├── .flake8 ├── .github ├── mcp-scan-cmd-banner.png ├── mcp-scan-cmd-banner.png.url └── workflows │ └── tests.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .python-version ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── demo.svg ├── demoserver ├── README.md ├── pyproject.toml └── server.py ├── pyproject.toml ├── scan_api.py ├── src ├── mcp_scan │ ├── MCPScanner.py │ ├── Storage.py │ ├── __init__.py │ ├── cli.py │ ├── direct_scanner.py │ ├── gateway.py │ ├── identity.py │ ├── lib.py │ ├── mcp_client.py │ ├── mcp_server.py │ ├── models.py │ ├── policy.gr │ ├── printer.py │ ├── redact.py │ ├── run.py │ ├── traffic_capture.py │ ├── upload.py │ ├── utils.py │ ├── verify_api.py │ ├── version.py │ └── well_known_clients.py └── mcp_scan_server │ ├── __init__.py │ ├── activity_logger.py │ ├── format_guardrail.py │ ├── guardrail_templates │ ├── __init__.py │ ├── links.gr │ ├── moderated.gr │ ├── pii.gr │ ├── secrets.gr │ └── tool_templates │ │ └── disable_tool.gr │ ├── models.py │ ├── parse_config.py │ ├── routes │ ├── __init__.py │ ├── policies.py │ ├── push.py │ ├── trace.py │ └── user.py │ ├── server.py │ └── session_store.py └── tests ├── __init__.py ├── conftest.py ├── e2e ├── __init__.py ├── test_full_proxy_flow.py └── test_full_scan_flow.py ├── mcp_servers ├── configs_files │ ├── all_config.json │ ├── math_config.json │ ├── multiple_transport.json │ ├── sbb_config.json │ ├── vs_code_settings_file_with_empty_mcp.json │ ├── vs_code_settings_file_without_mcp.json │ └── weather_config.json ├── ignored_server.py ├── math_server.py ├── multiple_transport_server.py ├── sbb_server.py ├── signatures │ ├── math_server_signature.json │ └── weather_server_signature.json └── weather_server.py ├── test_configs.json └── unit ├── __init__.py ├── test_cli_parsing.py ├── test_config_scan.py ├── test_control_server.py ├── test_entity_to_tool.py ├── test_gateway.py ├── test_inspect_tools.py ├── test_mcp_client.py ├── test_mcp_scan_server.py ├── test_redact.py ├── test_session.py ├── test_storage_file.py ├── test_utils.py └── test_verify_api.py /.flake8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/.flake8 -------------------------------------------------------------------------------- /.github/mcp-scan-cmd-banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/.github/mcp-scan-cmd-banner.png -------------------------------------------------------------------------------- /.github/mcp-scan-cmd-banner.png.url: -------------------------------------------------------------------------------- 1 | https://ray.so/1bk0Jqk 2 | -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/.github/workflows/tests.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.python-version: -------------------------------------------------------------------------------- 1 | 3.13 2 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/README.md -------------------------------------------------------------------------------- /demo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/demo.svg -------------------------------------------------------------------------------- /demoserver/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/demoserver/README.md -------------------------------------------------------------------------------- /demoserver/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/demoserver/pyproject.toml -------------------------------------------------------------------------------- /demoserver/server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/demoserver/server.py -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/pyproject.toml -------------------------------------------------------------------------------- /scan_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/scan_api.py -------------------------------------------------------------------------------- /src/mcp_scan/MCPScanner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/MCPScanner.py -------------------------------------------------------------------------------- /src/mcp_scan/Storage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/Storage.py -------------------------------------------------------------------------------- /src/mcp_scan/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/__init__.py -------------------------------------------------------------------------------- /src/mcp_scan/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/cli.py -------------------------------------------------------------------------------- /src/mcp_scan/direct_scanner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/direct_scanner.py -------------------------------------------------------------------------------- /src/mcp_scan/gateway.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/gateway.py -------------------------------------------------------------------------------- /src/mcp_scan/identity.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/identity.py -------------------------------------------------------------------------------- /src/mcp_scan/lib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/lib.py -------------------------------------------------------------------------------- /src/mcp_scan/mcp_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/mcp_client.py -------------------------------------------------------------------------------- /src/mcp_scan/mcp_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/mcp_server.py -------------------------------------------------------------------------------- /src/mcp_scan/models.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/models.py -------------------------------------------------------------------------------- /src/mcp_scan/policy.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/policy.gr -------------------------------------------------------------------------------- /src/mcp_scan/printer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/printer.py -------------------------------------------------------------------------------- /src/mcp_scan/redact.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/redact.py -------------------------------------------------------------------------------- /src/mcp_scan/run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/run.py -------------------------------------------------------------------------------- /src/mcp_scan/traffic_capture.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/traffic_capture.py -------------------------------------------------------------------------------- /src/mcp_scan/upload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/upload.py -------------------------------------------------------------------------------- /src/mcp_scan/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/utils.py -------------------------------------------------------------------------------- /src/mcp_scan/verify_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/verify_api.py -------------------------------------------------------------------------------- /src/mcp_scan/version.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/version.py -------------------------------------------------------------------------------- /src/mcp_scan/well_known_clients.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan/well_known_clients.py -------------------------------------------------------------------------------- /src/mcp_scan_server/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/mcp_scan_server/activity_logger.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/activity_logger.py -------------------------------------------------------------------------------- /src/mcp_scan_server/format_guardrail.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/format_guardrail.py -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/links.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/guardrail_templates/links.gr -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/moderated.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/guardrail_templates/moderated.gr -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/pii.