Practice penetration testing on an insecure MCP server with 26 capture-the-flag challenges.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "MCPGoat" yet — see the docs or source repo.
Guide me through an SSRF challenge in MCPGoat: explain the vulnerability, give a step-by-step testing approach, common payloads, how to verify success, and how to document the flag and lessons learned.
A structured SSRF practice guide with concepts, steps, sample payloads, verification methods, and recap notes.
I want to practice SQL injection in MCPGoat. Help me create a testing workflow: how to identify injection points, craft boolean-based and error-based payloads, extract data, and summarize remediation advice.
A SQL injection practice workflow covering discovery, exploitation, data extraction, and remediation guidance.
Using MCPGoat’s 26 challenges across three difficulty levels, design a two-week training plan: what challenge types to practice each day, how to track flags, and how to review by vulnerability class like RCE, SSRF, and SQLi.
A pentesting training plan organized by difficulty and vulnerability type, with progress tracking and review recommendations.
Build an insecure MCP pentest lab to demonstrate common deployment vulnerabilities.
Run authorized penetration testing and security auditing workflows with one MCP tool.
Scan MCP servers for common security risks and assign A-F grades.
Simulate failures on demand to test MCP client resilience and auth handling.
Run AI-assisted penetration testing through safety-hardened MCP security tool endpoints.
Connect an LLM to security tools for guided or autonomous penetration testing.