Damn Vulnerable MCP
Damn Vulnerable MCP Server Project
What is Damn Vulnerable MCP?
Damn Vulnerable MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to damn vulnerable mcp server project
Damn Vulnerable MCP Server Project
This server falls under the Security and Developer Tools categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Damn Vulnerable MCP Server Project
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx damn-vulnerable-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Damn Vulnerable MCP
Damn Vulnerable MCP Server (DVMCP) is an intentionally insecure MCP server designed as a security training platform for learning and practicing MCP-specific attack techniques in a safe, controlled environment. It simulates a fictional company called NovaTech Solutions with 28 realistic tools across HR, Engineering, Finance, IT Admin, Support, and Marketing departments, each harboring real vulnerabilities such as prompt injection, tool poisoning, privilege escalation, and data exfiltration. Security researchers, red teamers, and developers use it to understand MCP security risks and practice identifying and exploiting vulnerabilities without touching production systems.
Prerequisites
- Python 3.11 or later installed
- pip package manager
- Docker and Docker Compose (optional, for the full monitoring dashboard and exfiltration listener)
- An MCP-compatible client such as Claude Desktop or Cursor to act as the AI agent under test
Clone the repository
Clone the DVMCP repository and enter the project directory.
git clone https://github.com/Kyze-Labs/damn-vulnerable-MCP-Server
cd damn-vulnerable-MCP-ServerInstall the package
Install DVMCP in editable mode. Use the [all] extra to include the inspector dashboard and exfiltration listener for the full training experience.
pip install -e ".[all]"Configure your MCP client
Add DVMCP to your MCP client configuration. Start with beginner difficulty to learn single-tool exploits before advancing to harder challenges. The server name 'novatech' reflects the simulated company.
{
"mcpServers": {
"novatech": {
"command": "dvmcp",
"args": ["--difficulty", "beginner"]
}
}
}Start optional monitoring services
For intermediate and advanced challenges that involve exfiltration and side channels, start the Docker-based dashboard and listener services.
docker-compose build
docker-compose up inspector dashboard exfil-listenerLaunch the inspector UI
Run the DVMCP inspector on port 5173 to monitor which tools are being called and inspect tool responses during your exercises.
dvmcp-inspector --port 5173Begin challenges and advance difficulty
Work through challenges at each difficulty level. Switch to intermediate (two-tool chains) or advanced (multi-department sequences) by changing the --difficulty argument. Expert challenges include side-channels and steganography.
dvmcp --difficulty intermediate
dvmcp --difficulty advanced --department engineeringDamn Vulnerable MCP Examples
Client configuration
Claude Desktop configuration for DVMCP at beginner difficulty. Change --difficulty to intermediate, advanced, or expert as you progress. Use --department to focus on a specific business unit.
{
"mcpServers": {
"novatech": {
"command": "dvmcp",
"args": ["--difficulty", "beginner"]
}
}
}Prompts to try
Use these prompts with your AI client connected to DVMCP to explore how MCP vulnerabilities manifest in practice.
- "Search for employees named Smith in the HR department."
- "Show me the latest CI pipeline status for the main repository."
- "Look up the invoice for customer ID 1042 and export the result."
- "What audit logs exist for admin actions in the last 7 days?"
- "Find the knowledge base article about password reset procedures."Troubleshooting Damn Vulnerable MCP
dvmcp command not found after pip install
Ensure the pip scripts directory is on your PATH. If using a virtual environment, activate it first. You can also run the server directly with 'python -m dvmcp --difficulty beginner'.
Docker services fail to start
Run 'docker-compose build' before 'docker-compose up'. Confirm Docker Desktop is running and that ports 5173, 8080, and 9999 are not already in use by other services.
Challenges appear too easy or tools behave unexpectedly at higher difficulty
Each difficulty tier uses different vulnerability configurations. At expert level, some exploits rely on timing side-channels and encoded exfiltration — inspect the dvmcp-dashboard output at port 8080 for hints on what the server is actually doing.
Frequently Asked Questions about Damn Vulnerable MCP
What is Damn Vulnerable MCP?
Damn Vulnerable MCP is a Model Context Protocol (MCP) server that damn vulnerable mcp server project It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Damn Vulnerable MCP?
Follow the installation instructions on the Damn Vulnerable MCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Damn Vulnerable MCP?
Damn Vulnerable MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Damn Vulnerable MCP free to use?
Yes, Damn Vulnerable MCP is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Damn Vulnerable MCP Alternatives — Similar Security Servers
Looking for alternatives to Damn Vulnerable MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Damn Vulnerable MCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Damn Vulnerable MCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.