Damn Vulnerable MCP

v1.0.0Securitystable

Damn Vulnerable MCP Server

damn-vulnerable-mcpmcpai-integration
Share:
1,298
Stars
0
Downloads
0
Weekly
0/5

What is Damn Vulnerable MCP?

Damn Vulnerable MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to damn vulnerable mcp server

Damn Vulnerable MCP Server

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Damn Vulnerable MCP Server

Use Cases

Learn about MCP security vulnerabilities through examples.
harishsg993010

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx damn-vulnerable-mcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Damn Vulnerable MCP

Damn Vulnerable MCP is an intentionally insecure Model Context Protocol server built as an educational resource for security researchers and developers learning about AI system attack surfaces. It demonstrates real-world MCP vulnerabilities such as prompt injection, tool poisoning, excessive permissions, rug pull attacks, and malicious code execution in a controlled environment. By running this deliberately broken server alongside a real MCP client, practitioners can observe how these attacks unfold, study the exploit mechanics, and develop defensive intuition — all without putting production systems at risk.

Prerequisites

  • Docker installed (recommended for safe isolation) or Python 3.10+ for local execution
  • An MCP-compatible client such as Claude Desktop or Cursor for observing attack behavior
  • Basic familiarity with the MCP tool-calling flow (how clients invoke server tools)
  • Run only in an isolated environment — never connect this server to accounts with real credentials or production data
1

Clone the repository

Clone the source code to your local machine. Review the code before running to understand what each vulnerability module does.

git clone https://github.com/harishsg993010/damn-vulnerable-MCP-server.git
cd damn-vulnerable-MCP-server
2

Build and run with Docker (recommended)

Docker provides an isolated sandbox. Build the image and run it with the vulnerability server ports exposed.

docker build -t damn-vulnerable-mcp .
docker run -p 9001-9010:9001-9010 damn-vulnerable-mcp
3

Or install dependencies and run locally

If not using Docker, install the Python dependencies and start the server directly. Only do this in a dedicated, isolated environment.

pip install -r requirements.txt
python server.py
4

Connect your MCP client to the server

Add the vulnerable server to your MCP client config. Use a throwaway or sandboxed AI client account — not your primary one.

{
  "mcpServers": {
    "damn-vulnerable-mcp": {
      "command": "python",
      "args": ["server.py"],
      "cwd": "/path/to/damn-vulnerable-MCP-server"
    }
  }
}
5

Explore vulnerability scenarios

Work through each category of vulnerability: observe prompt injection in action, see how poisoned tool descriptions manipulate the AI, and trace how excessive permissions enable unauthorized actions.

Damn Vulnerable MCP Examples

Client configuration

MCP client config to connect to the damn-vulnerable-mcp server running locally via Python.

{
  "mcpServers": {
    "damn-vulnerable-mcp": {
      "command": "python",
      "args": ["server.py"],
      "cwd": "/path/to/damn-vulnerable-MCP-server"
    }
  }
}

Prompts to try

Prompts for studying MCP security vulnerabilities in the isolated test environment.

- "List all tools available on this server and inspect their descriptions for embedded instructions"
- "Call the 'safe-summarizer' tool and observe whether it executes hidden side effects"
- "Ask the tool to read a file outside its declared scope to test excessive permission vulnerabilities"
- "Trigger the tool-shadowing scenario and compare legitimate vs. malicious tool behavior"
- "Demonstrate the indirect prompt injection attack using the data-fetcher tool"

Troubleshooting Damn Vulnerable MCP

Server starts but tools are not appearing in the MCP client

Ensure the Python path in the config points to the correct server.py file and that the cwd is set to the repository root. Run 'python server.py' manually first to check for import errors before connecting the client.

Port conflicts when running alongside DVMCP

If you have the DVMCP Docker container also running, adjust port mappings to avoid conflicts. Use '-p 8001:9001' style remapping in the Docker run command.

AI client refuses to call suspicious tools

Some MCP clients (like Claude Desktop) have safety guardrails that may decline to call obviously harmful tools. Use a less restricted client for security research, or study the source code directly to understand the vulnerability mechanics without needing the client to execute them.

Frequently Asked Questions about Damn Vulnerable MCP

What is Damn Vulnerable MCP?

Damn Vulnerable MCP is a Model Context Protocol (MCP) server that damn vulnerable mcp server It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Damn Vulnerable MCP?

Follow the installation instructions on the Damn Vulnerable MCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Damn Vulnerable MCP?

Damn Vulnerable MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Damn Vulnerable MCP free to use?

Yes, Damn Vulnerable MCP is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Damn Vulnerable MCP Alternatives — Similar Security Servers

Looking for alternatives to Damn Vulnerable MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "damn-vulnerable-mcp": { "command": "npx", "args": ["-y", "damn-vulnerable-mcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Damn Vulnerable MCP?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides