HN Showcase
Back to browse
GitHub Repository
5 starsPython

Mcpwn – nobody's pentesting their MCP servers, so I built a tool for it

by thedorsan·Jun 15, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidNiche GemShip It

Burp proxy and sqlmap integration for MCP servers nobody's testing yet.

Strengths
  • Multi-transport support (stdio, HTTP, SSE) with auto-detection shows real protocol depth
  • sqlmap bridge auto-builds injectable requests with live session IDs — clever integration
  • Interactive shell mode for persistent connections to stateful MCP servers
Weaknesses
  • Extremely narrow audience — MCP security testing is emerging but tiny right now
  • Six commits, zero stars — very early stage, unproven in real engagements
Category
Security
Target Audience

Security researchers and penetration testers working with Model Context Protocol

Similar To

SQL-tap · Burp Suite · sqlmap

Similar Projects

Security●●Solid

Goshs – Single-binary server for red teamers: HTTP/S,SMB,NTLM,DNS/SMTP

One binary replaces impacket, responder, and SimpleHTTPServer for mid-engagement ops.

Solve My ProblemNiche Gem
patrickhener
301mo ago
Developer Tools●●Solid

MCP Gateway – Zero-Trust Access to MCP Tool Servers

Zero-trust MCP sharing over OpenZiti with no listening ports or VPN setup required.

Big BrainSolve My Problem
michaelquigley
422mo ago