{"id":35093990,"url":"https://github.com/cisco-ai-defense/mcp-scanner","last_synced_at":"2026-05-29T05:00:50.880Z","repository":{"id":316483051,"uuid":"1062952726","full_name":"cisco-ai-defense/mcp-scanner","owner":"cisco-ai-defense","description":"Scan MCP servers for potential threats \u0026 security findings.","archived":false,"fork":false,"pushed_at":"2026-05-19T20:58:44.000Z","size":4773,"stargazers_count":930,"open_issues_count":24,"forks_count":113,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-05-19T21:05:57.179Z","etag":null,"topics":["agents","ai","mcp","security"],"latest_commit_sha":null,"homepage":"https://blogs.cisco.com/ai/securing-the-ai-agent-supply-chain-with-ciscos-open-source-mcp-scanner","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cisco-ai-defense.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-24T01:02:24.000Z","updated_at":"2026-05-19T18:46:32.000Z","dependencies_parsed_at":"2026-01-07T22:10:44.146Z","dependency_job_id":null,"html_url":"https://github.com/cisco-ai-defense/mcp-scanner","commit_stats":null,"previous_names":["cisco-ai-defense/mcp-scanner"],"tags_count":37,"template":false,"template_full_name":null,"purl":"pkg:github/cisco-ai-defense/mcp-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisco-ai-defense%2Fmcp-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisco-ai-defense%2Fmcp-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisco-ai-defense%2Fmcp-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisco-ai-defense%2Fmcp-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cisco-ai-defense","download_url":"https://codeload.github.com/cisco-ai-defense/mcp-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisco-ai-defense%2Fmcp-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33637485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","mcp","security"],"created_at":"2025-12-27T15:04:24.309Z","updated_at":"2026-05-29T05:00:50.867Z","avatar_url":"https://github.com/cisco-ai-defense.png","language":"Python","funding_links":[],"categories":["📚 Projects (1974 total)","Python","🔌 MCP Security"],"sub_categories":["MCP Servers","Scanners and Auditors"],"readme":"# MCP Scanner\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://www.python.org/downloads/)\n[![PyPI](https://img.shields.io/pypi/v/cisco-ai-mcp-scanner.svg)](https://pypi.org/project/cisco-ai-mcp-scanner/)\n[![Discord](https://img.shields.io/badge/Discord-Join%20Us-7289DA?logo=discord\u0026logoColor=white)](https://discord.com/invite/nKWtDcXxtx)\n[![Cisco AI Defense](https://img.shields.io/badge/Cisco-AI%20Defense-049fd9?logo=cisco\u0026logoColor=white)](https://www.cisco.com/site/us/en/products/security/ai-defense/index.html)\n[![AI Security and Safety Framework](https://img.shields.io/badge/AI%20Security-Framework-orange)](https://learn-cloudsecurity.cisco.com/ai-security-framework)\n\nA Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings. The MCP Scanner combines Cisco AI Defense inspect API, YARA rules and LLM-as-a-judge to detect malicious MCP tools.\n\n## Overview\n\nThe MCP Scanner provides a comprehensive solution for scanning MCP servers and tools for security findings. It leverages three powerful scanning engines (Yara, LLM-as-judge, Cisco AI Defense) that can be used together or independently.\n\nThe SDK is designed to be easy to use while providing powerful scanning capabilities, flexible authentication options, and customization.\n\n![MCP Scanner](https://github.com/cisco-ai-defense/mcp-scanner/raw/main/images/mcp_scanner.gif?raw=true)\n\n\n## Features\n\n- **Multiple Modes:** Run scanner as a stand-alone CLI tool or REST API server\n- **Multi-Engine Security Analysis**: Use all three scanning engines together or independently based on your needs.\n- **Vulnerable Packages Scanning**: Scan Python dependencies for known vulnerabilities (CVE/PYSEC/GHSA) using pip-audit integration.\n- **Readiness Scanning**: Zero-dependency static analysis for production readiness issues (timeouts, retries, error handling).\n- **Comprehensive Scanning**: Scan MCP tools, prompts, resources, and server instructions for security findings\n- **Behavioural Code Scanning**: Scan Source code of MCP servers for finding threats.\n- **VirusTotal Binary Scanning**: Automatically detect malware in binary files (images, PDFs, executables, archives) bundled with MCP servers using VirusTotal hash lookups.