pentesting s-checklist
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.
claude mcp add --transport stdio appsecco-pentesting-mcp-servers-checklist none
How to use
This repository provides a practical, community-driven checklist for pentesting MCP servers rather than a runnable MCP server itself. Use the included PDF checklist to guide field assessments of MCP-based tools, agents, and integrations. The checklist covers local and remote MCP server risks, traffic analysis, tool-call behaviors, context boundaries, authorization flows, and unsafe code paths. To leverage the content, open the PDF, review the itemized tests, and adapt the items to your target MCP deployment, ensuring you document findings and repeatability for repeated assessments.
How to install
Prerequisites:
- Access to the repository (clone or download the ZIP).
- A PDF viewer to read the checklist (PDF is available in the Downloads section).
Steps:
- Clone the repository: git clone https://github.com/appsecco/pentesting-mcp-servers-checklist.git
- Open the PDF checklist located at pentesting-mcp-servers-checklist-by-appsecco-v1.pdf (in the Downloads section of the README) to review structured test items.
- Optionally fork the repo and customize the checklist items for your team, then push changes back via PRs.
Note: This resource is intended for assessment planning and learning, not for running an MCP server instance.
Additional notes
Tips:
- The checklist emphasizes local vs remote MCP server checks, traffic analysis, and authorization boundaries. Use proxy tools to inspect STDIO and HTTP/MCP traffic.
- If you integrate this into a testing workflow, map each checklist item to a specific test plan, expected results, and evidence collection.
- The repository licenses the content under CC BY 4.0; attribution is required for adapted materials.
- Since there is no single runnable MCP server in this repo, the mcp_config is provided as a placeholder to align with the MCP documentation format.
Common issues:
- Misinterpreting checklist items as executable tests; ensure you have a testing environment and proper authorization before executing any checks against live systems.
- Treating the PDF as outdated; verify the PDF version against any referenced CHECKLIST.md for the latest items.
Related MCP Servers
mcp-for-beginners
This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workflows from session setup to service orchestration.
mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
MCP-Kali
MCP configuration to connect AI agent to a Linux machine.
vulnerable s-lab
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
compliant-llm
Build Secure and Compliant AI agents and MCP Servers. YC W23
MCP-Dandan
MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection
