by appsecco · MCP Server · ★ 31
README Version 3 is out now! A practical, community-driven checklist for pentesting Model Context Protocol (MCP) servers. This guide covers local and remote MCP server risks, traffic analysis, tool-call behaviors, context boundaries, authorization flows, and unsafe code paths. Originally created for the OWASP Bay Area talk on Pentesting MCP Servers (Oct 2025), this checklist is designed for practitioners performing assessments on MCP-based tools, agents, and integrations. Why this exists MCP servers are becoming the new execution layer for AI agents.
| Stars | 31 |
| Forks | 4 |
| Category | MCP Server |
| License | CC-BY-4.0 |
| Quality Score | 62.8482389905992/100 |
| Last Updated | 2026-04-07 |
| Created | 2025-11-27 |
| Platforms | mcp |
| Est. Tokens | ~16k |
Explore other popular mcp server tools:
pentesting-mcp-servers-checklist is A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licens. It is categorized as a MCP Server with 31 GitHub stars.
You can find installation instructions and usage details in the pentesting-mcp-servers-checklist GitHub repository at github.com/appsecco/pentesting-mcp-servers-checklist. The project has 31 stars and 4 forks, indicating an active community.
pentesting-mcp-servers-checklist is released under the CC-BY-4.0 license, making it free to use and modify according to the license terms.