Vulnerability detection and security scoring tool for MCP (Model Context Protocol) servers.
- Scans MCP servers against 10 known CVEs (9 critical, 1 high)
- Calculates security scores (0-100)
- Generates detailed reports in Markdown, JSON, or plain text
- Supports scanning individual servers or all known servers
- Tracks vulnerability status and affected versions
# Clone repository
git clone https://github.com/OpenSeneca/mcp-scanner.git
cd mcp-scanner
# No external dependencies required - uses Python 3.7+ standard librarypython main.py --server mcp-hub --version 1.5.0python main.py --allpython main.py --all --format jsonpython main.py --all --format markdown --output report.md- 100: Secure (no known vulnerabilities)
- 70-99: Vulnerable (minor issues)
- <70: Critical (severe vulnerabilities)
Scores are calculated by subtracting points for each vulnerability:
- Critical: -25 points
- High: -15 points
- Medium: -10 points
- Low: -5 points
Currently tracks 10 CVEs from the OX Security investigation:
- CVE-2026-0801 through CVE-2026-0809: Critical severity
- CVE-2026-0810: High severity
All CVEs were published on 2026-04-18 and affect MCP servers prior to version 1.0.x.
Includes 10 certified MCP servers from OpenSeneca with download counts and versions.
# Check if mcp-gateway 1.4.0 is vulnerable
python main.py --server mcp-gateway --version 1.4.0
# Generate security report for all servers
python main.py --all --format markdown --output security-report-$(date +%Y-%m-%d).md
# Get JSON output for integration
python main.py --all --format jsonMarkdown reports include:
- Summary statistics (servers scanned, vulnerable count)
- Security score table
- Detailed vulnerability breakdowns
JSON output includes complete data for automated processing.
This is the core CLI scanner. Future versions will include:
- REST API server for web dashboard
- Real-time CVE monitoring
- Server discovery and inventory
- Integration with SIEM systems
MIT License - OpenSeneca Project