Skip to main content

MCP server fuzzer client and utilities

Project description

MCP Server Fuzzer

MCP Server Fuzzer Icon

CLI fuzzing for MCP servers

Tool fuzzing • Protocol fuzzing • HTTP/SSE/stdio/StreamableHTTP • Safety controls • Rich reporting

CI codecov PyPI - Version PyPI Downloads Supports MCP 2025-11-25 Docker Pulls License: MIT Python 3.10+

Docs SiteGetting StartedCLI Reference

What It Does

MCP Server Fuzzer tests MCP servers by fuzzing:

  • tool arguments
  • protocol request types
  • resource and prompt request flows
  • multiple transports: http, sse, stdio, and streamablehttp

It includes optional safety controls such as filesystem sandboxing, PATH-based command blocking, and network restrictions for safer local testing.

Findings It Reports

Beyond protocol/transport errors, runs are classified into categorized findings (written to <output-dir>/findings.json, with per-crash repros under <output-dir>/crashes/, and summarized on stdout):

  • crash — server process terminated abnormally (segfault/abort/panic or non-zero exit); captures the signal and a stderr tail
  • auth_bypass — a protected tool answered an unauthenticated call
  • injection_reflection — a dangerous input token was echoed back verbatim
  • oversized_response — response exceeded the read cap (resource exhaustion)
  • hang — request timed out (deadlock / infinite loop / ReDoS)
  • internal_error — JSON-RPC -32603 (unhandled server-side exception)
  • error_leakage — stack trace / panic leaked in output
  • memory_growth — server RSS grew multi-fold across runs (stdio targets)
  • non_determinism — identical input produced differing outcomes
  • accepted_malformed — server accepted clearly-invalid input without error
  • performance_outlier — response time far above the per-target median

Tip: for compiled-language servers (Go/C/C++/Rust), run the target under a sanitizer or race build so memory bugs surface as observable crashes.

Install

Requires Python 3.10+.

# PyPI
pip install mcp-fuzzer

# From source
git clone --recursive https://github.com/Agent-Hellboy/mcp-server-fuzzer.git
cd mcp-server-fuzzer
pip install -e .

Docker is also supported:

docker build -t mcp-fuzzer:latest .
docker run --rm mcp-fuzzer:latest --help

Quick Start

1. Run the bundled HTTP example server

pip install "mcp[cli]" uvicorn
python3 examples/test_server.py

That server uses the official Python MCP SDK, listens on http://localhost:8000/mcp/, and exposes:

  • test_tool
  • echo_tool
  • secure_tool requiring Authorization: Bearer secret123

2. Fuzz tools

mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ --runs 10

3. Fuzz protocol requests

mcp-fuzzer --mode protocol --protocol-type InitializeRequest \
  --protocol http --endpoint http://localhost:8000/mcp/ --runs-per-type 5

4. Run tools and protocol together

mcp-fuzzer --mode all --phase both --protocol http --endpoint http://localhost:8000/mcp/

Common Commands

# Enable command blocking + safety reporting
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --enable-safety-system --safety-report

# Export results
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --export-csv results.csv --export-html results.html

# Use auth config for the bundled secure_tool example
mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000/mcp/ \
  --auth-config examples/auth_config.json

# Load settings from YAML
mcp-fuzzer --config config.yaml

Example Servers

This repository bundles:

For other stdio usage, point the fuzzer at your own server:

mcp-fuzzer --mode tools --protocol stdio --endpoint "python my_server.py" \
  --enable-safety-system --fs-root /tmp/mcp-safe

More runnable example flows are documented in examples/README.md.

Documentation

Keep the README for the basics. Use the docs for everything else:

License

MIT. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcp_fuzzer-0.4.0.tar.gz (481.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcp_fuzzer-0.4.0-py3-none-any.whl (647.7 kB view details)

Uploaded Python 3

File details

Details for the file mcp_fuzzer-0.4.0.tar.gz.

File metadata

  • Download URL: mcp_fuzzer-0.4.0.tar.gz
  • Upload date:
  • Size: 481.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.4.0.tar.gz
Algorithm Hash digest
SHA256 d4254f8a484ffb51f3465cb7f320fb02c6c6b68067094768196544e3b9d4d57e
MD5 c3b7422efde58235e5615bd580b7850e
BLAKE2b-256 4742e57bb7289d41048b79fd60d55b3a3bbde485fcc4408a762c71873149da41

See more details on using hashes here.

File details

Details for the file mcp_fuzzer-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: mcp_fuzzer-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 647.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.20

File hashes

Hashes for mcp_fuzzer-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 31653c0635542b09fba49e8183a294e918539a931ba175ee24a5f0d48e4948a6
MD5 1a3413603de6695e973150c5fb70fc67
BLAKE2b-256 0b3d1cd1c18b6a380b82c11e9fe80fd57b6b9b0257ef57249ffecf44bfafdf07

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page