MCP server fuzzer client and utilities
Project description
MCP Fuzzer
A CLI tool for fuzzing MCP server tools using multiple transport protocols, with pretty output using rich.
Features
- Multi-Protocol Support: HTTP, SSE, Stdio, and WebSocket transports
- Tool Discovery: Automatically discovers available tools from MCP servers
- Intelligent Fuzzing: Uses Hypothesis to generate random/edge-case arguments
- Rich Reporting: Beautiful terminal tables with detailed statistics
- Protocol Flexibility: Easy to add new transport protocols
Architecture
The MCP Fuzzer uses a transport abstraction layer to support multiple protocols. Here's how it works:
Installation
pip install mcp-fuzzer
Usage
You can run the fuzzer in several ways:
As a CLI tool (recommended)
mcp-fuzzer --protocol http --endpoint http://localhost:8000/mcp/ --runs 10
As a Python module
python -m mcp_fuzzer --protocol http --endpoint http://localhost:8000/mcp/ --runs 10
As a Python script
python -m mcp_fuzzer.client --protocol http --endpoint http://localhost:8000/mcp/ --runs 10
Supported Protocols
HTTP Transport
mcp-fuzzer --protocol http --endpoint http://localhost:8080/rpc --runs 20
SSE Transport
mcp-fuzzer --protocol sse --endpoint http://localhost:8080/sse --runs 15
Stdio Transport
# Binary executables
mcp-fuzzer --protocol stdio --endpoint "./bin/mcp-shell" --runs 10
# Python scripts
mcp-fuzzer --protocol stdio --endpoint "python3 ./my-mcp-server.py" --runs 10
# Python scripts with spaces in path
mcp-fuzzer --protocol stdio --endpoint '"./My Server/mcp-server.py"' --runs 10
WebSocket Transport
mcp-fuzzer --protocol websocket --endpoint ws://localhost:8080/ws --runs 25
Arguments
--protocol: Transport protocol to use (http, sse, stdio, websocket)--endpoint: Server endpoint (URL for http/sse/websocket, command for stdio)--runs: Number of fuzzing runs per tool (default: 10)--timeout: Request timeout in seconds (default: 30.0)--verbose: Enable verbose logging
Output
Results are shown in a colorized table with detailed statistics:
- Success Rate: Percentage of successful tool calls
- Exception Count: Number of exceptions during fuzzing
- Example Exceptions: Sample error messages for debugging
- Overall Statistics: Summary across all tools and protocols
Project dependencies are managed via pyproject.toml.
Test result of fuzz testing of https://github.com/modelcontextprotocol/python-sdk/tree/main/examples/servers/simple-streamablehttp-stateless
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_fuzzer-0.1.2.tar.gz.
File metadata
- Download URL: mcp_fuzzer-0.1.2.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a55fe094d44013a8d77dcd4e1a2905ca53de30746e0337f67befc19c9bc81c7
|
|
| MD5 |
49fbb0d8bc6b3a74d4d05360df3478dd
|
|
| BLAKE2b-256 |
3185b7d4ddd7ac31cd2217b49f82a58a534f78a88b6e51ad45f308cfae7dbbb5
|
File details
Details for the file mcp_fuzzer-0.1.2-py3-none-any.whl.
File metadata
- Download URL: mcp_fuzzer-0.1.2-py3-none-any.whl
- Upload date:
- Size: 9.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d338921f7abfdaca123d7b3a152b32b3bc3ecf4965024e46a358de39d2a9565
|
|
| MD5 |
503ee56e29d183315cac73cc650e0db0
|
|
| BLAKE2b-256 |
7c54ee19384228fdb1f76ed1d609d423bcb6c1463c85052bca24c05f3c48e132
|