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/guardrail_templates/pii.gr -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/secrets.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/guardrail_templates/secrets.gr -------------------------------------------------------------------------------- /src/mcp_scan_server/guardrail_templates/tool_templates/disable_tool.gr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/guardrail_templates/tool_templates/disable_tool.gr -------------------------------------------------------------------------------- /src/mcp_scan_server/models.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/models.py -------------------------------------------------------------------------------- /src/mcp_scan_server/parse_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/parse_config.py -------------------------------------------------------------------------------- /src/mcp_scan_server/routes/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/mcp_scan_server/routes/policies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/routes/policies.py -------------------------------------------------------------------------------- /src/mcp_scan_server/routes/push.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/routes/push.py -------------------------------------------------------------------------------- /src/mcp_scan_server/routes/trace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/routes/trace.py -------------------------------------------------------------------------------- /src/mcp_scan_server/routes/user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/routes/user.py -------------------------------------------------------------------------------- /src/mcp_scan_server/server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/server.py -------------------------------------------------------------------------------- /src/mcp_scan_server/session_store.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/src/mcp_scan_server/session_store.py -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | """Test package for mcp-scan.""" 2 | -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/e2e/__init__.py: -------------------------------------------------------------------------------- 1 | """End-to-end tests package for mcp-scan.""" 2 | -------------------------------------------------------------------------------- /tests/e2e/test_full_proxy_flow.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/e2e/test_full_proxy_flow.py -------------------------------------------------------------------------------- /tests/e2e/test_full_scan_flow.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/e2e/test_full_scan_flow.py -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/all_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/all_config.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/math_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/math_config.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/multiple_transport.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/multiple_transport.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/sbb_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/sbb_config.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/vs_code_settings_file_with_empty_mcp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/vs_code_settings_file_with_empty_mcp.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/vs_code_settings_file_without_mcp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/vs_code_settings_file_without_mcp.json -------------------------------------------------------------------------------- /tests/mcp_servers/configs_files/weather_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/configs_files/weather_config.json -------------------------------------------------------------------------------- /tests/mcp_servers/ignored_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/ignored_server.py -------------------------------------------------------------------------------- /tests/mcp_servers/math_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/math_server.py -------------------------------------------------------------------------------- /tests/mcp_servers/multiple_transport_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/multiple_transport_server.py -------------------------------------------------------------------------------- /tests/mcp_servers/sbb_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/sbb_server.py -------------------------------------------------------------------------------- /tests/mcp_servers/signatures/math_server_signature.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/signatures/math_server_signature.json -------------------------------------------------------------------------------- /tests/mcp_servers/signatures/weather_server_signature.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/signatures/weather_server_signature.json -------------------------------------------------------------------------------- /tests/mcp_servers/weather_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/mcp_servers/weather_server.py -------------------------------------------------------------------------------- /tests/test_configs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/test_configs.json -------------------------------------------------------------------------------- /tests/unit/__init__.py: -------------------------------------------------------------------------------- 1 | """Unit tests package for mcp-scan.""" 2 | -------------------------------------------------------------------------------- /tests/unit/test_cli_parsing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_cli_parsing.py -------------------------------------------------------------------------------- /tests/unit/test_config_scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_config_scan.py -------------------------------------------------------------------------------- /tests/unit/test_control_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_control_server.py -------------------------------------------------------------------------------- /tests/unit/test_entity_to_tool.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_entity_to_tool.py -------------------------------------------------------------------------------- /tests/unit/test_gateway.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_gateway.py -------------------------------------------------------------------------------- /tests/unit/test_inspect_tools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_inspect_tools.py -------------------------------------------------------------------------------- /tests/unit/test_mcp_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_mcp_client.py -------------------------------------------------------------------------------- /tests/unit/test_mcp_scan_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_mcp_scan_server.py -------------------------------------------------------------------------------- /tests/unit/test_redact.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_redact.py -------------------------------------------------------------------------------- /tests/unit/test_session.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_session.py -------------------------------------------------------------------------------- /tests/unit/test_storage_file.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_storage_file.py -------------------------------------------------------------------------------- /tests/unit/test_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/invariantlabs-ai/mcp-scan/HEAD/tests/unit/test_utils.py -------------------------------------------------------------------------------- /tests/unit/test_verify_api.py: -------------------------------------------------------------------------------- 1 | --------------------------------------------------------------------------------