mcppt 1.0.0__tar.gz → 1.0.2__tar.gz

{mcppt-1.0.0 → mcppt-1.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcppt
-Version: 1.0.0
+Version: 1.0.2
 Summary: MCPTROTTER — MCP Pentest Tool: 28 automated security checks for MCP servers
 Project-URL: Homepage, https://github.com/gurudeepmallam-cmd/mcppt
 Project-URL: Repository, https://github.com/gurudeepmallam-cmd/mcppt
@@ -32,10 +32,11 @@ Description-Content-Type: text/markdown
 # MCPTROTTER — MCP Pentest Tool
 
 <p align="center">
-  <b>28 automated security checks for any MCP server.<br>Pure Python. No AI key needed. No Docker. No Kali.</b>
+  <img src="https://raw.githubusercontent.com/gurudeepmallam-cmd/mcppt/main/docs/mcptrotter.jpeg" alt="MCPTROTTER" width="380"/>
 </p>
 
 <p align="center">
+  <img src="https://img.shields.io/pypi/v/mcppt?label=PyPI&color=orange"/>
   <img src="https://img.shields.io/badge/python-3.10%2B-blue"/>
   <img src="https://img.shields.io/badge/checks-28-red"/>
   <img src="https://img.shields.io/badge/license-MIT-green"/>
@@ -67,13 +68,19 @@ Works against any MCP server using Streamable HTTP transport (POST + SSE respons
 
 ## Install
 
+**From PyPI (recommended):**
+```bash
+pip install mcppt
+```
+
+**From source:**
 ```bash
 git clone https://github.com/gurudeepmallam-cmd/mcppt
 cd mcppt/mcppt_tool
 pip install -e .
 ```
 
-Requires Python 3.10+. Core scanner uses only stdlib — `urllib`, `ssl`, `json`. `rich` is for the TUI shell only.
+Requires Python 3.10+.
 
 ---
 

{mcppt-1.0.0 → mcppt-1.0.2}/README.md

@@ -1,10 +1,11 @@
 # MCPTROTTER — MCP Pentest Tool
 
 <p align="center">
-  <b>28 automated security checks for any MCP server.<br>Pure Python. No AI key needed. No Docker. No Kali.</b>
+  <img src="https://raw.githubusercontent.com/gurudeepmallam-cmd/mcppt/main/docs/mcptrotter.jpeg" alt="MCPTROTTER" width="380"/>
 </p>
 
 <p align="center">
+  <img src="https://img.shields.io/pypi/v/mcppt?label=PyPI&color=orange"/>
   <img src="https://img.shields.io/badge/python-3.10%2B-blue"/>
   <img src="https://img.shields.io/badge/checks-28-red"/>
   <img src="https://img.shields.io/badge/license-MIT-green"/>
@@ -36,13 +37,19 @@ Works against any MCP server using Streamable HTTP transport (POST + SSE respons
 
 ## Install
 
+**From PyPI (recommended):**
+```bash
+pip install mcppt
+```
+
+**From source:**
 ```bash
 git clone https://github.com/gurudeepmallam-cmd/mcppt
 cd mcppt/mcppt_tool
 pip install -e .
 ```
 
-Requires Python 3.10+. Core scanner uses only stdlib — `urllib`, `ssl`, `json`. `rich` is for the TUI shell only.
+Requires Python 3.10+.
 
 ---
 

mcppt-1.0.2/mcppt/__init__.py

@@ -0,0 +1 @@
+__version__ = "1.0.2"

{mcppt-1.0.0 → mcppt-1.0.2}/mcppt/cli.py

@@ -48,6 +48,9 @@ def cmd_scan(args: argparse.Namespace) -> None:
 
     checks = [c.strip() for c in args.checks.split(",")]
     run_all = "all" in checks
+    # enum must always run first — other checks depend on the tool list it builds
+    if not run_all and "enum" not in checks:
+        checks = ["enum"] + checks
     total = len(ALL_CHECKS) if run_all else len([c for c in checks if c in ALL_CHECKS])
 
     state = ScanState(

{mcppt-1.0.0 → mcppt-1.0.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "mcppt"
-version = "1.0.0"
+version = "1.0.2"
 description = "MCPTROTTER — MCP Pentest Tool: 28 automated security checks for MCP servers"
 readme = "README.md"
 requires-python = ">=3.10"

