Vulnerable MCP Server

This project is an intentionally vulnerable MCP (Model Context Protocol) app, designed for security research.

DO NOT use in production environments.
It executes raw SQL and system commands with no authentication or restrictions.

⚙️ MCP SERVER

A command execution server that combines:

FastAPI for the HTTP interface
SQLite as a persistent database
Ollama LLM to interpret natural language queries
JSON-RPC as the main API protocol

This system routes natural language input to either SQL queries or shell commands, using a locally running LLM via Ollama.

Built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities
via FastAPI, JSON-RPC, and LLM-based decision logic.

⚙️ WARNING: Security Notice

This app is intentionally insecure:

❗ No authentication or access control
❗ Accepts and executes raw SQL queries and shell commands
❗ No input validation
❗ LLM responses are blindly executed

Use only in isolated environments, CTFs, or research labs.

⚙️ Features

LLM-based decision logic for command routing (SQL or CLI)
Native execution of SQL and terminal commands
Auto-initializing SQLite database with sample data
Simple, pluggable JSON-RPC methods
Vulnerable by design — suitable for offensive/defensive testing

⚙️ Installation

git clone https://github.com/your-repo/mcp-vulnerable-app.git
cd mcp-vulnerable-app

docker-compose up --build
docker network connect mcplab ollama
docker network connect mcplab mcp_internal
docker network connect mcplab mcp_remote

This server cannot be installed

security - not tested

license - not tested

quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Intentionally vulnerable Model Context Protocol (MCP) server designed for security research that processes natural language queries through an LLM to execute SQL queries or shell commands without restrictions.

Related MCP Servers

mcp-hn
erithwik
A
security
A
license
A
quality
A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
Last updated -
4
6
Python
MIT License
mcp-turso-cloud
spences10
A
security
A
license
A
quality
🗂️ A Model Context Protocol (MCP) server that provides integration with Turso databases for LLMs. This server implements a two-level authentication system to handle both organization-level and database-level operations, making it easy to manage and query Turso databases directly from LLMs.
Last updated -
8
107
8
TypeScript
MIT License
MCP Firebird
PuroDelphi
A
security
A
license
A
quality
A server implementing Anthropic's Model Context Protocol (MCP) for Firebird SQL databases, enabling Claude and other LLMs to securely access, analyze, and manipulate data in Firebird databases through natural language.
Last updated -
14
729
21
TypeScript
MIT License
Osmosis
jonator
-
security
A
license
-
quality
A Model Context Protocol (MCP) server implementation that enables LLMs to interact with the Osmosis protocol, allowing for querying and transaction functionality through natural language.
Last updated -
9
TypeScript
MIT License

View all related MCP servers

Vulnerable MCP Server