MCP Scanner
Advanced Shodan-based scanner for discovering, verifying, and enumerating Model Context Protocol (MCP) servers and AI infrastructure tools over HTTP & SSE.
What is MCP Scanner?
MCP Scanner is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to advanced shodan-based scanner for discovering, verifying, and enumerating model context protocol (mcp) servers and ai infrastructure tools over http & sse.
Advanced Shodan-based scanner for discovering, verifying, and enumerating Model Context Protocol (MCP) servers and AI infrastructure tools over HTTP & SSE.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Advanced Shodan-based scanner for discovering, verifying, an
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-scannerConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Scanner
MCP Scanner is a security analysis tool from Cisco AI Defense that discovers, verifies, and audits Model Context Protocol servers and their tools for vulnerabilities, prompt injection attacks, malicious patterns, and supply chain risks. It combines multiple analysis engines—YARA pattern matching, LLM-as-judge semantic analysis, VirusTotal hash lookups, Cisco AI Defense deep inspection, and CVE/GHSA dependency scanning—to provide comprehensive security coverage for both local and remote MCP deployments. Security teams and developers use it to validate MCP servers before deployment and continuously audit their AI tool ecosystem for emerging threats.
Prerequisites
- Python 3.13+ and uv package manager installed
- Optional: Cisco AI Defense API key (MCP_SCANNER_API_KEY) for deep inspection
- Optional: VirusTotal API key (VIRUSTOTAL_API_KEY) for malware hash lookups
- Optional: LLM API key (MCP_SCANNER_LLM_API_KEY) for semantic behavioral analysis
- Network access to reach remote MCP servers being scanned
Install mcp-scanner via uv
Install the Cisco AI MCP Scanner as a uv tool. Python 3.13 is required.
uv tool install --python 3.13 cisco-ai-mcp-scannerOr install from source for development
Clone and set up the development environment if you want to contribute or run the latest code.
git clone https://github.com/cisco-ai-defense/mcp-scanner
cd mcp-scanner
uv sync --python 3.13Configure optional API keys
Set environment variables for the analysis engines you want to use. YARA and Prompt Defense work without any keys.
export MCP_SCANNER_API_KEY=your-cisco-ai-defense-key
export VIRUSTOTAL_API_KEY=your-virustotal-key
export MCP_SCANNER_LLM_API_KEY=your-llm-provider-key
export MCP_SCANNER_LLM_MODEL=gpt-4oRun a quick scan of known MCP client configs
Scan the MCP configurations already present on your system (Cursor, Claude Desktop, Windsurf) using YARA pattern matching—no API key needed.
mcp-scanner --scan-known-configs --analyzers yara --format summaryScan a specific MCP server
Scan a remote MCP server over HTTP/SSE with a bearer token, or scan a local stdio server.
# Remote server
mcp-scanner --analyzers yara remote --server-url https://your-server/mcp \
--bearer-token "$TOKEN"
# Local stdio server
mcp-scanner --analyzers yara stdio --stdio-command uvx --stdio-arg mcp-clickhouseRun a full behavioral analysis
Use the behavioral analyzer for multi-language code alignment analysis on a server's source code.
mcp-scanner behavioral /path/to/server.py --format detailedMCP Scanner Examples
Client configuration for MCP Scanner
Add MCP Scanner as an MCP server in Claude Desktop to run security scans conversationally.
{
"mcpServers": {
"mcp-scanner": {
"command": "npx",
"args": ["mcp-scanner"],
"env": {
"MCP_SCANNER_API_KEY": "your-cisco-ai-defense-key",
"VIRUSTOTAL_API_KEY": "your-virustotal-key",
"MCP_SCANNER_LLM_API_KEY": "your-llm-api-key",
"MCP_SCANNER_LLM_MODEL": "gpt-4o"
}
}
}
}Prompts to try
Example commands and prompts for security scanning workflows.
- "Scan all MCP servers in my Claude Desktop and Cursor configs for prompt injection vulnerabilities"
- "Check the requirements.txt of this MCP server for known CVEs and GHSA advisories"
- "Run a full behavioral analysis on the server at /path/to/mcp-server.py and report any suspicious patterns"
- "Scan this remote MCP server at https://api.example.com/mcp for security issues"
- "Show me a detailed security report for the mcp-clickhouse server"Troubleshooting MCP Scanner
mcp-scanner fails with Python version errors
MCP Scanner requires Python 3.13 specifically. Install it with 'uv tool install --python 3.13 cisco-ai-mcp-scanner'. If uv cannot find Python 3.13, run 'uv python install 3.13' first.
Stdio server scan times out during startup
Increase the stdio timeout with '--stdio-timeout 180' for servers that are slow to initialize. The default is 60 seconds. For servers requiring environment variables, ensure those are set before scanning.
LLM-as-judge analyzer returns errors
Verify MCP_SCANNER_LLM_API_KEY and MCP_SCANNER_LLM_MODEL are set correctly. For extended thinking models, set MCP_SCANNER_LLM_TIMEOUT=300. The YARA analyzer runs without any API key if you need a fallback.
Frequently Asked Questions about MCP Scanner
What is MCP Scanner?
MCP Scanner is a Model Context Protocol (MCP) server that advanced shodan-based scanner for discovering, verifying, and enumerating model context protocol (mcp) servers and ai infrastructure tools over http & sse. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Scanner?
Follow the installation instructions on the MCP Scanner GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Scanner?
MCP Scanner works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Scanner free to use?
Yes, MCP Scanner is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
MCP Scanner Alternatives — Similar Security Servers
Looking for alternatives to MCP Scanner? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Scanner in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Scanner?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.