\n- **Behavioural Code Scanning**: Scan Source code of MCP servers for detecting threats.\n- **Static/Offline Scanning**: Scan pre-generated JSON files without live server connections - perfect for CI/CD pipelines and air-gapped environments\n- **Explicit Authentication Control**: Fine-grained control over authentication with explicit Auth parameters.\n- **OAuth Support**: Full OAuth authentication support for both SSE and streamable HTTP connections.\n- **Custom Endpoints**: Configure the API endpoint to support any Cisco AI Defense environments.\n- **MCP Server Integration**: Connect directly to MCP servers to scan tools, prompts, and resources with flexible authentication.\n- **Customizable YARA Rules**: Add your own YARA rules to detect specific patterns.\n- **Comprehensive Reporting**: Detailed reports on detected security findings.\n\n\n## Installation\n\n### Prerequisites\n\n- Python 3.11+\n- uv (Python package manager)\n- A valid Cisco AI Defense API Key (optional)\n- LLM Provider API Key (optional)\n- VirusTotal API Key (optional, for binary file malware scanning)\n\n### Installing as a CLI tool\n\n```bash\nuv tool install --python 3.13 cisco-ai-mcp-scanner\n```\n\nAlternatively, you can install from source:\n\n```bash\nuv tool install --python 3.13 --from git+https://github.com/cisco-ai-defense/mcp-scanner cisco-ai-mcp-scanner\n```\n\n\n### Installing for local development\n\n```bash\ngit clone https://github.com/cisco-ai-defense/mcp-scanner\ncd mcp-scanner\nuv sync --python 3.13 \n```\n\n### Install as a dependency in other projects\n\nAdd MCP Scanner as a dependency using uv. From your project root (initialize with uv if needed):\n\n```bash\nuv init --python 3.13 #if not already done\nuv add cisco-ai-mcp-scanner\n# then activate the virtual environment:\n## macOS and Linux: source .venv/bin/activate\n## Windows CMD: .venv\\Scripts\\activate\n## Windows PWSH: .venv\\Scripts\\Activate.ps1\nuv sync\n```\n\nThe module name is `mcpscanner`. Import this module with:\n\n```python\n# import everything (not recommended)\nimport mcpscanner\n\n# selective imports (recommended). For example:\nfrom mcpscanner import Config, Scanner\nfrom mcpscanner.core.models import AnalyzerEnum\n```\n\n## Quick Start\n\n### Environment Setup\n\n#### Core API Configuration\n\n```bash\nCisco AI Defense API (only required for API analyzer)\nexport MCP_SCANNER_API_KEY=\"your_cisco_api_key\"\nexport MCP_SCANNER_ENDPOINT=\"https://us.api.inspect.aidefense.security.cisco.com/api/v1\"\n# For other endpoints please visit https://developer.cisco.com/docs/ai-defense/getting-started/#base-url\n```\n\n#### LLM Configuration (for LLM analyzer and Code Behavioral Analyzer)\n\n**Tested LLMs:** OpenAI GPT-4o and GPT-4.1 | AWS Bedrock Claude 4.5 Sonnet\n\n```bash\n# AWS Bedrock Claude with AWS credentials (profile)\nexport AWS_PROFILE=\"your-profile\"\nexport AWS_REGION=\"us-east-1\"\nexport MCP_SCANNER_LLM_MODEL=\"bedrock/anthropic.claude-sonnet-4-5-20250929-v2:0\" # Any AWS Bedrock supported model\n\n# AWS Bedrock Claude with API key (Bearer token)\nexport MCP_SCANNER_LLM_API_KEY=\"bedrock-api-key-...\" # Generated via Amazon Bedrock -\u003e API Keys\nexport AWS_REGION=\"us-east-1\"\nexport MCP_SCANNER_LLM_MODEL=\"bedrock/us.anthropic.claude-sonnet-4-5-20250929-v2:0\" # Any AWS Bedrock supported model\n\n# LLM Provider API Key (required for LLM analyzer)\nexport MCP_SCANNER_LLM_API_KEY=\"your_llm_api_key\"  # OpenAI\n\n# LLM Model Configuration (optional - defaults provided)\nexport MCP_SCANNER_LLM_MODEL=\"gpt-5.2\"  # Any LiteLLM-supported model\nexport MCP_SCANNER_LLM_BASE_URL=\"https://api.openai.com/v1\"  # Custom LLM endpoint\nexport MCP_SCANNER_LLM_API_VERSION=\"2025-04-01-preview\"  # API version (if required)\n\n# For Azure OpenAI (example)\nexport MCP_SCANNER_LLM_BASE_URL=\"https://your-resource.openai.azure.com/\"\nexport MCP_SCANNER_LLM_API_VERSION=\"2025-04-01-preview\"\nexport MCP_SCANNER_LLM_MODEL=\"azure/gpt-5.2\"\n\n# For Extended Thinking Models (longer timeout)\nexport MCP_SCANNER_LLM_TIMEOUT=300\n```\nNote: If you are using models from Azure Foundry, set the MCP_SCANNER_LLM_BASE_URL and MCP_SCANNER_LLM_MODEL environment variables, as Microsoft has deprecated the need for MCP_SCANNER_LLM_API_VERSION.