damn-vulnerable

Damn Vulnerable MCP (DVMCP) is a deliberately vulnerable educational MCP server designed to illustrate common security pitfalls and attack vectors across the MCP framework. It hosts 10 challenges spanning easy to hard difficulties, each focusing on a different class of vulnerability such as prompt injection, tool poisoning, permission abuse, rug pull behavior, tool shadowing, indirect prompt injection, token theft, malicious code execution, remote access, and multi-vector attacks. You can connect to this MCP server using any MCP client (for example CLINE or other MCP-compatible clients) and explore the provided challenges to observe how LLMs interact with potentially unsafe tools and prompts. The server exposes multiple tool definitions and prompts intended for learning, so use caution and follow the guided setup to avoid unintended consequences in real deployments. When connected, you can navigate through the challenges directory structure and run the individual scenarios to see how vulnerabilities manifest and how mitigations can be applied.

Prerequisites:

• Docker installed on your machine (Docker Desktop on Windows/macOS or Docker Engine on Linux)
• Access to the internet to pull the required image or build locally

Install steps:

1. Clone the repository or download the DAMN-VULNERABLE MCP SERVER package
2. Build the Docker image (following the quick start in the README):

# If you have a Dockerfile in the repo, build the image
docker build -t dvmcp .

3. Run the container exposing the MCP port range used by the server:

docker run -p 9001-9010:9001-9010 -i dvmcp

4. Verify the server is running by testing a MCP client connection to the mapped ports (e.g., connect via an MCP client to localhost:9001 or the appropriate port range). If you prefer not to build locally, you can use the prebuilt image from the Docker registry if available.

Notes:

• The project emphasizes an educational, intentionally vulnerable setup. Do not deploy this in production or on systems containing sensitive data.
• On Windows, ensure WSL2 or a compatible environment is used to improve stability; Docker-based runs are recommended as the README suggests.

Tips and caveats:

• The server is designed for security training and intentionally includes vulnerabilities across its challenges. Use isolated environments and avoid connecting from untrusted clients to production networks.
• If you encounter connectivity issues, ensure the Docker container is running and that the port mappings (9001-9010) are correctly exposed on your host.
• The README mentions Linux environments as the preferred setup for stability; if running on Windows, use WSL2 or a Linux VM.
• There is no explicit npm package for this Node.js-based deployment in the provided README; this server is primarily Docker-based. If you later convert to a non-Docker deployment, ensure the environment variables and tool definitions are aligned with your chosen runtime.
• Tools and prompts inside the challenges may attempt to exfiltrate data or elevate permissions in misconfigured ways. Review and patch any vulnerable behaviors if using in a lab environment for deeper learning or demonstrations.