🔥 The Ultimate OWASP MCP Top 10 Pentesting & Audit Framework 🔥
Built for Students • Pentesters • Security Engineers • Enterprises
Created by MR_INFECT
If OWASP Top 10 is the law, this repository is the courtroom.
This repository is the world’s first # 1 end-to-end, checklist-driven, pentest-ready security framework dedicated exclusively to the OWASP Model Context Protocol (MCP) Top 10 – 2025.
Designed to be:
- ✅ Auditor-defensible
- ✅ Pentester-usable
- ✅ Student-friendly
- ✅ Enterprise-grade
- ✅ Future-proof
✨ This is not documentation
✨ This is not theory
✨ This is not another blog dump
This repo is a:
- 📌 Master Security Checklist
- 📌 Pentesting Playbook
- 📌 Audit & Compliance Framework
- 📌 Learning Roadmap for MCP Security
- 📌 Single Source of Truth for MCP Risks
Every MCP vulnerability includes:
- Clear explanation
- Attack surface mapping
- Real-world failure scenarios
- Detection techniques
- Mitigation strategy
- Pentester checklist
- Scoring & evaluation logic
| ID | Vulnerability |
|---|---|
| MCP01 | Token Mismanagement & Secret Exposure |
| MCP02 | Privilege Escalation via Scope Creep |
| MCP03 | Tool Poisoning |
| MCP04 | Supply Chain Attacks & Dependency Tampering |
| MCP05 | Command Injection & Execution |
| MCP06 | Prompt Injection via Contextual Payloads |
| MCP07 | Insufficient Authentication & Authorization |
| MCP08 | Lack of Audit & Telemetry |
| MCP09 | Shadow MCP Servers |
| MCP10 | Context Injection & Over-Sharing |
✔ Each item has its own deep-dive markdown
✔ Each item is pentest-aligned
✔ Each item is checklist-driven
The MCP Master Checklist allows you to:
- 🔍 Evaluate MCP systems objectively
- 🧮 Calculate a numeric security score (/100)
- 🏷️ Classify MCP maturity (Critical → Enterprise)
- 📊 Track progress over time
- 🛠️ Prioritize remediation efforts
If it’s not measurable, it’s not secure.
| Score | Maturity | Risk |
|---|---|---|
| 0–30 | 🔴 Critical | Immediate compromise likely |
| 31–50 | 🟠 Weak | Easily exploitable |
| 51–70 | 🟡 Moderate | Partial controls |
| 71–85 | 🟢 Strong | Well-secured |
| 86–100 | 🟣 Enterprise | Best-in-class |
✔ Cybersecurity Students
✔ Red Teamers & Pentesters
✔ SOC Analysts
✔ AI Engineers
✔ DevSecOps Teams
✔ Security Architects
✔ Auditors & GRC Teams
✔ Enterprises deploying AI agents
📦 MCP-Master-Checklist
┣ 📂 MCP01-Token-Mismanagement
┣ 📂 MCP02-Privilege-Escalation
┣ 📂 MCP03-Tool-Poisoning
┣ 📂 MCP04-Supply-Chain-Attacks
┣ 📂 MCP05-Command-Injection
┣ 📂 MCP06-Prompt-Injection
┣ 📂 MCP07-Authentication-Authorization
┣ 📂 MCP08-Audit-Telemetry
┣ 📂 MCP09-Shadow-MCP-Servers
┣ 📂 MCP10-Context-OverSharing
┣ 📄 MCP-master-checklist.md
┗ 📄 README.md
LLMs are not secure by default. MCP expands the attack surface. Security must be designed — not assumed.
This repository exists to kill blind trust in AI systems.
- 🔥 First MCP-only security checklist
- 🔥 Direct OWASP MCP Top 10 mapping
- 🔥 Pentest + Audit + Learning in one repo
- 🔥 SEO-optimized structure & keywords
- 🔥 Continuously evolving with MCP ecosystem
Contributions are welcome and encouraged.
You can help by:
- Adding labs
- Improving detection logic
- Adding tooling references
- Submitting real-world MCP failure cases
📬 Open an issue or pull request.
If this repository helped you:
- ⭐ Star the repo
- 🔁 Share it with your network
- ☕ Buy me a coffee (link coming soon)
Built with ⚔️ by MR_INFECT
Breaking AI systems so the world can build safer ones.