\n\n#### VirusTotal Configuration (for file/directory malware scanning)\n\nThe VirusTotal analyzer scans files and directories against VirusTotal's malware database using SHA256 hash lookups. It runs as a standalone analyzer via the `virustotal` subcommand or as part of `--analyzers virustotal`.\n\n```bash\n# VirusTotal API key (get one free at https://www.virustotal.com/)\nexport VIRUSTOTAL_API_KEY=\"your_virustotal_api_key\"\n\n# Optional: explicitly disable VirusTotal scanning even when API key is present.\n# When not set, scanning is auto-enabled if VIRUSTOTAL_API_KEY is configured.\n# Set to \"false\" to skip VT scanning without removing the API key (e.g. in CI).\nexport MCP_SCANNER_VIRUSTOTAL_ENABLED=false\n\n# Optional: Upload unknown files to VirusTotal for scanning (default: false, privacy-friendly)\nexport MCP_SCANNER_VIRUSTOTAL_UPLOAD_FILES=false\n\n# Optional: Max files to scan per directory (default: 10, set to 0 for unlimited)\nexport MCP_SCANNER_VT_MAX_FILES=10\n```\n\n\u003e **Note:** Without `VIRUSTOTAL_API_KEY`, files will not be scanned for malware. When enabled, the analyzer uses configurable inclusion/exclusion extension lists to determine which files to scan, skipping `__pycache__` and hidden directories.\n\n#### Stdio Connection Timeout\n\nWhen scanning stdio MCP servers, the scanner waits for the server process to start and respond. The default timeout is 60 seconds, which may be insufficient for servers that download large dependencies on first run. This setting only affects the stdio server connection; LLM/API call timeouts are controlled separately via `MCP_SCANNER_LLM_TIMEOUT`.\n\n```bash\n# Increase stdio server startup timeout (default: 60 seconds)\nexport MCP_SCANNER_STDIO_TIMEOUT=180  # 3 minutes — useful for servers with heavy deps\n\n# Or use the CLI flag (overrides the environment variable)\nmcp-scanner --stdio-timeout 180 stdio --stdio-command uvx --stdio-arg mcp-clickhouse\n```\n\n#### Using a Local LLM (No API Key Required)\n\nIf you are using a local LLM endpoint such as Ollama, vLLM, or LocalAI,\nthe `MCP_SCANNER_LLM_API_KEY` variable is still required but can be set to any value.\n\nExample:\n```bash\nexport MCP_SCANNER_LLM_API_KEY=test\nexport MCP_SCANNER_LLM_ENDPOINT=http://localhost:11434\n```\n\n### Quick Start Examples\n\nThe fastest way to get started is using the `mcp-scanner` CLI command. Global flags (like `--analyzers`, `--format`, etc.) must be placed before a subcommand.\n\n#### CLI Usage\n\n```bash\n# Scan well-known client configs on this machine\nmcp-scanner --scan-known-configs --analyzers yara --format summary\n\n# Stdio server (example using uvx mcp-server-fetch)\nmcp-scanner --stdio-command uvx --stdio-arg=--from --stdio-arg=mcp-server-fetch --stdio-arg=mcp-server-fetch --analyzers yara --format summary\n\n# Remote server (deepwiki example)\nmcp-scanner --server-url https://mcp.deepwiki.com/mcp --analyzers yara --format summary\n\n# Suppress all output below ERROR (useful in CI/CD)\nmcp-scanner --log-level error --analyzers yara --format raw --server-url https://mcp.deepwiki.com/mcp\n\n# MCP Scanner as REST API\nmcp-scanner-api --host 0.0.0.0 --port 8080\n\n```\n\n#### SDK Usage\n\n```python\nimport asyncio\nimport os\nfrom mcpscanner import Config, Scanner, set_log_level\nfrom mcpscanner.core.models import AnalyzerEnum\nimport logging\n\nasync def main():\n    # Suppress all mcpscanner logs below ERROR\n    set_log_level(logging.ERROR)\n\n    # Create configuration with your API keys\n    config = Config(\n        api_key=\"your_cisco_api_key\",\n        llm_provider_api_key=\"your_llm_api_key\"\n    )\n\n    # Create scanner\n    scanner = Scanner(config)\n\n    # Scan all tools on a remote server\n    tool_results = await scanner.scan_remote_server_tools(\n        \"https://mcp.deepwiki.com/mcp\",\n        analyzers=[AnalyzerEnum.API, AnalyzerEnum.YARA, AnalyzerEnum.LLM]\n    )\n\n    # Print tool results\n    for result in tool_results:\n        print(f\"Tool: {result.tool_name}, Safe: {result.is_safe}\")\n\n    # Scan all prompts on a server\n    prompt_results = await scanner.scan_remote_server_prompts(\n        \"http://127.0.0.1:8000/mcp\",\n        analyzers=[AnalyzerEnum.LLM]\n    )\n\n    # Print prompt results\n    for result in prompt_results:\n        print(f\"Prompt: {result.prompt_name}, Safe: {result.is_safe}\")\n\n    # Scan all resources on a server\n    resource_results = await scanner.scan_remote_server_resources(\n        \"http://127.0.0.1:8000/mcp\",\n        