Goat
БесплатноНе проверенA deliberately vulnerable MCP application for learning MCP security through hands-on exercises covering OWASP MCP Top 10 categories.
Описание
A deliberately vulnerable MCP application for learning MCP security through hands-on exercises covering OWASP MCP Top 10 categories.
README
A deliberately vulnerable MCP (Model Context Protocol) application for learning MCP security through hands-on exercises. Inspired by AndroGoat, OWASP WebGoat, and other vulnerable applications. MCP Goat covers all 10 categories of the OWASP MCP Top 10.
WARNING: This application contains intentionally vulnerable servers. Do NOT expose to untrusted networks. For educational use only.
Quick Start
# Clone the repo
git clone https://github.com/satishpatnayak/MCP-Goat.git
cd MCP-Goat
# Create virtual environment and install
uv venv && source .venv/bin/activate && uv pip install -e .
# OR without uv:
python3 -m venv .venv && source .venv/bin/activate && pip install -e .
# List all challenges
mcp-goat list
# Start a vulnerable server
mcp-goat run mcp01-c01
# View guided exercise instructions
mcp-goat exercise mcp01-c01
# Get LLM client config snippet
mcp-goat config mcp01-c01
How It Works
- Choose a challenge from the list (
mcp-goat list) - Read the exercise (
mcp-goat exercise <id>) to understand the vulnerability - Start the vulnerable server (
mcp-goat run <id>) - Connect your LLM client (Claude Desktop, Cursor, LM Studio, MCP Inspector)
- Explore and exploit the vulnerability following the guided steps
- Learn the mitigations from the solution section
Connecting to Your LLM Client
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"mcp-goat": {
"command": "/full/path/to/mcp-goat/.venv/bin/mcp-goat",
"args": ["run", "mcp01-c01"]
}
}
}
Cursor
Go to Settings → Cursor Settings → MCP → Add new MCP Server, or edit ~/.cursor/mcp.json:
{
"mcpServers": {
"mcp-goat": {
"command": "/full/path/to/mcp-goat/.venv/bin/mcp-goat",
"args": ["run", "mcp01-c01"]
}
}
}
Important: Use the full path to
mcp-goatinside the.venv/bin/directory. LLM clients don't activate virtual environments, so the baremcp-goatcommand won't work.To get your full path, run:
echo "$(pwd)/.venv/bin/mcp-goat"
MCP Inspector
npx @modelcontextprotocol/inspector mcp-goat run mcp01-c01
Challenges
| Category | ID | Title | Difficulty |
|---|---|---|---|
| MCP01 — Token Mismanagement & Secret Exposure | mcp01-c01 | Leaked API Key | Beginner |
| MCP01 — Token Mismanagement & Secret Exposure | mcp01-c02 | Plaintext OAuth Token | Intermediate |
| MCP02 — Privilege Escalation | mcp02-c01 | Path Traversal | Beginner |
| MCP02 — Privilege Escalation | mcp02-c02 | Write Escalation | Intermediate |
| MCP03 — Tool Poisoning | mcp03-c01 | Tool Shadowing | Advanced |
| MCP03 — Tool Poisoning | mcp03-c02 | Hidden Prompt Injection in Description | Intermediate |
| MCP04 — Supply Chain Attacks | mcp04-c01 | Malicious Dependency | Advanced |
| MCP04 — Supply Chain Attacks | mcp04-c02 | Backdoored Plugin | Advanced |
| MCP05 — Command Injection | mcp05-c01 | DNS Lookup Injection | Intermediate |
| MCP05 — Command Injection | mcp05-c02 | SQL Injection | Intermediate |
| MCP06 — Intent Flow Subversion | mcp06-c01 | System Prompt Override | Advanced |
| MCP06 — Intent Flow Subversion | mcp06-c02 | Fake Tool Result Injection | Advanced |
| MCP07 — Insufficient Auth & Authorization | mcp07-c01 | No Authentication | Beginner |
| MCP07 — Insufficient Auth & Authorization | mcp07-c02 | Broken Access Control / IDOR | Intermediate |
| MCP08 — Lack of Audit & Telemetry | mcp08-c01 | Silent Data Exfiltration | Intermediate |
| MCP09 — Shadow Servers | mcp09-c01 | Rogue MCP Server | Advanced |
| MCP10 — Context Injection & Over-Sharing | mcp10-c01 | Cross-Agent Context Leak | Intermediate |
| MCP10 — Context Injection & Over-Sharing | mcp10-c02 | PII Over-Sharing | Beginner |
Adding New Challenges
- Create a directory under
src/mcp_goat/challenges/<category>/<challenge>/ - Add:
__init__.pychallenge.py— subclassChallengewith metadataserver.py— the vulnerable FastMCP serverexercise.md— guided exercise instructions
- Run
mcp-goat list— auto-discovery picks it up immediately
Requirements
- Python 3.11+
- uv (recommended) or pip
- Dependencies (installed automatically):
mcp,click,rich,pyyaml
References
License
MIT
Установка Goat
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/satishpatnayak/MCP-GoatFAQ
Goat MCP бесплатный?
Да, Goat MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Goat?
Нет, Goat работает без API-ключей и переменных окружения.
Goat — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Goat в Claude Desktop, Claude Code или Cursor?
Открой Goat на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Goat with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
