CHECKLIST
MCP Server Pentest Checklist
A comprehensive penetration testing checklist for Model Context Protocol (MCP) servers. Use this to systematically assess MCP server security before deployment.
1 Reconnaissance
- Identify MCP server endpoints and exposed tools
- Enumerate available MCP resources, prompts, and tools
- Map tool parameters and expected input types
- Check for version disclosure in server metadata
- Review MCP server configuration files and documentation
- Identify third-party dependencies and their versions
2 Authentication & Authorization
- Test for unauthenticated access to MCP tools
- Attempt authentication bypass via malformed tokens
- Test for privilege escalation across tools
- Verify tool-level authorization is enforced
- Check for IDOR vulnerabilities in resource access
- Test session/cookie handling and replay attacks
3 Tool Injection Testing
- Inject malicious parameters into tool calls
- Test for eval() injection through tool arguments
- Attempt command injection via tool inputs
- Test for path traversal in file-accessing tools
- Verify input length limits and boundary checking
- Test for SSRF via tool URL parameters
- Check for NoSQL/SQL injection in tool queries
4 Prompt Injection via MCP Resources
- Embed injection payloads in MCP resource content
- Test for indirect injection via third-party data sources
- Attempt system prompt extraction via tool descriptions
- Test tool description injection (poisoned tool docs)
- Verify resource prompt sanitization
5 Data Exposure Testing
- Check for sensitive data in MCP tool responses
- Verify data exfiltration through return parameters
- Test for verbose error messages leaking internals
- Check logging and monitoring data exposure
- Test for data leakage through timing side-channels
6 Supply Chain Security
- Verify MCP server package signatures
- Review server dependencies for known CVEs
- Check for backdoors in MCP server code
- Verify update mechanism security
- Review tool permissions against least privilege