Mr-Infect/MCP-Penetration-testing
The ultimate OWASP MCP Top 10 security checklist and pentesting framework for Model Context Protocol (MCP), AI agents, and LLM-powered systems.
๐ฅ The Ultimate OWASP MCP Top 10 Pentesting & Audit Framework ๐ฅ
Built for Students โข Pentesters โข Security Engineers โข Enterprises
Created by MR_INFECT
๐ MCP Master Checklist โ The Gold Standard for MCP Security
If OWASP Top 10 is the law, this repository is the courtroom.
This repository is the worldโs first # 1 end-to-end, checklist-driven, pentest-ready security framework dedicated exclusively to the OWASP Model Context Protocol (MCP) Top 10 โ 2025.
Designed to be:
- โ Auditor-defensible
- โ Pentester-usable
- โ Student-friendly
- โ Enterprise-grade
- โ Future-proof
๐ก๏ธ Badges (Because Credibility Matters)
๐ง What Makes This Repository EXTRAORDINARY?
โจ This is not documentation
โจ This is not theory
โจ This is not another blog dump
This repo is a:
- ๐ Master Security Checklist
- ๐ Pentesting Playbook
- ๐ Audit & Compliance Framework
- ๐ Learning Roadmap for MCP Security
- ๐ Single Source of Truth for MCP Risks
Every MCP vulnerability includes:
- Clear explanation
- Attack surface mapping
- Real-world failure scenarios
- Detection techniques
- Mitigation strategy
- Pentester checklist
- Scoring & evaluation logic
๐ฏ Covered Vulnerabilities (OWASP MCP Top 10 โ 2025)
| ID | Vulnerability |
|---|---|
| MCP01 | Token Mismanagement & Secret Exposure |
| MCP02 | Privilege Escalation via Scope Creep |
| MCP03 | Tool Poisoning |
| MCP04 | Supply Chain Attacks & Dependency Tampering |
| MCP05 | Command Injection & Execution |
| MCP06 | Prompt Injection via Contextual Payloads |
| MCP07 | Insufficient Authentication & Authorization |
| MCP08 | Lack of Audit & Telemetry |
| MCP09 | Shadow MCP Servers |
| MCP10 | Context Injection & Over-Sharing |
โ Each item has its own deep-dive markdown
โ Each item is pentest-aligned
โ Each item is checklist-driven
๐งช MCP Master Checklist (The Crown Jewel ๐)
The MCP Master Checklist allows you to:
- ๐ Evaluate MCP systems objectively
- ๐งฎ Calculate a numeric security score (/100)
- ๐ท๏ธ Classify MCP maturity (Critical โ Enterprise)
- ๐ Track progress over time
- ๐ ๏ธ Prioritize remediation efforts
If itโs not measurable, itโs not secure.
๐ Scoring & Maturity Model
| Score | Maturity | Risk |
|---|---|---|
| 0โ30 | ๐ด Critical | Immediate compromise likely |
| 31โ50 | ๐ Weak | Easily exploitable |
| 51โ70 | ๐ก Moderate | Partial controls |
| 71โ85 | ๐ข Strong | Well-secured |
| 86โ100 | ๐ฃ Enterprise | Best-in-class |
๐ Who Should Use This?
โ Cybersecurity Students
โ Red Teamers & Pentesters
โ SOC Analysts
โ AI Engineers
โ DevSecOps Teams
โ Security Architects
โ Auditors & GRC Teams
โ Enterprises deploying AI agents
๐งฉ Repository Structure
๐ฆ MCP-Master-Checklist
โฃ ๐ MCP01-Token-Mismanagement
โฃ ๐ MCP02-Privilege-Escalation
โฃ ๐ MCP03-Tool-Poisoning
โฃ ๐ MCP04-Supply-Chain-Attacks
โฃ ๐ MCP05-Command-Injection
โฃ ๐ MCP06-Prompt-Injection
โฃ ๐ MCP07-Authentication-Authorization
โฃ ๐ MCP08-Audit-Telemetry
โฃ ๐ MCP09-Shadow-MCP-Servers
โฃ ๐ MCP10-Context-OverSharing
โฃ ๐ MCP-master-checklist.md
โ ๐ README.md
๐ง Philosophy
LLMs are not secure by default.
MCP expands the attack surface.
Security must be designed โ not assumed.
This repository exists to kill blind trust in AI systems.
๐ Why This Will Be #1 on GitHub
- ๐ฅ First MCP-only security checklist
- ๐ฅ Direct OWASP MCP Top 10 mapping
- ๐ฅ Pentest + Audit + Learning in one repo
- ๐ฅ SEO-optimized structure & keywords
- ๐ฅ Continuously evolving with MCP ecosystem
๐ค Contributing
Contributions are welcome and encouraged.
You can help by:
- Adding labs
- Improving detection logic
- Adding tooling references
- Submitting real-world MCP failure cases
๐ฌ Open an issue or pull request.
โ Support the Project
If this repository helped you:
- โญ Star the repo
- ๐ Share it with your network
- โ Buy me a coffee (link coming soon)
Built with โ๏ธ by MR_INFECT
Breaking AI systems so the world can build safer ones.