MCPhacker
PricingSign In
AI-Powered MCP Security Scanner

Test the security of MCP servers

Automated pentesting for Model Context Protocol servers. Injection attacks, auth bypass, prompt injection, SSRF, and 60+ security checks powered by AI.

Start ScanningSee How It Works
0+

Security Checks

0

Attack Categories

< 0min

Average Scan Time

How It Works

Three steps to a complete security audit

01

Enter your MCP server URL

Paste your server endpoint. We support SSE and Streamable HTTP transports.

02

AI analyzes 60+ attack vectors

Our engine runs authentication, injection, fuzzing, SSRF, and protocol abuse checks with AI-powered analysis.

03

Get a detailed vulnerability report

Review findings by severity, get AI-generated exploit suggestions, and actionable remediation steps.

Comprehensive Security Testing

Four pillars of attack coverage, each with deep module-level checks

Auth & Transport

  • Missing authentication detection
  • Weak API key analysis
  • TLS configuration audit
  • CORS misconfiguration testing
  • Session fixation checks

Injection Detection

  • SQL & NoSQL injection
  • OS command injection
  • Template injection (SSTI)
  • Path traversal & LFI
  • SSRF endpoint probing

Protocol Fuzzing

  • JSON-RPC malformation
  • Parameter boundary testing
  • MCP lifecycle abuse
  • Schema bypass fuzzing
  • Hang & DoS detection

AI Exploitation

  • Prompt injection detection
  • Exploit chain analysis
  • Adaptive payload generation
  • Context manipulation testing
  • Tool poisoning detection

Purpose-Built AI Engine

Not a wrapper around ChatGPT. MCPhacker uses a custom-trained model specifically designed for MCP security analysis — with no content restrictions on security testing. It generates real exploit chains, actual payloads, and actionable attack vectors.

Custom TrainedUnrestrictedMCP-Specialized
  • Real exploit generation

    Actual payloads and proof-of-concept code, not theoretical descriptions

  • Unrestricted security analysis

    No content filters blocking legitimate security testing output

  • MCP protocol expertise

    Trained specifically on MCP attack surfaces, JSON-RPC, and tool abuse patterns

  • Priority scoring

    Exploitability and impact assessment with actionable remediation steps

mcphacker — scan
 

Your Privacy, Our Priority

Security tools that spy on you aren't security tools. MCPhacker is built with a zero-knowledge architecture — we can't read your results even if we wanted to.

Zero-knowledge encryption

Your scan results are encrypted client-side before reaching our servers. We literally cannot read them.

Email-only authentication

No passwords stored, no OAuth tracking. Just a magic link to your email. Minimal data, maximum privacy.

Your results stay yours

Download your reports as JSON or PDF anytime. Delete your data with one click. No vendor lock-in.

Ethical Security Research Only

MCPhacker is a tool designed exclusively for authorized security testing. We actively oppose cybercrime and any form of unauthorized access. This platform exists to help developers and security professionals find and fix vulnerabilities in their own systems — not to attack others.

You may only scan servers you own or have explicit written permission to test.
By using MCPhacker, you accept our Terms of Service and Acceptable Use Policy.
We are not responsible for any illegal or unauthorized use of this tool. All liability falls on the user.
This is precisely why we use zero-knowledge encryption and store minimal data — your privacy protects everyone.

Compatible With

Scans servers built with any MCP-compatible framework

OpenAIAnthropicLangChainMCP ProtocolJSON-RPCSSE / HTTPVercel AI SDKLlamaIndex
60+

Attack Modules

11

Security Categories

3

AI Analysis Services

The Team

An independent collaboration between security researchers and AI specialists

AC

Albert Corzo

Creator & Agentic Architect

Independent developer and security researcher. Designed and built MCPhacker's agentic architecture — from the Go scanning engine to the AI analysis pipeline.

NN

Nguyen Nguyen

Co-Founder, Cyber Armor LLC

Co-founder of Cyber Armor LLC. Cybersecurity expert focused on AI security strategy and offensive security research.

Cyber Armor LLC

The company behind MCPhacker

Ready to secure your MCP servers?

Start scanning for free. No credit card required. Get your first security report in under 5 minutes.

Start Free Scan