Skip to main content

MCP server fuzzer client and utilities

Project description

MCP Server Fuzzer

MCP Server Fuzzer Icon

CLI fuzzing for MCP servers

Tool fuzzing • Protocol fuzzing • HTTP/SSE/stdio/StreamableHTTP • Safety controls • Rich reporting

CI codecov PyPI - Version PyPI Downloads Supports MCP 2025-11-25 Docker Pulls License: MIT Python 3.10+

Docs SiteGetting StartedCLI Reference

What It Does

MCP Server Fuzzer tests MCP servers by fuzzing:

  • tool arguments
  • protocol request types
  • resource and prompt request flows
  • multiple transports: http, sse, stdio, and streamablehttp

It includes optional safety controls such as filesystem sandboxing, PATH-based command blocking, and network restrictions for safer local testing.

Findings It Reports

Beyond protocol/transport errors, runs are classified into categorized findings (written to <output-dir>/findings.json, with per-crash repros under <output-dir>/crashes/, and summarized on stdout):

  • crash — server process terminated abnormally (segfault/abort/panic or non-zero exit); captures the signal and a stderr tail
  • auth_bypass — a protected tool answered an unauthenticated call
  • injection_reflection — a dangerous input token was echoed back verbatim
  • oversized_response — response exceeded the read cap (resource exhaustion)
  • hang — request timed out (deadlock / infinite loop / ReDoS)
  • internal_error — JSON-RPC -32603 (unhandled server-side exception)
  • error_leakage — stack trace / panic leaked in output
  • memory_growth — server RSS grew multi-fold across runs (stdio targets)
  • non_determinism — identical input produced differing outcomes
  • accepted_malformed — server accepted clearly-invalid input without error
  • performance_outlier — response time far above the per-target median

Tip: for compiled-language servers (Go/C/C++/Rust), run the target under a sanitizer or race build so memory bugs surface as observable crashes.

Install

Requires Python 3.10+.

# PyPI
pip install mcp-fuzzer

# From source
git clone --recursive https://github.com/Agent-Hellboy/mcp-server-fuzzer.git
cd mcp-server-fuzzer
pip install -e .

Docker is also supported:

docker build -t mcp-fuzzer:latest .
docker run --rm mcp-fuzzer:latest --help

Quick Start

1. Run the bundled HTTP example server

pip install "mcp[cli]" uvicorn
python3 examples/test_server.py

That server uses the official Python MCP SDK, listens on http://localhost:8000/mcp/, and exposes:

  • test_tool
  • echo_tool
  • secure_tool requiring Authorization: Bearer secret123

2. Fuzz tools

mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ --runs 10

3. Fuzz protocol requests

mcp-fuzzer --mode protocol --protocol-type InitializeRequest \
  --protocol http --endpoint http://localhost:8000/mcp/ --runs-per-type 5

4. Run tools and protocol together

mcp-fuzzer --mode all --phase both --protocol http --endpoint http://localhost:8000/mcp/

Common Commands

# Enable command blocking + safety reporting
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --enable-safety-system --safety-report

# Export results
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --export-csv results.csv --export-html results.html

# Use auth config for the bundled secure_tool example
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --auth-config examples/auth_config.json

# Load settings from YAML
mcp-fuzzer --config config.yaml

Example Servers

This repository bundles:

For other stdio usage, point the fuzzer at your own server:

mcp-fuzzer --mode tools --protocol stdio --endpoint "python my_server.py" \
  --enable-safety-system --fs-root /tmp/mcp-safe

More runnable example flows are documented in examples/README.md.

Documentation

Keep the README for the basics. Use the docs for everything else:

License

MIT. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcp_fuzzer-0.3.6.tar.gz (460.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcp_fuzzer-0.3.6-py3-none-any.whl (608.0 kB view details)

Uploaded Python 3

File details

Details for the file mcp_fuzzer-0.3.6.tar.gz.

File metadata

  • Download URL: mcp_fuzzer-0.3.6.tar.gz
  • Upload date:
  • Size: 460.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.3.6.tar.gz
Algorithm Hash digest
SHA256 32f313d7feb9ef1a4d81ac7b88af7a12f2319ea511f9dda5ed1b56fe42370422
MD5 880a61f90f5ea71d19e8c9d01ce4649a
BLAKE2b-256 089a467844356b3adf3b962447458e74521d2b3203ba52f504ed5638da5a72b8

See more details on using hashes here.

File details

Details for the file mcp_fuzzer-0.3.6-py3-none-any.whl.

File metadata

  • Download URL: mcp_fuzzer-0.3.6-py3-none-any.whl
  • Upload date:
  • Size: 608.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.3.6-py3-none-any.whl
Algorithm Hash digest
SHA256 6d3f8c6ba59b8c98beed3b0f01bf0caaf9c279a9c6ae9de7450c37494213ced8
MD5 8ee1f40a8134a10e2844062f0f35f69c
BLAKE2b-256 b2343bf12dd19aa63d9ab74c640d9158e988bcc07ef040658ac52c056311d09c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page