Skip to content

new active script to detect open mcp servers #499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

new active script to detect open mcp servers #499

wants to merge 3 commits into from

Conversation

@bananabr
Copy link

@bananabr bananabr commented Oct 30, 2025

This script detects potentially exposed MCP servers by sending MCP initialization requests

@psiinon
Copy link
Member

psiinon commented Oct 30, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details793427ef-4016-4478-a68f-ddccca46822f

Great job! No new security vulnerabilities introduced in this pull request

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@psiinon
Copy link
Member

psiinon commented Nov 11, 2025

@bananabr thanks for this PR!

Am I right in thinking that the paths you're checking should be absolute, ie https://www.example.com/mcp or should they be relative (and therefore recurse through the tree), e.g. https://www.example.com/a/mcp, https://www.example.com/a/b/mcp?

Do you have any links to example MCP servers which this rule detects so we can test it?

The build is failing, but it looks like you can fix that with ./gradlew :spotlessApply

@kingthorin
Copy link
Member

kingthorin commented Nov 11, 2025

The file name and code link don't match.

They should also follow the naming guidance: https://github.com/zaproxy/community-scripts/blob/main/CONTRIBUTING.md#naming-scripts

kingthorin
kingthorin reviewed Nov 11, 2025
View reviewed changes
@kingthorin
Copy link
Member

kingthorin commented Nov 11, 2025

To address the DCO requirement you'll need to sign-off the commit(s):

If it makes life easier feel free to squash it all into one commit.

@bananabr bananabr mentioned this pull request Nov 12, 2025
Merged
@bananabr bananabr force-pushed the new_active-open_mcp branch from 6c5ad1b to d2c52e2 Compare November 12, 2025 20:43
thc202 pushed a commit to zaproxy/zaproxy that referenced this pull request Nov 14, 2025
@bananabr
Open MCP Server scan rule ID reservation
bd2b5ab 
For zaproxy/community-scripts#499.

Signed-off-by: Daniel Santos <[email protected]>
@bananabr
Copy link
Author

bananabr commented Nov 14, 2025

@bananabr thanks for this PR!

Am I right in thinking that the paths you're checking should be absolute, ie https://www.example.com/mcp or should they be relative (and therefore recurse through the tree), e.g. https://www.example.com/a/mcp, https://www.example.com/a/b/mcp?

Do you have any links to example MCP servers which this rule detects so we can test it?

The build is failing, but it looks like you can fix that with ./gradlew :spotlessApply

I think there is merit in both. It becomes a matter of performance versus completeness in my opinion. Most cases I found in the wild were under the server's root directory though.

Here is a sample of an open MCP server you can use for testing: https://gist.github.com/bananabr/52570a3d6c23f83c2dbd0690afc28cb4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kingthorin kingthorin kingthorin left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bananabr @psiinon @kingthorin