rogue-mcp 1.0.0

package/README.md

@@ -0,0 +1,80 @@
+# Rogue MCP by Wallarm
+
+**Advanced MCP Security Scanner** - Detect and remediate MCP server vulnerabilities aligned with OWASP Agentic AI Top 10.
+
+## Installation
+
+```bash
+npm install -g rogue-mcp
+```
+
+## Quick Start
+
+```bash
+# Discover all MCP servers on this machine
+rogue-mcp scan
+
+# Run security audit
+rogue-mcp audit
+
+# Generate safe configurations
+rogue-mcp fix
+```
+
+## Features
+
+- **Discovery**: Finds MCP servers across Claude Desktop, Cursor, VS Code, Windsurf
+- **Security Audit**: 24 MCP-specific security checks (MCP001-MCP024)
+- **OWASP Mapping**: Findings mapped to OWASP Agentic AI Top 10 (ASI01-ASI10)
+- **Blast Radius**: Analyzes what data could be exposed if compromised
+- **Safe Configs**: Generates pinned, least-privilege configurations
+- **MCP Server**: Can run as an MCP server itself for AI-assisted scanning
+
+## Usage as MCP Server
+
+Add to your MCP client configuration:
+
+```json
+{
+  "mcpServers": {
+    "rogue-mcp": {
+      "command": "rogue-mcp",
+      "args": []
+    }
+  }
+}
+```
+
+## CLI Commands
+
+```bash
+rogue-mcp scan              # Discover MCP servers
+rogue-mcp audit             # Security audit (SAST)
+rogue-mcp deep-probe        # Dynamic analysis (DAST)
+rogue-mcp fix               # Generate safe configs
+rogue-mcp export            # Export results
+rogue-mcp rogue             # Blast radius reconnaissance
+rogue-mcp owasp             # OWASP ASI info
+rogue-mcp trusted list      # Manage trusted servers
+rogue-mcp history           # View scan history
+```
+
+## Supported Platforms
+
+- Linux x64
+- macOS x64 (Intel)
+- macOS arm64 (Apple Silicon)
+- Windows x64
+
+## License
+
+Copyright (c) 2025 Wallarm, Inc. All rights reserved.
+
+## Author
+
+Ivan Novikov - ivan@wallarm.com
+
+## Links
+
+- [Documentation](https://github.com/wallarm/rogue-mcp)
+- [Wallarm](https://wallarm.com)

package/bin/rogue-mcp

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+
+/**
+ * Rogue MCP by Wallarm - Binary Wrapper
+ *
+ * This script locates and executes the platform-specific binary.
+ */
+
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+const BINARY_NAME = process.platform === 'win32' ? 'rogue-mcp.exe' : 'rogue-mcp';
+
+// Map of platform/arch to npm package name
+const PLATFORM_PACKAGES = {
+  'linux-x64': 'rogue-mcp-linux-x64',
+  'darwin-x64': 'rogue-mcp-darwin-x64',
+  'darwin-arm64': 'rogue-mcp-darwin-arm64',
+  'win32-x64': 'rogue-mcp-win32-x64',
+};
+
+function getPlatformKey() {
+  return `${process.platform}-${process.arch}`;
+}
+
+function findBinary() {
+  const platformKey = getPlatformKey();
+  const packageName = PLATFORM_PACKAGES[platformKey];
+
+  if (!packageName) {
+    console.error(`Unsupported platform: ${platformKey}`);
+    console.error('Supported platforms: ' + Object.keys(PLATFORM_PACKAGES).join(', '));
+    process.exit(1);
+  }
+
+  // Check paths in order of preference
+  const searchPaths = [
+    // Symlink created by install.js (same directory)
+    path.join(__dirname, BINARY_NAME),
+    // Direct package reference
+    path.join(__dirname, '..', 'node_modules', packageName, BINARY_NAME),
+    // Hoisted in parent node_modules
+    path.join(__dirname, '..', '..', packageName, BINARY_NAME),
+    // Global install
+    path.join(__dirname, '..', '..', '..', packageName, BINARY_NAME),
+  ];
+
+  for (const binPath of searchPaths) {
+    if (fs.existsSync(binPath)) {
+      return binPath;
+    }
+  }
+
+  // Try require.resolve as last resort
+  try {
+    const packagePath = require.resolve(`${packageName}/package.json`);
+    const packageDir = path.dirname(packagePath);
+    const binPath = path.join(packageDir, BINARY_NAME);
+    if (fs.existsSync(binPath)) {
+      return binPath;
+    }
+  } catch (e) {
+    // Package not installed
+  }
+
+  return null;
+}
+
+function main() {
+  const binaryPath = findBinary();
+
+  if (!binaryPath) {
+    console.error('');
+    console.error('ERROR: Rogue MCP binary not found for your platform.');
+    console.error('');
+    console.error(`Platform: ${process.platform}`);
+    console.error(`Architecture: ${process.arch}`);
+    console.error('');
+    console.error('Try reinstalling: npm install -g @anthropic/rogue-mcp');
+    console.error('');
+    process.exit(1);
+  }
+
+  // Spawn the binary with all arguments passed through
+  const child = spawn(binaryPath, process.argv.slice(2), {
+    stdio: 'inherit',
+    env: process.env,
+  });
+
+  child.on('error', (err) => {
+    console.error(`Failed to execute Rogue MCP: ${err.message}`);
+    process.exit(1);
+  });
+
+  child.on('close', (code) => {
+    process.exit(code || 0);
+  });
+}
+
+main();

