes

Tips and common considerations:

  • The fuzzer supports safety features to prevent dangerous operations; enable or customize safety via CLI flags or config as needed.
  • For containerized usage, mount /output for reports, and provide /servers or appropriate endpoints depending on your protocol (HTTP, SSE, or Stdio).
  • When testing stdio servers, you can run the server inside the container and point the endpoint to the internal command (e.g., "python ./server.py" or "node server.js stdio").
  • Review exported reports to understand fuzzing coverage and safety summaries; JSON and HTML outputs are useful for CI integration and human review.
  • If running locally, ensure network access to target endpoints and consider running in two phases (realistic then aggressive) for balanced coverage.

Related MCP Servers

gaianet-node

5.0k

Install, run and deploy your own decentralized AI agent service

dexto

584

A coding agent and general agent harness for building and orchestrating agentic applications.

evo-ai

554

Evo AI is an open-source platform for creating and managing AI agents, enabling integration with different AI models and services.

automagik-genie

210

🧞 Automagik Genie – bootstrap, update, and roll back AI agent workspaces with a single CLI + MCP toolkit.

MCP-Checklists

186

MCP server from MCP-Manager/MCP-Checklists

mcpcat-python-sdk

46

MCPcat is an analytics platform for MCP server owners 🐱.

Sponsor this space

Reach thousands of developers