analyzers=[AnalyzerEnum.LLM],\n        allowed_mime_types=[\"text/plain\", \"text/html\"]\n    )\n\n    # Print resource results\n    for result in resource_results:\n        print(f\"Resource: {result.resource_name}, Safe: {result.is_safe}, Status: {result.status}\")\n\n    # Scan a stdio server while suppressing its stderr output\n    from mcpscanner.core.mcp_models import StdioServer\n    server = StdioServer(command=\"uvx\", args=[\"mcp-server-fetch\"])\n    with open(os.devnull, \"w\") as devnull:\n        stdio_results = await scanner.scan_stdio_server_tools(\n            server,\n            analyzers=[AnalyzerEnum.YARA],\n            errlog=devnull\n        )\n\n# Run the scanner\nasyncio.run(main())\n```\n\n#### Subcommands Overview\n\n- **remote**: scan a remote MCP server (SSE or streamable HTTP). Supports `--server-url`, optional `--bearer-token`, `--header`.\n- **stdio**: launch and scan a stdio MCP server. Requires `--stdio-command`; accepts `--stdio-args`, `--stdio-env`, optional `--stdio-tool`, `--stdio-timeout`.\n- **config**: scan servers from a specific MCP config file. Requires `--config-path`; optional `--bearer-token`.\n- **known-configs**: scan servers from well-known client config locations on this machine; optional `--bearer-token`.\n- **prompts**: scan prompts on an MCP server. Requires `--server-url`; optional `--prompt-name`, `--bearer-token`, `--header`.\n- **resources**: scan resources on an MCP server. Requires `--server-url`; optional `--resource-uri`, `--mime-types`, `--bearer-token`, `--header`.\n- **instructions**: scan server instructions from InitializeResult. Requires `--server-url`; optional `--bearer-token`.\n- **virustotal**: scan files or directories for malware using VirusTotal hash lookups. Requires a `scan_path` argument (file or directory).\n- **supplychain**: scan source code of an MCP server for Behavioural analysis. requires 'path of MCP Server source code or MCP Server source file'\n- **vulnerable-package**: scan Python dependencies for known vulnerabilities using pip-audit. Requires a path to a requirements file or project directory.\n- **static**: scan pre-generated MCP JSON files offline (CI/CD mode). Supports `--tools`, `--prompts`, `--resources`, optional `--mime-types`.\n\nNote: Top-level flags (e.g., `--server-url`, `--stdio-*`, `--config-path`, `--scan-known-configs`) remain supported when no subcommand is used, but subcommands are recommended.\n\n#### Additional Examples\n\n#### Scan well-known MCP config paths (Windsurf, Cursor, Claude, VS Code)\n\n```bash\n# YARA-only scan of all servers defined in well-known config locations\nmcp-scanner --scan-known-configs --analyzers yara --format summary\n\n# Detailed output\nmcp-scanner --scan-known-configs --analyzers yara --detailed\n```\n\n#### Scan a specific MCP config file\n\n```bash\n# Expand ~ yourself if needed by your shell\nmcp-scanner --config-path \"$HOME/.codeium/windsurf/mcp_config.json\" \\\n --analyzers yara --format by_tool\n```\n\n#### Scan a stdio MCP server\n\n```bash\n# Use repeated --stdio-arg for reliable argument passing\nmcp-scanner --analyzers yara --format summary \\\n  stdio --stdio-command uvx \\\n  --stdio-arg=--from --stdio-arg=mcp-server-fetch --stdio-arg=mcp-server-fetch\n\n# Or list-form (ensure it doesn't conflict with later flags)\nmcp-scanner --analyzers yara --detailed \\\n  stdio --stdio-command uvx \\\n  --stdio-args --from mcp-server-fetch mcp-server-fetch\n\n# Scan only a specific tool on the stdio server\nmcp-scanner --analyzers yara --format summary \\\n  stdio --stdio-command uvx \\\n  --stdio-arg=--from --stdio-arg=mcp-server-fetch --stdio-arg=mcp-server-fetch \\\n  --stdio-tool fetch\n\n# Increase startup timeout for servers with heavy dependencies (default: 60s)\nmcp-scanner --stdio-timeout 180 --analyzers yara --format summary \\\n  stdio --stdio-command uvx --stdio-arg mcp-clickhouse@0.1.13\n```\n\n#### Use a Bearer token with remote servers (non-OAuth)\n\n```bash\n# Direct remote server with Bearer token\nmcp-scanner --analyzers yara --format summary \\\n  remote --server-url https://your-mcp-server/sse --bearer-token \"$TOKEN\"\n\n# Apply Bearer token to all remote servers discovered from configs\nmcp-scanner --analyzers yara --detailed known-configs --bearer-token \"$TOKEN\"\nmcp-scanner --analyzers yara --format by_tool \\\n  config --config-path \"$HOME/.codeium/windsurf/mcp_config.json\" --bearer-token \"$TOKEN\"\n```\n\n#### Use custom HTTP headers (e.g., MCP Gateway dual-token auth)\n\n```bash\n# Single custom header\nmcp-scanner --analyzers yara remote --server-url https://your-mcp-server/mcp \\\n  --header \"X-API-Key: your-api-key\"\n\n# Multiple custom headers (MCP Gateway dual-token authentication)\nmcp-scanner --analyzers yara remote --server-url https://gateway.example.com/mcp \\\n  --header \"Authorization: Bearer ingress-token\" \\\n  --header \"X-Egress-Auth: Bearer egress-token\"\n```\n\n\u003e **Note:** Avoid specifying the same header via both `--bearer-token` and `--header`. If you use both `--bearer-token` and `--header \"Authorization: Bearer \u003ctoken\u003e\"`, the custom header value will be used (custom headers are applied last and override any duplicates).\n\n#### Scan Prompts\n\n```bash\n# Scan all prompts on an MCP server\nmcp-scanner --analyzers llm prompts --server-url http://127.0.0.1:8000/mcp\n\n# Scan all prompts with detailed output\nmcp-scanner --analyzers llm --detailed prompts --server-url http://127.0.0.1:8000/mcp\n\n# Scan all prompts with table format\nmcp-scanner --analyzers llm --format table prompts --server-url http://127.0.0.1:8000/mcp\n\n# Scan a specific prompt by name\nmcp-scanner --analyzers llm prompts --server-url http://127.0.0.1:8000/mcp --prompt-name \"greet_user\"\n\n# Get raw JSON output\nmcp-scanner --analyzers llm --raw prompts --server-url http://127.0.0.1:8000/mcp\n```\n\n#### Scan Resources\n\n```bash\n# Scan all resources on an MCP server\nmcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp\n\n# Scan all resources with detailed output\nmcp-scanner --analyzers llm --detailed resources --server-url http://127.0.0.1:8000/mcp\n\n# Scan all resources with table format\nmcp-scanner --analyzers llm --format table resources --server-url http://127.0.0.1:8000/mcp\n\n# Scan a specific resource by URI\nmcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp \\\n  --resource-uri \"file://test/document.txt\"\n\n# Scan with custom MIME type filtering\nmcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp \\\n  --mime-types \"text/plain,text/html,application/json\"\n```\n\n#### Scan Server Instructions\n\nServer instructions provide usage guidelines, security notes, and configuration details in the MCP `InitializeResult`. Scanning instructions helps detect prompt injection, tool poisoning, and misleading guidance.\n\n```bash\n# Scan server instructions (defaults to API, YARA, and LLM analyzers)\nmcp-scanner instructions --server-url http://127.0.0.1:8000/mcp\n\n# Scan with detailed output\nmcp-scanner --detailed instructions --server-url http://127.0.0.1:8000/mcp\n\n# Scan with specific analyzers (LLM recommended for semantic analysis)\nmcp-scanner --analyzers llm instructions --server-url http://127.0.0.1:8000/mcp\n\n# Get raw JSON output\nmcp-scanner --raw instructions --server-url http://127.0.0.1:8000/mcp\n\n# With authentication\nmcp-scanner instructions --server-url https://your-server.com/mcp --bearer-token \"$TOKEN\"\n```\n\n#### VirusTotal Malware Scanning\n\nThe VirusTotal analyzer scans files and directories against VirusTotal's malware database using SHA256 hash lookups. It supports configurable inclusion/exclusion extension lists and a per-directory file limit.\n\n```bash\n# Scan a single file\nmcp-scanner virustotal /path/to/suspicious_file.exe\n\n# Scan a directory\nmcp-scanner virustotal /path/to/mcp_server_package/\n\n# With detailed output\nmcp-scanner virustotal /path/to/mcp_server_package/ --format detailed\n\n# Table format\nmcp-scanner virustotal /path/to/mcp_server_package/ --format table\n\n# Save results to file\nmcp-scanner virustotal /path/to/file.bin --output vt_results.json --format raw\n```\n\n\u003e **Note:** Requires `VIRUSTOTAL_API_KEY` environment variable. Free tier allows 4 requests/minute and 500 requests/day.\n\n#### Behavioral Code Scanning (Multi-Language)\n\nThe Behavioral Analyzer performs advanced static analysis of MCP server source code to detect behavioral mismatches between docstring claims and actual implementation. It uses LLM-powered alignment checking combined with cross-file dataflow tracking.