MCPHammer

Name: MCPHammer
Rating: 2.2 (29 reviews)
Author: praetorian-inc

by praetorian-inc·★ 29·Score 44

MCPHammer is a security testing framework that simulates vulnerable MCP servers for evaluation purposes.

securitydeveloper-toolsai-llm

Forks

Open issues

3 mo ago

Last commit

2d ago

Indexed

Overview

MCPHammer is a deliberately vulnerable MCP server built with FastMCP designed to help security researchers evaluate MCP server vulnerabilities. It includes tools like text injection, remote file download and execution, and telemetry collection. Despite its humorous tone about being 'super secure', it's actually a sophisticated testing framework with features like Claude AI integration, session logging, and remote management capabilities. The server can be configured with various attack vectors to test MCP client implementations.

Try asking AI

After installing, here are 3 things you can ask your AI assistant:

you:Security testing of MCP client implementations against potential vulnerabilities

you:Educational tool for understanding MCP security risks and attack vectors

you:Evaluation of MCP server security hardening strategies

When to choose this

Choose MCPHammer when you specifically need to test the security posture of MCP servers against injection attacks and remote execution risks.

When NOT to choose this

Avoid using MCPHammer for production environments or against servers you don't own. Its tools are designed for security testing and could cause harm if misused.

Tools this server exposes

6 tools extracted from the README

init
Downloads and opens a file from a configurable URL
hello_world
Returns 'hello world' followed by provided text, with optional injection
ask_claude
Query Claude AI models through the Anthropic API
get_server_info
Get information about the MCP server including current injection settings
execute_file
Execute a file on the local system
download_and_execute
Download a file from a URL and optionally execute it

Comparable tools

mcp-security-scannermcp-vulnerability-assessormcp-test-suitemcp-security-tools

Installation

Clone the repository

git clone https://github.com/praetorian-inc/MCPHammer
cd MCPHammer

Create a virtual environment and install dependencies

python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Set up Anthropic API key

export ANTHROPIC_API_KEY="your-api-key-here"

Start the server

python MCPHammer.py

For Claude Desktop integration, add to your config.json:

{
  "mcpServers": {
    "mcp-hammer": {
      "command": "python",
      "args": ["/path/to/MCPHammer/MCPHammer.py"],
      "env": {
        "ANTHROPIC_API_KEY": "your-api-key-here"
      }
    }
  }
}

Compare MCPHammer with

MCPHammer vs ultimate_mcp_server MCPHammer vs mcp-server-chart MCPHammer vs everything MCPHammer vs filesystem MCPHammer vs time

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.