Damn Vulnerable MCP
Damn Vulnerable MCP Server
What is Damn Vulnerable MCP?
Damn Vulnerable MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to damn vulnerable mcp server
Damn Vulnerable MCP Server
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Damn Vulnerable MCP Server
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx damn-vulnerable-mcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Damn Vulnerable MCP
Damn Vulnerable MCP is an intentionally insecure Model Context Protocol server built as an educational resource for security researchers and developers learning about AI system attack surfaces. It demonstrates real-world MCP vulnerabilities such as prompt injection, tool poisoning, excessive permissions, rug pull attacks, and malicious code execution in a controlled environment. By running this deliberately broken server alongside a real MCP client, practitioners can observe how these attacks unfold, study the exploit mechanics, and develop defensive intuition — all without putting production systems at risk.
Prerequisites
- Docker installed (recommended for safe isolation) or Python 3.10+ for local execution
- An MCP-compatible client such as Claude Desktop or Cursor for observing attack behavior
- Basic familiarity with the MCP tool-calling flow (how clients invoke server tools)
- Run only in an isolated environment — never connect this server to accounts with real credentials or production data
Clone the repository
Clone the source code to your local machine. Review the code before running to understand what each vulnerability module does.
git clone https://github.com/harishsg993010/damn-vulnerable-MCP-server.git
cd damn-vulnerable-MCP-serverBuild and run with Docker (recommended)
Docker provides an isolated sandbox. Build the image and run it with the vulnerability server ports exposed.
docker build -t damn-vulnerable-mcp .
docker run -p 9001-9010:9001-9010 damn-vulnerable-mcpOr install dependencies and run locally
If not using Docker, install the Python dependencies and start the server directly. Only do this in a dedicated, isolated environment.
pip install -r requirements.txt
python server.pyConnect your MCP client to the server
Add the vulnerable server to your MCP client config. Use a throwaway or sandboxed AI client account — not your primary one.
{
"mcpServers": {
"damn-vulnerable-mcp": {
"command": "python",
"args": ["server.py"],
"cwd": "/path/to/damn-vulnerable-MCP-server"
}
}
}Explore vulnerability scenarios
Work through each category of vulnerability: observe prompt injection in action, see how poisoned tool descriptions manipulate the AI, and trace how excessive permissions enable unauthorized actions.
Damn Vulnerable MCP Examples
Client configuration
MCP client config to connect to the damn-vulnerable-mcp server running locally via Python.
{
"mcpServers": {
"damn-vulnerable-mcp": {
"command": "python",
"args": ["server.py"],
"cwd": "/path/to/damn-vulnerable-MCP-server"
}
}
}Prompts to try
Prompts for studying MCP security vulnerabilities in the isolated test environment.
- "List all tools available on this server and inspect their descriptions for embedded instructions"
- "Call the 'safe-summarizer' tool and observe whether it executes hidden side effects"
- "Ask the tool to read a file outside its declared scope to test excessive permission vulnerabilities"
- "Trigger the tool-shadowing scenario and compare legitimate vs. malicious tool behavior"
- "Demonstrate the indirect prompt injection attack using the data-fetcher tool"Troubleshooting Damn Vulnerable MCP
Server starts but tools are not appearing in the MCP client
Ensure the Python path in the config points to the correct server.py file and that the cwd is set to the repository root. Run 'python server.py' manually first to check for import errors before connecting the client.
Port conflicts when running alongside DVMCP
If you have the DVMCP Docker container also running, adjust port mappings to avoid conflicts. Use '-p 8001:9001' style remapping in the Docker run command.
AI client refuses to call suspicious tools
Some MCP clients (like Claude Desktop) have safety guardrails that may decline to call obviously harmful tools. Use a less restricted client for security research, or study the source code directly to understand the vulnerability mechanics without needing the client to execute them.
Frequently Asked Questions about Damn Vulnerable MCP
What is Damn Vulnerable MCP?
Damn Vulnerable MCP is a Model Context Protocol (MCP) server that damn vulnerable mcp server It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Damn Vulnerable MCP?
Follow the installation instructions on the Damn Vulnerable MCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Damn Vulnerable MCP?
Damn Vulnerable MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Damn Vulnerable MCP free to use?
Yes, Damn Vulnerable MCP is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Damn Vulnerable MCP Alternatives — Similar Security Servers
Looking for alternatives to Damn Vulnerable MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Damn Vulnerable MCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Damn Vulnerable MCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.