\n\n**Supported Languages:** Python, TypeScript, JavaScript, Go, Java, Kotlin, C#, Rust, Ruby, PHP\n\n```bash\n# Scan a single file (any supported language)\nmcp-scanner behavioral /path/to/mcp_server.py\nmcp-scanner behavioral /path/to/server.ts\nmcp-scanner behavioral /path/to/server.go\nmcp-scanner behavioral /path/to/McpService.java\nmcp-scanner behavioral /path/to/server.kt\nmcp-scanner behavioral /path/to/Tools.cs\nmcp-scanner behavioral /path/to/server.rs\n\n# Scan a directory (auto-detects language by extension)\nmcp-scanner behavioral /path/to/mcp_servers/\n\n# With specific output format\nmcp-scanner behavioral /path/to/mcp_server.py --format by_severity\n\n# Detailed analysis with all findings\nmcp-scanner behavioral /path/to/mcp_server.py --format detailed\n\n# Save results to file\nmcp-scanner behavioral /path/to/mcp_server.py --output results.json --format raw\n```\n\n\nSee [Behavioral Scanning Documentation](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/behavioral-scanning.md) for complete technical details.\n\n#### Vulnerable Packages Scanning\n\nThe Vulnerable Packages Analyzer scans Python dependencies for known security vulnerabilities (CVE, PYSEC, GHSA) using pip-audit. It requires no API keys and works with requirements files or project directories.\n\n```bash\n# Scan a requirements file\nmcp-scanner vulnerable-package /path/to/requirements.txt\n\n# Scan a project directory (auto-detects requirements.txt or pyproject.toml)\nmcp-scanner vulnerable-package /path/to/project/\n\n# Use OSV vulnerability service instead of PyPI\nmcp-scanner vulnerable-package /path/to/requirements.txt --vulnerability-service osv\n\n# Detailed output with full vulnerability descriptions\nmcp-scanner vulnerable-package /path/to/requirements.txt --format detailed\n\n# Save results to file\nmcp-scanner vulnerable-package /path/to/requirements.txt --output results.json --format raw\n\n# Automatically fix vulnerable dependencies\nmcp-scanner vulnerable-package /path/to/requirements.txt --fix\n```\n\nEach vulnerability is mapped to the Cisco AI Threat Security Taxonomy under **AITech-9.3 / AISubtech-9.3.1 (Malicious Package / Tool Injection)**.\n\n#### Scan Static/Offline Files (CI/CD Mode)\n\nThe `static` subcommand allows you to scan pre-generated JSON files without connecting to a live MCP server. This is ideal for CI/CD pipelines, air-gapped environments, or reproducible security checks.\n\n```bash\n# Scan tools from a static JSON file\nmcp-scanner --analyzers yara static --tools /path/to/tools-list.json\n\n# Scan with multiple analyzers\nmcp-scanner --analyzers yara,llm static --tools /path/to/tools-list.json\n\n# Scan prompts from a static JSON file\nmcp-scanner --analyzers llm static --prompts /path/to/prompts-list.json\n\n# Scan resources from a static JSON file\nmcp-scanner --analyzers llm static --resources /path/to/resources-list.json\n\n# Scan all three types at once with detailed output\nmcp-scanner \\\n  --analyzers yara,llm,api \\\n  --format detailed \\\n  static \\\n  --tools /path/to/tools-list.json \\\n  --prompts /path/to/prompts-list.json \\\n  --resources /path/to/resources-list.json\n\n# CI/CD example: YARA-only scan (no API keys needed)\nmcp-scanner --analyzers yara --format summary static --tools output/tools.json\n```\n\n**Expected JSON Format:**\n```json\n{\n  \"tools\": [\n    {\n      \"name\": \"tool_name\",\n      \"description\": \"Tool description\",\n      \"inputSchema\": { \"type\": \"object\", \"properties\": {} }\n    }\n  ]\n}\n```\n\nFor resources, static scanning accepts either `resources/list` metadata or a\n`resources/read` content snapshot:\n\n```json\n{\n  \"contents\": [\n    {\n      \"uri\": \"file:///path/to/document.txt\",\n      \"mimeType\": \"text/plain\",\n      \"text\": \"Resource contents to scan\"\n    }\n  ]\n}\n```\n\nFor more details, see [Static Scanning Documentation](docs/static-scanning.md) and [examples/static_scanning_example.py](examples/static_scanning_example.py).\n\n#### Readiness Scanning\n\nThe Readiness Analyzer checks MCP tools for production readiness issues using 20 heuristic rules. It requires no API keys and focuses on operational reliability: timeouts, retries, error handling, and more.\n\n```bash\n# Readiness-only scan (no API keys required)\nmcp-scanner --analyzers readiness --server-url http://localhost:8000/mcp\n\n# Combined security + readiness scan\nmcp-scanner --analyzers yara,readiness --server-url http://localhost:8000/mcp\n\n# Detailed readiness output\nmcp-scanner --analyzers readiness --detailed --server-url http://localhost:8000/mcp\n```\n\nSee [Readiness Scanning Documentation](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/readiness-scanning.md) for complete technical details.