MCPScan
Your MCP servers
are wide open.
The first dedicated security scanner for Model Context Protocol servers. 8,500+ MCP servers deployed. Zero dedicated scanning tools โ until now.
Azure's own MCP server had a critical SSRF vulnerability. If Microsoft can't get it right, what's hiding in yours?
MCP is
everywhere.
Security
isn't.
SSRF vulnerabilities
MCP tools tricked into making requests to internal services
Prompt injection via tool results
Malicious data returned through tools hijacks agent behaviour
Excessive permissions
MCP servers running with far more access than they need
No authentication
Many MCP servers lack proper auth, exposing tools to anyone
Data exfiltration paths
Tool chains exploited to leak sensitive data externally
Supply chain risks
Community MCP servers running untrusted code with privileged access
What it does.
Static Analysis
- โScan mcp.json / server configurations for misconfigurations
- โDetect overly permissive tool definitions
- โIdentify tools with dangerous capabilities (file system, network, shell)
- โFlag missing authentication and authorisation
Dynamic Testing
- โSSRF probe testing across all tool endpoints
- โPrompt injection resilience testing via tool inputs
- โPermission boundary testing
- โData exfiltration path detection
- โAuthentication bypass attempts
Compliance Reporting
- โOWASP Top 10 for LLM Applications mapping
- โRisk severity scoring (Critical / High / Medium / Low)
- โRemediation guidance with code examples
- โExportable PDF and JSON reports
Continuous Monitoring
- โScheduled scanning (daily / weekly / on-deploy)
- โCI/CD pipeline integration
- โAlerting on new vulnerabilities or config drift
- โMCP server inventory and asset management
How it works.
$ mcpscan scan --config ./mcp.json
Scanning MCP server configuration...
โ 12 tools scanned
โ 3 SSRF vectors tested
โ Permission boundaries validated
Results:
๐ด CRITICAL: SSRF in database_query tool
๐ก MEDIUM: No auth on file_read tool
๐ข LOW: Verbose error messages in API tool
Report saved to ./mcpscan-report.json
CI/CD Integration
Works with GitHub Actions, GitLab CI, Jenkins, Azure DevOps, CircleCI, and any CI/CD via CLI.
- name:
MCPScan Security Check
uses:
mcpscan/action@v1
with:
config: ./mcp.json
severity-threshold: high
fail-on-findings: true
Who it's for.
Platform Teams
Deploying MCP servers for AI agents? Know they're secure before they hit production.
Security Teams
Asked to approve MCP adoption? Get visibility into what these servers can do and what risks they introduce.
Developers
Building MCP tools? Ship secure code without becoming a security expert.
Compliance Teams
Auditors asking about AI agent security? Get evidence that MCP tools are assessed and monitored.
MCP servers in the wild
Dedicated MCP scanners before MCPScan
CVEs already disclosed in major MCP servers
Pricing
14-day free trial on all paid plans. No credit card required for Free tier.
Free
For individual developers and open-source projects
- โUp to 3 MCP servers
- โStatic analysis only
- โBasic vulnerability report
- โCommunity support
- โ10 scans/month
Pro
For teams building with MCP
- โUp to 25 MCP servers
- โStatic + dynamic analysis
- โFull reports with remediation
- โCI/CD integration
- โWeekly scheduled scans
- โPriority email support
Business
For production MCP deployments
- โUnlimited MCP servers
- โStatic + dynamic + continuous
- โOWASP LLM Top 10 reporting
- โCustom scanning policies
- โAPI access for automation
- โSSO and team management
- โ24-hour response SLA
Enterprise
For regulated industries
- โEverything in Business
- โOn-premise / private cloud
- โCustom compliance frameworks
- โDedicated security engineer
- โSIEM/SOAR integration
- โ4-hour response SLA
FAQ
What MCP server implementations do you support?
MCPScan works with any MCP-compliant server โ TypeScript SDK, Python SDK, custom implementations. If it speaks MCP, we can scan it.
Does scanning affect my production MCP servers?
Static analysis is completely passive. Dynamic testing sends controlled test payloads โ we recommend running against staging environments first. All test payloads are safe and non-destructive.
How is this different from a regular vulnerability scanner?
Traditional scanners don't understand the MCP protocol or AI-specific attack vectors like prompt injection via tools. MCPScan is purpose-built for MCP's unique threat model.
Can I scan third-party MCP servers before installing them?
Yes โ this is one of our most popular use cases. Point MCPScan at a server's source code or configuration before deploying it. Think of it as a security gate for your MCP supply chain.
Do you offer an on-premise version?
Yes, on our Enterprise plan. MCPScan can run entirely within your network for organisations with strict data residency requirements.
Don't wait for your first MCP breach.
Scan your MCP servers for free. No credit card. No sales call. Just answers.