package/install.js

@@ -0,0 +1,128 @@
+#!/usr/bin/env node
+
+/**
+ * Rogue MCP by Wallarm - Installation Script
+ *
+ * This script handles installing the correct binary for the current platform.
+ * Binaries are distributed via platform-specific npm packages.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+const BINARY_NAME = process.platform === 'win32' ? 'rogue-mcp.exe' : 'rogue-mcp';
+
+// Map of platform/arch to npm package name
+const PLATFORM_PACKAGES = {
+  'linux-x64': 'rogue-mcp-linux-x64',
+  'darwin-x64': 'rogue-mcp-darwin-x64',
+  'darwin-arm64': 'rogue-mcp-darwin-arm64',
+  'win32-x64': 'rogue-mcp-win32-x64',
+};
+
+function getPlatformKey() {
+  const platform = process.platform;
+  const arch = process.arch;
+  return `${platform}-${arch}`;
+}
+
+function getBinaryPath() {
+  const platformKey = getPlatformKey();
+  const packageName = PLATFORM_PACKAGES[platformKey];
+
+  if (!packageName) {
+    console.error(`Unsupported platform: ${platformKey}`);
+    console.error('Supported platforms: ' + Object.keys(PLATFORM_PACKAGES).join(', '));
+    process.exit(1);
+  }
+
+  // Try to find the binary in node_modules
+  const possiblePaths = [
+    // When installed as dependency
+    path.join(__dirname, 'node_modules', packageName, BINARY_NAME),
+    // When installed globally or hoisted
+    path.join(__dirname, '..', packageName, BINARY_NAME),
+    // Fallback: try to resolve the package
+  ];
+
+  for (const binPath of possiblePaths) {
+    if (fs.existsSync(binPath)) {
+      return binPath;
+    }
+  }
+
+  // Try using require.resolve
+  try {
+    const packagePath = require.resolve(`${packageName}/package.json`);
+    const packageDir = path.dirname(packagePath);
+    const binPath = path.join(packageDir, BINARY_NAME);
+    if (fs.existsSync(binPath)) {
+      return binPath;
+    }
+  } catch (e) {
+    // Package not found
+  }
+
+  return null;
+}
+
+function ensureBinaryDir() {
+  const binDir = path.join(__dirname, 'bin');
+  if (!fs.existsSync(binDir)) {
+    fs.mkdirSync(binDir, { recursive: true });
+  }
+  return binDir;
+}
+
+function createBinaryLink() {
+  const binaryPath = getBinaryPath();
+
+  if (!binaryPath) {
+    console.error('');
+    console.error('ERROR: Could not find Rogue MCP binary for your platform.');
+    console.error('');
+    console.error(`Platform: ${process.platform}`);
+    console.error(`Architecture: ${process.arch}`);
+    console.error('');
+    console.error('The platform-specific package may not have been installed.');
+    console.error('Try reinstalling with: npm install @anthropic/rogue-mcp');
+    console.error('');
+    process.exit(1);
+  }
+
+  const binDir = ensureBinaryDir();
+  const targetPath = path.join(binDir, BINARY_NAME);
+
+  try {
+    // Remove existing file/link if present
+    if (fs.existsSync(targetPath)) {
+      fs.unlinkSync(targetPath);
+    }
+
+    // On Windows, copy the file. On Unix, create a symlink
+    if (process.platform === 'win32') {
+      fs.copyFileSync(binaryPath, targetPath);
+    } else {
+      // Create relative symlink
+      const relativePath = path.relative(binDir, binaryPath);
+      fs.symlinkSync(relativePath, targetPath);
+    }
+
+    // Make executable on Unix
+    if (process.platform !== 'win32') {
+      fs.chmodSync(targetPath, 0o755);
+      fs.chmodSync(binaryPath, 0o755);
+    }
+
+    console.log('Rogue MCP installed successfully!');
+    console.log(`Binary: ${binaryPath}`);
+
+  } catch (err) {
+    console.error('Failed to install Rogue MCP binary:', err.message);
+    process.exit(1);
+  }
+}
+
+// Run installation
+createBinaryLink();

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "rogue-mcp",
+  "version": "1.0.0",
+  "description": "Rogue MCP by Wallarm - Advanced MCP Security Scanner for detecting and remediating MCP server vulnerabilities",
+  "author": "Ivan Novikov <ivan@wallarm.com>",
+  "license": "UNLICENSED",
+  "homepage": "https://github.com/wallarm/rogue-mcp",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/wallarm/rogue-mcp.git"
+  },
+  "bugs": {
+    "url": "https://github.com/wallarm/rogue-mcp/issues"
+  },
+  "keywords": [
+    "mcp",
+    "security",
+    "scanner",
+    "owasp",
+    "agentic-ai",
+    "wallarm",
+    "model-context-protocol",
+    "claude",
+    "cursor",
+    "vscode"
+  ],
+  "bin": {
+    "rogue-mcp": "bin/rogue-mcp"
+  },
+  "files": [
+    "bin",
+    "install.js",
+    "lib",
+    "README.md"
+  ],
+  "scripts": {
+    "postinstall": "node install.js"
+  },
+  "optionalDependencies": {
+    "rogue-mcp-linux-x64": "1.0.0",
+    "rogue-mcp-darwin-x64": "1.0.0",
+    "rogue-mcp-darwin-arm64": "1.0.0",
+    "rogue-mcp-win32-x64": "1.0.0"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  }
+}