MCP server fuzzer client and utilities
Project description
MCP Server Fuzzer
A comprehensive super aggressive CLI based fuzzing tool for MCP servers using multiple transport protocols, with support for both tool argument fuzzing and protocol type fuzzing. Features pretty output using rich.
The most important thing I'm aiming to ensure here is: If your server conforms to the MCP schema, this tool will be able to fuzz it effectively.
Documentation
Quick Start
Installation
# Install from PyPI
pip install mcp-fuzzer
# Or install from source
git clone https://github.com/Agent-Hellboy/mcp-server-fuzzer.git
cd mcp-server-fuzzer
pip install -e .
Basic Usage
- Set up your MCP server (HTTP, SSE, or Stdio)
- Run basic fuzzing:
# Fuzz tools on an HTTP server
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000
# Fuzz protocol types on an SSE server
mcp-fuzzer --mode protocol --protocol sse --endpoint http://localhost:8000/sse
Key Features
- Two-Phase Fuzzing: Realistic testing + aggressive security testing
- Multi-Protocol Support: HTTP, SSE, and Stdio transports
- Built-in Safety: Environment detection and system protection
- Intelligent Testing: Hypothesis-based data generation strategies
- Rich Reporting: Detailed output with exception tracking
Architecture
The system is built with a modular architecture:
- CLI Layer: User interface and argument handling
- Transport Layer: Protocol abstraction (HTTP/SSE/Stdio)
- Fuzzing Engine: Test orchestration and execution
- Strategy System: Data generation (realistic + aggressive)
- Safety System: Core filter + SystemBlocker PATH shim; safe mock responses
- Runtime: Async ProcessManager + ProcessWatchdog + AsyncProcessWrapper
- Authentication: Multiple auth provider support
- Reporting: FuzzerReporter, Console/JSON/Text formatters, SafetyReporter
Contributing
We welcome contributions! Please see our Contributing Guide for details.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Disclaimer
This tool is designed for testing and security research. Always use in controlled environments and ensure you have permission to test the target systems. The safety system provides protection but should not be relied upon as the sole security measure.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_fuzzer-0.1.7.tar.gz.
File metadata
- Download URL: mcp_fuzzer-0.1.7.tar.gz
- Upload date:
- Size: 83.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60fdee5f0790353f61fa08c1d6796c978fc08eb3d5ade04dee29011a0e88eae2
|
|
| MD5 |
2c3f2ee2ad1ebc2135a227822dce992f
|
|
| BLAKE2b-256 |
8774d2799d432d4d98540e753b93dcacb1dafe3873dccfa98a11b9eba845fbf3
|
File details
Details for the file mcp_fuzzer-0.1.7-py3-none-any.whl.
File metadata
- Download URL: mcp_fuzzer-0.1.7-py3-none-any.whl
- Upload date:
- Size: 106.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b0a48fc1d151ac03f3d70ee8c3b6c83117877818da20adbcea3f0d60234ccabf
|
|
| MD5 |
a036ba262875fd015019a4577d3db275
|
|
| BLAKE2b-256 |
4da35e7fcbbbdb8fd6393106159b939b4fe753017e078c8a21694aaae5d9e7eb
|
