MCP Scanner

v1.0.0Securitystable

Advanced Shodan-based scanner for discovering, verifying, and enumerating Model Context Protocol (MCP) servers and AI infrastructure tools over HTTP & SSE.

agentsaimcpsecurityai-security
Share:
936
Stars
0
Downloads
0
Weekly
0/5

What is MCP Scanner?

MCP Scanner is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to advanced shodan-based scanner for discovering, verifying, and enumerating model context protocol (mcp) servers and ai infrastructure tools over http & sse.

Advanced Shodan-based scanner for discovering, verifying, and enumerating Model Context Protocol (MCP) servers and AI infrastructure tools over HTTP & SSE.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Advanced Shodan-based scanner for discovering, verifying, an

Use Cases

Shodan-based MCP server discovery
Security enumeration and verification
LicenseApache-2.0
Languagepython
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-scanner

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Scanner

MCP Scanner is a security analysis tool from Cisco AI Defense that discovers, verifies, and audits Model Context Protocol servers and their tools for vulnerabilities, prompt injection attacks, malicious patterns, and supply chain risks. It combines multiple analysis engines—YARA pattern matching, LLM-as-judge semantic analysis, VirusTotal hash lookups, Cisco AI Defense deep inspection, and CVE/GHSA dependency scanning—to provide comprehensive security coverage for both local and remote MCP deployments. Security teams and developers use it to validate MCP servers before deployment and continuously audit their AI tool ecosystem for emerging threats.

Prerequisites

  • Python 3.13+ and uv package manager installed
  • Optional: Cisco AI Defense API key (MCP_SCANNER_API_KEY) for deep inspection
  • Optional: VirusTotal API key (VIRUSTOTAL_API_KEY) for malware hash lookups
  • Optional: LLM API key (MCP_SCANNER_LLM_API_KEY) for semantic behavioral analysis
  • Network access to reach remote MCP servers being scanned
1

Install mcp-scanner via uv

Install the Cisco AI MCP Scanner as a uv tool. Python 3.13 is required.

uv tool install --python 3.13 cisco-ai-mcp-scanner
2

Or install from source for development

Clone and set up the development environment if you want to contribute or run the latest code.

git clone https://github.com/cisco-ai-defense/mcp-scanner
cd mcp-scanner
uv sync --python 3.13
3

Configure optional API keys

Set environment variables for the analysis engines you want to use. YARA and Prompt Defense work without any keys.

export MCP_SCANNER_API_KEY=your-cisco-ai-defense-key
export VIRUSTOTAL_API_KEY=your-virustotal-key
export MCP_SCANNER_LLM_API_KEY=your-llm-provider-key
export MCP_SCANNER_LLM_MODEL=gpt-4o
4

Run a quick scan of known MCP client configs

Scan the MCP configurations already present on your system (Cursor, Claude Desktop, Windsurf) using YARA pattern matching—no API key needed.

mcp-scanner --scan-known-configs --analyzers yara --format summary
5

Scan a specific MCP server

Scan a remote MCP server over HTTP/SSE with a bearer token, or scan a local stdio server.

# Remote server
mcp-scanner --analyzers yara remote --server-url https://your-server/mcp \
  --bearer-token "$TOKEN"

# Local stdio server
mcp-scanner --analyzers yara stdio --stdio-command uvx --stdio-arg mcp-clickhouse
6

Run a full behavioral analysis

Use the behavioral analyzer for multi-language code alignment analysis on a server's source code.

mcp-scanner behavioral /path/to/server.py --format detailed

MCP Scanner Examples

Client configuration for MCP Scanner

Add MCP Scanner as an MCP server in Claude Desktop to run security scans conversationally.

{
  "mcpServers": {
    "mcp-scanner": {
      "command": "npx",
      "args": ["mcp-scanner"],
      "env": {
        "MCP_SCANNER_API_KEY": "your-cisco-ai-defense-key",
        "VIRUSTOTAL_API_KEY": "your-virustotal-key",
        "MCP_SCANNER_LLM_API_KEY": "your-llm-api-key",
        "MCP_SCANNER_LLM_MODEL": "gpt-4o"
      }
    }
  }
}

Prompts to try

Example commands and prompts for security scanning workflows.

- "Scan all MCP servers in my Claude Desktop and Cursor configs for prompt injection vulnerabilities"
- "Check the requirements.txt of this MCP server for known CVEs and GHSA advisories"
- "Run a full behavioral analysis on the server at /path/to/mcp-server.py and report any suspicious patterns"
- "Scan this remote MCP server at https://api.example.com/mcp for security issues"
- "Show me a detailed security report for the mcp-clickhouse server"

Troubleshooting MCP Scanner

mcp-scanner fails with Python version errors

MCP Scanner requires Python 3.13 specifically. Install it with 'uv tool install --python 3.13 cisco-ai-mcp-scanner'. If uv cannot find Python 3.13, run 'uv python install 3.13' first.

Stdio server scan times out during startup

Increase the stdio timeout with '--stdio-timeout 180' for servers that are slow to initialize. The default is 60 seconds. For servers requiring environment variables, ensure those are set before scanning.

LLM-as-judge analyzer returns errors

Verify MCP_SCANNER_LLM_API_KEY and MCP_SCANNER_LLM_MODEL are set correctly. For extended thinking models, set MCP_SCANNER_LLM_TIMEOUT=300. The YARA analyzer runs without any API key if you need a fallback.

Frequently Asked Questions about MCP Scanner

What is MCP Scanner?

MCP Scanner is a Model Context Protocol (MCP) server that advanced shodan-based scanner for discovering, verifying, and enumerating model context protocol (mcp) servers and ai infrastructure tools over http & sse. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Scanner?

Follow the installation instructions on the MCP Scanner GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Scanner?

MCP Scanner works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Scanner free to use?

Yes, MCP Scanner is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

MCP Scanner Alternatives — Similar Security Servers

Looking for alternatives to MCP Scanner? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-scanner": { "command": "npx", "args": ["-y", "mcp-scanner"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Scanner?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides