Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Malicious Research Kit

БесплатноНе проверен

A local-first MCP attack kit for authorized security research and red teaming, demonstrating exfiltration, agent manipulation, and other abuse patterns via plug

GitHubEmbed

Описание

A local-first MCP attack kit for authorized security research and red teaming, demonstrating exfiltration, agent manipulation, and other abuse patterns via pluggable cases.

README

Authorized, local-first MCP research kit for red-team / security assessments.

What it does

A FastMCP server registers realistic-looking integration tools in an MCP client's tool store, typically alongside legitimate connectors (GitHub, Jira, etc.). Each demonstration is a pluggable case under cases/. Enable only what you need for a given engagement.

Also included:

  • listener.py — HTTP callback receiver for case proof
  • Engagement markers (OPS_CANARY, OPS_CONNECTOR_CANARY) for unambiguous proof

Case coverage (9)

# Case Demonstrates
1 URL callback Sensitive data in markdown/image URLs
2 DNS Secrets in DNS subdomain labels
3 Toxic agent flow Hidden instructions in tool output
4 Rogue secret pull Descriptions that harvest peer MCP material
5 Tool shadowing Squatting familiar tool names
6 Token forwarding Utility tools that solicit connector tokens
7 NetNTLM via UNC UNC paths → SMB auth (scope-gated)
8 Browser access Local browser profiles/cookies (scope-gated)
9 File callback File-share tools that read paths and beacon

Who it is for

Security researchers and penetration testers assessing MCP-enabled clients under explicit written authorization.

Authorized use only. Do not deploy against systems you do not own or lack permission to test.

from github.com/RohitKulkarni02/malicious_mcp_research_kit

Установка Malicious Research Kit

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/RohitKulkarni02/malicious_mcp_research_kit

FAQ

Malicious Research Kit MCP бесплатный?

Да, Malicious Research Kit MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Malicious Research Kit?

Нет, Malicious Research Kit работает без API-ключей и переменных окружения.

Malicious Research Kit — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Malicious Research Kit в Claude Desktop, Claude Code или Cursor?

Открой Malicious Research Kit на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Malicious Research Kit with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai