Show HN: Mcpwn – nobody's pentesting their MCP servers, so I built a tool for it

Category: security

Tags: security, pentesting, mcp, ai-security, cli-tool, sql-injection, proxy, reconnaissance

Score: 6.3/10 (Innovation: 6, Technical: 6, Documentation: 8, Utility: 5)

Mcpwn is a CLI tool for security testing of MCP (Model Context Protocol) servers, enabling reconnaissance, tool invocation, and exploitation features like proxy routing through Burp and sqlmap integration for SQL injection testing. It addresses an emerging niche in AI infrastructure security by providing a dedicated pentesting toolkit for the growing MCP ecosystem.

Target audience: security researchers, penetration testers, DevSecOps engineers

Repository: https://github.com/D0rs4n/mcpwn · Python · Apache-2.0

View on Hacker News