\n\n### Prompt Defense Scanning\n\nThe Prompt Defense Analyzer checks MCP tool descriptions and system prompts for **missing** defensive measures against 12 common attack vectors. It is pure regex — no API key or external dependencies required — and always runs by default.\n\n**Attack vectors checked:**\n1. Instruction Override (HIGH)\n2. Data Leakage (HIGH)\n3. Role Escape (HIGH)\n4. Indirect Injection (HIGH)\n5. Output Weaponization (HIGH)\n6. Output Manipulation (MEDIUM)\n7. Multilingual Bypass (MEDIUM)\n8. Unicode/Homoglyph Attack (MEDIUM)\n9. Context Overflow (MEDIUM)\n10. Social Engineering (MEDIUM)\n11. Input Validation (MEDIUM)\n12. Abuse Prevention (LOW)\n\n```bash\n# Prompt defense scan only (no API keys required)\nmcp-scanner --analyzers prompt_defense --server-url http://localhost:8000/mcp\n\n# Combined security + prompt defense scan\nmcp-scanner --analyzers yara,prompt_defense --server-url http://localhost:8000/mcp\n```\n\nEach missing defense maps to MCP Taxonomy codes (AITech / AISubtech) for standardized reporting.\n\n### Logging Control\n\nBy default the CLI shows `WARNING`-level output (or `DEBUG` with `--verbose`). For finer control use `--log-level`:\n\n```bash\n# Show only errors (good for CI/CD)\nmcp-scanner --log-level error --analyzers yara --format raw --server-url https://mcp.deepwiki.com/mcp\n\n# Show warnings and above\nmcp-scanner --log-level warning --analyzers yara --format summary --scan-known-configs\n\n# Full debug output (equivalent to --verbose)\nmcp-scanner --log-level debug --analyzers yara --server-url https://mcp.deepwiki.com/mcp\n```\n\n`--log-level` takes precedence over `--verbose` when both are provided.\n\n#### Library Log Level (SDK)\n\nLibrary consumers can control the log level programmatically. Unlike\n`logging.getLogger(\"mcpscanner\").setLevel(...)`, which does not propagate\nto child loggers, `set_log_level` updates **every** mcpscanner logger and\nhandler:\n\n```python\nimport logging\nfrom mcpscanner import set_log_level\n\nset_log_level(logging.ERROR)    # suppress everything below ERROR\nset_log_level(logging.DEBUG)    # show all debug output\n```\n\n#### Suppressing Stdio Server Stderr\n\nMCP servers launched via stdio may emit noisy output to stderr (startup\nbanners, dependency logs, etc.). All stdio scan methods accept an `errlog`\nparameter to redirect or suppress this output:\n\n```python\nimport os\nfrom mcpscanner import Scanner, Config\nfrom mcpscanner.core.mcp_models import StdioServer\n\nscanner = Scanner(Config())\nserver = StdioServer(command=\"uvx\", args=[\"mcp-server-fetch\"])\n\nwith open(os.devnull, \"w\") as devnull:\n    results = await scanner.scan_stdio_server_tools(server, errlog=devnull)\n    prompts = await scanner.scan_stdio_server_prompts(server, errlog=devnull)\n```\n\nThe `errlog` parameter is supported on `scan_stdio_server_tools`,\n`scan_stdio_server_tool`, `scan_stdio_server_prompts`,\n`scan_stdio_server_prompt`, `scan_well_known_mcp_configs`, and\n`scan_mcp_config_file`.\n\n### API Server Usage\n\nThe API server provides a REST interface to the MCP scanner functionality, allowing you to integrate security scanning into web applications, CI/CD pipelines, or other services. It exposes the same scanning capabilities as the CLI tool but through HTTP endpoints.\n\n```bash\n# Start the API server (loads configuration from .env file)\nmcp-scanner-api --port 8000\n\n# Or with custom host and port\nmcp-scanner-api --host 0.0.0.0 --port 8080\n\n# Enable development mode with auto-reload\nmcp-scanner-api --reload\n```\n\nOnce running, the API server provides endpoints for:\n- **`/scan-tool`** - Scan a specific tool on an MCP server\n- **`/scan-all-tools`** - Scan all tools on an MCP server\n- **`/scan-prompt`** - Scan a specific prompt on an MCP server\n- **`/scan-all-prompts`** - Scan all prompts on an MCP server\n- **`/scan-resource`** - Scan a specific resource on an MCP server\n- **`/scan-all-resources`** - Scan all resources on an MCP server\n- **`/scan-instructions`** - Scan server instructions from InitializeResult\n- **`/health`** - Health check endpoint\n\nDocumentation is available in [docs/api-reference.md](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/api-reference.md) or as interactive documentation at `http://localhost:8000/docs` when the server is running.