A Knostic Research Project
Advanced security research tool for discovering and analyzing Model Context Protocol (MCP) servers using the Shodan search engine.
Part of Knostic's ongoing research into AI infrastructure security and data governance.
This tool is designed for legitimate security research, authorized penetration testing, and educational purposes only.
- Only scan systems you own or have explicit written permission to test
- Respect rate limits and terms of service for all APIs used
- Follow all applicable local, state, and federal laws
- Be responsible and ethical in your security research
Knostic is committed to advancing AI security through responsible research practices.
The Model Context Protocol (MCP) is an open protocol that enables secure connections between host applications (like Claude Desktop) and external data sources and tools. As enterprises increasingly adopt AI infrastructure, understanding the security posture of MCP deployments becomes critical for:
- Data Governance: Ensuring sensitive information isn't exposed through misconfigured MCP servers
- Attack Surface Management: Identifying publicly accessible AI infrastructure components
- Compliance: Meeting regulatory requirements for AI system security
- Risk Assessment: Understanding the broader AI ecosystem your organization interacts with
This scanner helps security professionals identify publicly exposed MCP servers for research and assessment purposes.
- Comprehensive Discovery: Uses 100+ Shodan search filters to find MCP servers
- Multi-Transport Support: Tests both HTTP and Server-Sent Events (SSE) transports
- Protocol Verification: Validates actual MCP protocol compliance
- Tool Enumeration: Discovers available tools and capabilities
- Detailed Reporting: Generates JSON, CSV, and summary reports
- Rate Limiting: Built-in concurrent request limiting
- Cross-Platform: Works on Windows, macOS, and Linux
- Python 3.7+
- Shodan API key (Get one here)
# Clone the repository
git clone https://github.com/knostic/MCP-Scanner.git
cd MCP-Scanner
# Install dependencies
pip install shodan requests aiohttp
# Or use requirements.txt if provided
pip install -r requirements.txt# Run the scanner
python mcp_scanner.py --api-key YOUR_SHODAN_API_KEY
# With custom options
python mcp_scanner.py --api-key YOUR_API_KEY --max-results 100 --max-concurrent 15 --output my_results.json
# Inspect specific servers
python mcp_func_checker.py --servers server1.com:8000,server2.com:3000The scanner generates multiple output files:
mcp_scan_results_[timestamp]/verified_servers.json- Detailed server informationmcp_scan_results_[timestamp]/verified_servers.csv- CSV format for analysismcp_scan_results_[timestamp]/scan_summary.txt- Human-readable summarymcp_discovery_[timestamp].log- Detailed execution logs
--api-key Shodan API key (required)
--max-results Maximum results per Shodan filter (default: 50)
--max-concurrent Maximum concurrent connections (default: 10)
--output Custom output filename prefix
--servers Comma-separated list of servers to inspect
--file File containing server list (one per line)
--timeout Connection timeout in seconds (default: 10)
--output Output filename for results
The scanner uses 100+ predefined Shodan filters. You can modify the shodan_filters list in mcp_scanner.py to add custom search patterns.
import json
# Load scan results
with open('mcp_scan_results_timestamp/verified_servers.json', 'r') as f:
servers = json.load(f)
# Analyze discovered tools
for server in servers:
if 'tools' in server:
print(f"Server: {server['url']}")
print(f"Tools: {server['tools']}")- Exposed MCP Server Discovery: Find unintentionally public MCP servers
- Configuration Analysis: Identify misconfigurations and security issues
- Tool Enumeration: Catalog available tools and capabilities
- Protocol Compliance Testing: Verify proper MCP implementation
- Attack Surface Mapping: Understand MCP deployment patterns
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Anthropic for the Model Context Protocol specification
- Shodan for their excellent search engine API
- The security research community for responsible disclosure practices
- Knostic AI Security Platform
- LLM Oversharing Research
- AI Data Governance Solutions
- Responsible Security Research Guidelines
Developed by Knostic - Leaders in AI Data Governance and Security
Remember: With great power comes great responsibility. Use this tool ethically and legally.