mcppt-1.0.2/wbs_mcppt_result.md

@@ -0,0 +1,130 @@
+# MCPPT Security Scan Report
+
+**Target:** `https://qmcp.wbsautomation.deloitte.com/`  
+**Date:** 2026-06-08 11:33 UTC  
+**Duration:** 114.8s  
+
+## Summary
+
+| Severity | Count |
+| --- | --- |
+| [CRIT] CRITICAL | 1 |
+| [HIGH] HIGH | 4 |
+| [MED] MEDIUM | 2 |
+| [LOW] LOW | 3 |
+
+## Findings
+
+### 1. [MED] [MEDIUM] tools/list accessible without Authorization header
+
+**Check:** `enum`  
+**Severity:** MEDIUM  
+
+Returned 25 tools: ['get_material_options_by_market_offering', 'wbs_automation_check_publish_status', 'get_missing_mandatory_fields_with_options', 'get_invoice_details', 'get_field_info', 'get_field_description', 'get_all_market_offering_categories', 'get_wbs_form_by_id', 'search_information_with_prefilter_from_provider', 'get_market_offering_subcategories']
+
+---
+
+### 2. [LOW] [LOW] No rate limiting — 30/30 requests in 45.1s
+
+**Check:** `rate`  
+**Severity:** LOW  
+
+Server may be vulnerable to DoS via tool call flooding
+
+---
+
+### 3. [HIGH] [HIGH] Replay confirmed on 'get_material_options_by_market_offering'
+
+**Check:** `replay`  
+**Severity:** HIGH  
+
+Identical request accepted twice with same req_id — no nonce/timestamp protection
+
+---
+
+### 4. [CRIT] [CRITICAL] Replay confirmed on WRITE tool 'wbs_automation_check_publish_status'
+
+**Check:** `replay`  
+**Severity:** CRITICAL  
+
+Destructive tool accepted replayed request — attacker can replay captured requests
+
+---
+
+### 5. [MED] [MEDIUM] Context overflow: get_material_options_by_market_offering accepts 10,000-char payload
+
+**Check:** `context_overflow`  
+**Severity:** MEDIUM  
+
+Attack: write max-size content → agent reads it → LLM context window overwhelmed → system prompt / guardrail instructions truncated
+
+---
+
+### 6. [HIGH] [HIGH] Weak session ID: Non-UUID/non-hex format: 'ixr6d3hIUVkjgz0lbTelQA'
+
+**Check:** `session`  
+**Severity:** HIGH  
+
+Predictable IDs allow session hijacking. Fix: CSPRNG ≥128-bit entropy (UUID v4)
+
+---
+
+### 7. [LOW] [LOW] Missing security headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Content-Security-Policy, Permissions-Policy
+
+**Check:** `headers`  
+**Severity:** LOW  
+
+These headers reduce XSS, clickjacking, and info-leakage risk
+
+---
+
+### 8. [LOW] [LOW] HSTS max-age too short: 16070400s (< 1 year)
+
+**Check:** `headers`  
+**Severity:** LOW  
+
+Recommend max-age ≥ 31536000 with includeSubDomains
+
+---
+
+### 9. [HIGH] [HIGH] CORS preflight allows arbitrary origins
+
+**Check:** `headers`  
+**Severity:** HIGH  
+
+Origin 'https://evil.attacker.com' was reflected/allowed in preflight
+
+---
+
+### 10. [HIGH] [HIGH] Resources accessible without auth — 6 items returned
+
+**Check:** `resources`  
+**Severity:** HIGH  
+
+Unauthenticated resources/list — may expose data / system prompt templates
+
+---
+
+## Remediation Reference
+
+| Check | Risk | Fix |
+| --- | --- | --- |
+| `enum` | Info disclosure | Require auth on `tools/list` |
+| `auth` | Auth bypass | Validate Bearer token server-side on every tool call |
+| `idor` | Data exposure | Scope resource access to the authenticated user |
+| `injection` | Prompt injection | Sanitise/escape all user-supplied strings before returning to LLM |
+| `schema` | Input validation | Enforce strict type validation at the MCP server layer |
+| `ssrf` | SSRF | Block RFC-1918/link-local URLs; use allowlist for external fetches |
+| `publish` | Unconfirmed action | Enforce confirmation gate in MCP layer, not only in agent prompt |
+| `rate` | DoS | Add rate limiting per token/IP |
+| `stored` | Stored injection | Escape stored content before returning in tool responses |
+| `scope` | Privilege escalation | Enforce token scopes server-side per tool |
+| `replay` | Replay | Add per-request nonce or timestamp window validation |
+| `context_overflow` | Context hijack | Enforce max field length at ingestion |
+| `poison_all` | Injection | Sanitise every response field, not just primary content |
+| `tenant` | Data leak | Scope cache keys and storage to tenant/user ID |
+| `session` | Session hijack | Use CSPRNG ≥128-bit entropy for session IDs (UUID v4) |
+| `rug_pull` | Supply chain | Pin tool versions; alert on description changes |
+
+---
+_Generated by [MCPPT](https://github.com/gurudeepmallam-cmd/mcppt) v2.0_

mcppt-1.0.0/mcppt/__init__.py

@@ -1 +0,0 @@
-__version__ = "1.0.0"