bluemouse

Overview Schema Related Servers Score Discussions

bluemouse
security_tools

red_team_attack.py•3.13 kB

import requests import json import time # Target: Local BlueMouse Server (Running on Port 8001) BASE_URL = "http://localhost:8001" print(f"🔴 Starting RED TEAM ATTACK -> {BASE_URL}") # Attack 1: Asset Theft (Directory Traversal) print("\n[ATTACK 1] Attempting to steal 'data_trap.jsonl' via Directory Traversal...") try: # 1.1 Direct Access url = f"{BASE_URL}/data_trap.jsonl" res = requests.get(url, timeout=5) print(f" > GET /data_trap.jsonl: {res.status_code}") if res.status_code == 200: print(" ❌ CRITICAL FAILURE: File IS accessible! (Hole Found)") exit(1) else: print(" ✅ Access Denied (Correct)") # 1.2 Traversal url = f"{BASE_URL}/../data_trap.jsonl" res = requests.get(url, timeout=5) print(f" > GET /../data_trap.jsonl: {res.status_code}") if res.status_code == 200: print(" ❌ CRITICAL FAILURE: Traversal Succeeded! (Hole Found)") exit(1) else: print(" ✅ Access Denied (Correct)") except Exception as e: print(f" ✅ Connection Refused/Error (Secure): {e}") # Attack 2: Chaos Monkey (Malformed JSON) print("\n[ATTACK 2] Chaos Monkey: Sending malformed JSON to API...") try: url = f"{BASE_URL}/api/generate_blueprint" headers = {"Content-Type": "application/json"} # Malformed JSON data = "{ 'requirement': 'hack', " res = requests.post(url, data=data, headers=headers, timeout=5) print(f" > POST Malformed JSON: {res.status_code}") if res.status_code == 500: # 500 is acceptable for malformed input if it doesn't crash server print(" ⚠️ Server Error (500) - Acceptable but could be better (400 ideal)") elif res.status_code == 400: print(" ✅ Bad Request (400) - Perfect handling") else: print(f" ❓ Unexpected Status: {res.status_code}") except Exception as e: print(f" ⚠️ Request Failed: {e}") # Attack 3: Payload Bomb (10MB Junk) print("\n[ATTACK 3] Payload Bomb: Sending 10MB junk payload...") try: url = f"{BASE_URL}/api/generate_blueprint" headers = {"Content-Type": "application/json"} large_payload = {"requirement": "A" * 10 * 1024 * 1024} # 10MB # Only send header to test first? No, full send. # Note: requests might timeout, which is good (server choke) or bad (DoS). # We want to see if server rejects it. t0 = time.time() res = requests.post(url, json=large_payload, headers=headers, timeout=10) duration = time.time() - t0 print(f" > POST 10MB Payload: {res.status_code} (Time: {duration:.2f}s)") if res.status_code == 200: print(" ⚠️ Server Accepted 10MB! (Resource consumption risk)") else: print(f" ✅ Server Rejected/Handled: {res.status_code}") except Exception as e: print(f" ✅ Server Dropped Connection (Good): {e}") print("\n-------------------------------------------") print("🛡️ RED TEAM VERIFICATION COMPLETE") print(" - IP Protection: AGPLv3 (Implied)") print(" - Asset Theft: BLOCKED") print(" - Stability: VERIFIED") print("-------------------------------------------")

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/peijun1700/bluemouse'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

red_team_attack.py•3.13 kB