\n\n## Output Formats\n\nThe scanner supports multiple output formats:\n\n- **`summary`**: Concise overview with key findings\n- **`detailed`**: Comprehensive analysis with full findings breakdown\n- **`table`**: Clean tabular format\n- **`by_severity`**: Results grouped by severity level\n- **`raw`**: Raw JSON output\n\n### Example Output\n\n#### Detailed Format\n\n```bash\nmcp-scanner --server-url http://127.0.0.1:8001/sse --format detailed\n```\n\n```\n=== MCP Scanner Detailed Results ===\n\nScan Target: http://127.0.0.1:8001/sse\n\nTool: execute_system_command\nStatus: completed\nSafe: No\nAnalyzer Results:\n  • api_analyzer:\n    - Severity: HIGH\n    - Threat Summary: Detected 1 threat: security violation\n    - Threat Names: SECURITY VIOLATION\n    - Total Findings: 1\n  • yara_analyzer:\n    - Severity: HIGH\n    - Threat Summary: Detected 2 threats: system access, command injection\n    - Threat Names: SECURITY VIOLATION, SUSPICIOUS CODE EXECUTION\n    - Total Findings: 2\n  • llm_analyzer:\n    - Severity: HIGH\n    - Threat Summary: Detected 2 threats: prompt injection, tool poisoning\n    - Threat Names: PROMPT INJECTION, SUSPICIOUS CODE EXECUTION\n    - Total Findings: 2\n```\n\n#### Table Format\n\n```bash\nmcp-scanner --server-url http://127.0.0.1:8002/sse --format table\n```\n\n```\n=== MCP Scanner Results Table ===\n\nScan Target: http://127.0.0.1:8002/sse\n\nScan Target                   Tool Name     Status     API      YARA     LLM      Severity\n-----------------------------------------------------------------------------------------\nhttp://127.0.0.1:8002/sse     exec_secrets  UNSAFE     HIGH     HIGH     HIGH     HIGH\nhttp://127.0.0.1:8002/sse     safe_command  SAFE       SAFE     SAFE     SAFE     SAFE\n```\n\n## Documentation\n\nFor detailed documentation, see the [docs/](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs) directory:\n\n- **[Architecture](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/architecture.md)** - System architecture and components\n- **[Behavioral Scanning](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/behavioral-scanning.md)** - Advanced static analysis with LLM-powered alignment checking\n- **[VirusTotal Scanning](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/virustotal-scanning.md)** - File and directory malware scanning with VirusTotal\n- **[Vulnerable Package Scanning](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/vulnerable-package-scanning.md)** - Python dependency vulnerability scanning with pip-audit\n- **[LLM Providers](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/llm-providers.md)** - LLM configuration for all providers\n- **[MCP Threats Taxonomy](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/mcp-threats-taxonomy.md)** - Complete AITech threat taxonomy\n- **[Authentication](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/authentication.md)** - OAuth and security configuration\n- **[Programmatic Usage](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/programmatic-usage.md)** - Programmatic usage examples and advanced usage\n- **[Static Scanning](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/static-scanning.md)** - Offline/CI-CD scanning mode\n- **[API Reference](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/api-reference.md)** - Complete REST API documentation\n- **[Output Formats](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/docs/output-formats.md)** - Detailed output format options\n\n\n## Contact Cisco for obtaining an AI Defense subscription\n[https://www.cisco.com/c/en/us/products/security/ai-defense/request-demo.html](https://www.cisco.com/c/en/us/products/security/ai-defense/request-demo.html)\n\n## License\nDistributed under the `Apache 2.0` License. See [LICENSE](https://github.com/cisco-ai-defense/mcp-scanner/tree/main/LICENSE) for more information.\n\nProject Link: [https://github.com/cisco-ai-defense/mcp-scanner](https://github.com/cisco-ai-defense/mcp-scanner)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisco-ai-defense%2Fmcp-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcisco-ai-defense%2Fmcp-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisco-ai-defense%2Fmcp-scanner/lists"}