MCP server fuzzer client and utilities

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for princekrroshan01 from gravatar.com princekrroshan01
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License)
  • Tags mcp , fuzzing , testing , json-rpc
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs , test
Classifiers
Report project as malware

Project description

MCP Server Fuzzer

MCP Server Fuzzer Icon

CLI fuzzing for MCP servers

Tool fuzzing • Protocol fuzzing • HTTP/SSE/stdio/StreamableHTTP • Safety controls • Rich reporting

CI codecov PyPI - Version Docker Pulls License: MIT Python 3.10+

Docs SiteGetting StartedCLI Reference

What It Does

MCP Server Fuzzer tests MCP servers by fuzzing:

  • tool arguments
  • protocol request types
  • resource and prompt request flows
  • multiple transports: http, sse, stdio, and streamablehttp

It includes optional safety controls such as filesystem sandboxing, PATH-based command blocking, and network restrictions for safer local testing.

Install

Requires Python 3.10+.

# PyPI
pip install mcp-fuzzer

# From source
git clone --recursive https://github.com/Agent-Hellboy/mcp-server-fuzzer.git
cd mcp-server-fuzzer
pip install -e .

Docker is also supported:

docker build -t mcp-fuzzer:latest .
docker run --rm mcp-fuzzer:latest --help

Quick Start

1. Run the bundled HTTP example server

python3 examples/test_server.py

That server listens on http://localhost:8000 and exposes:

  • test_tool
  • echo_tool
  • secure_tool requiring Authorization: Bearer secret123

2. Fuzz tools

mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000 --runs 10

3. Fuzz protocol requests

mcp-fuzzer --mode protocol --protocol-type InitializeRequest \
  --protocol http --endpoint http://localhost:8000 --runs-per-type 5

4. Run tools and protocol together

mcp-fuzzer --mode all --phase both --protocol http --endpoint http://localhost:8000

Common Commands

# Enable command blocking + safety reporting
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000 \
  --enable-safety-system --safety-report

# Export results
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000 \
  --export-csv results.csv --export-html results.html

# Use auth config for the bundled secure_tool example
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000 \
  --auth-config examples/auth_config.json

# Load settings from YAML
mcp-fuzzer --config config.yaml

Example Servers

This repository bundles:

It does not currently bundle a stdio example server. For stdio usage, point the fuzzer at your own server:

mcp-fuzzer --mode tools --protocol stdio --endpoint "python my_server.py" \
  --enable-safety-system --fs-root /tmp/mcp-safe

More runnable example flows are documented in examples/README.md.

Documentation

Keep the README for the basics. Use the docs for everything else:

License

MIT. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for princekrroshan01 from gravatar.com princekrroshan01
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License)
  • Tags mcp , fuzzing , testing , json-rpc
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs , test
Classifiers

Release history Release notifications | RSS feed

This version

0.3.3

0.3.2

0.3.1

0.3.0

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.9

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcp_fuzzer-0.3.3.tar.gz (396.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcp_fuzzer-0.3.3-py3-none-any.whl (527.1 kB view details)

Uploaded Python 3

File details

Details for the file mcp_fuzzer-0.3.3.tar.gz.

File metadata

  • Download URL: mcp_fuzzer-0.3.3.tar.gz
  • Upload date:
  • Size: 396.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.3.3.tar.gz
Algorithm Hash digest
SHA256 5565159f8a94c79bffd2c5503e586735482439f0e41759c693d2983260ff8e53
MD5 4fac14aa98aa9191686e0d5558a91952
BLAKE2b-256 c7d5a4ea2d7e1f1e7ef288cd9cf556bf698cb9dc0e6e2c61b302fdb3874a93d4

See more details on using hashes here.

File details

Details for the file mcp_fuzzer-0.3.3-py3-none-any.whl.

File metadata

  • Download URL: mcp_fuzzer-0.3.3-py3-none-any.whl
  • Upload date:
  • Size: 527.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 57f5ae1df9a1ac5f8686353938a47ff378d29c61c9f98a4301785136cfec04fb
MD5 6c27168f059785b2e43146890ed8f873
BLAKE2b-256 f5d67bb1180991cfc15e636d5e3736a5d4f2a6291e9a024af606b988ad2e9ba5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page