mcp-strike is an open-source command-line tool designed for active, runtime adversarial testing of Model Context Protocol (MCP) servers. Below are 39 testing & qa apps with similar functionality to mcp-strike, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
mcp-mcts is an open-source CLI tool for local MCP security scanning, attack chain analysis, inventory management, and CI integration. It supports optional Semgrep and LLM analysis, making it suitable for security engineers and DevOps teams focused on codebase security.
mcp-security-scan is an open-source CLI tool that scans MCP servers for hardcoded secrets, unsafe execution, and missing authentication. It helps developers and security engineers identify and remediate vulnerabilities in their MCP infrastructure.
mcpvet is an open-source CLI tool that combines testing, linting, and contract validation for MCP servers. It integrates with pytest and ESLint, streamlining the development and quality assurance process for developers working with the Model Context Protocol.
Static analysis tool for MCP server Python code — detects security vulnerabilities via AST and taint tracking.
mcp-audits is an open-source CLI tool that scans, enumerates, and risk-scores permissions on locally configured MCP servers. It is designed for security engineers and AI infrastructure operators to ensure safe and compliant access control in AI systems.
Security scanner for MCP (Model Context Protocol) servers - pentest your AI agent's tool connections
Simple MCP Client to quickly test and explore MCP servers from the command line
Test your MCP server like you test an API — declarative YAML, CI-ready, zero boilerplate.
AI-powered security vulnerability scanner for MCP (Model Context Protocol) servers with automatic fixes, secret detection, and multi-channel alerts
mcp-checkup is an open-source CLI utility that audits MCP server setups, measuring context tax and hygiene. It helps AI infrastructure engineers and developers ensure their Model Context Protocol servers are efficient and healthy by providing detailed health checks and token analysis.
Reconnaissance and known-issue scanner for Model Context Protocol (MCP) servers
mcp-risk-linter is an open-source CLI tool that analyzes MCP server tools for readiness and security risks, including authentication, filesystem, shell, and network vulnerabilities. It helps developers and DevOps teams ensure safer deployments.
mcpscore is an open-source CLI tool that analyzes MCP servers for compliance, quality, and protocol validation. It generates comprehensive reports to help developers and administrators ensure their Model Context Protocol servers meet required standards.
Linter for MCP (Model Context Protocol) config files used by Claude Desktop, Cursor, Cline, Windsurf, and Zed. CLI + library API.
mcp-bandit is an open-source command-line tool for scanning Model Context Protocol (MCP) servers for security vulnerabilities, including prompt injection and SSRF. It is designed for security engineers to audit and analyze MCP deployments.
mcp-check-security is an open-source command-line tool that performs offline security checks on Model Context Protocol (MCP) server configurations. It helps developers and security engineers identify potential vulnerabilities and misconfigurations before deployment. The tool is designed for use in AI infrastructure environments.
dfx-mcp-scanner is an open-source CLI tool for scanning Model Context Protocol (MCP) servers to detect malicious tools, data exfiltration, and supply chain risks. It is designed for security engineers managing AI agent infrastructure.
Security scanner for MCP servers — detect prompt injection, credential leaks, exposed endpoints, and tool poisoning
Convert MCP server tools into hierarchical CLI commands and agent Skills
CI gate for MCP servers
threatray-mcp is an open-source MCP server designed for integrating malware analysis and threat intelligence into security workflows. It supports YARA and other threat intelligence tools, making it suitable for security researchers and teams.
mcp-audit-scanner is an open-source CLI tool designed to audit Model Context Protocol (MCP) server configurations for security and privacy vulnerabilities. It assists security engineers in identifying and mitigating risks in AI agent infrastructure.
mcpsnare is an open-source CLI tool that actively scans Model Context Protocol (MCP) servers for vulnerabilities using confirmation-driven techniques. It is designed for security professionals to automate security assessments and penetration testing of MCP endpoints.
mcp-surfaceprint is an open-source CLI tool that allows users to inspect what an MCP server exposes before connecting to it. It helps security engineers and AI infrastructure teams audit and verify server configurations for safe integration with agent systems.
mcp-toolguard is an open-source CLI tool for contract testing, drift detection, and security checks on MCP servers. It integrates with CI pipelines and production environments to help DevOps engineers maintain server integrity.
mcptest is an open-source CLI tool designed for automated testing of Model Context Protocol (MCP) servers in CI environments. It provides compliance scoring, security scanning, and schema drift detection, streamlining MCP server validation for developers and DevOps teams.
MCP Pre-Flight is a web-based tool that audits Model Context Protocol (MCP) server submissions for compatibility with Claude and OpenAI directories. It performs protocol checks, OAuth validation, and source code analysis to help developers ensure compliance before submission.
ShieldMCP is a web-based security scanner that analyzes Model Context Protocol (MCP) configuration files for vulnerabilities, including permission risks, exposed secrets, and supply chain threats. It provides instant feedback and actionable fixes, helping MCP administrators secure their deployments efficiently.
mcp-defectdojo is an open-source MCP server that extends DefectDojo's vulnerability management capabilities with RBAC, audit chains, and SIEM forwarding. It is designed for security teams needing advanced integration and automation.
mcp-gui-tester is an open-source PyQt6 desktop application for developers to test and interact with MCP (Model Context Protocol) servers over HTTP. It provides a graphical interface to list tools, fill parameters, call tools, and inspect results, streamlining the development and debugging process for MCP integrations.
mcp-agent-tester is an open-source tool for inspecting, testing, and running MCP servers and agents. It provides both a web UI and CLI, supports JSON trace export, and is designed for developers working with Model Context Protocol agents and infrastructure.
Call any MCP server tool from the command line with shell composition support
Lookup MCP servers in the official MCP Registry by name or URL.
hexis-mcp-guard is an open-source command-line tool that scans Model Context Protocol (MCP) servers for security vulnerabilities. It checks for issues such as misconfigurations and exposed secrets, helping administrators secure their MCP deployments. Designed for security engineers and server admins.
mcp-builder-toolkit is an open-source CLI utility that generates Python MCP server projects based on manifest files. It streamlines the process of creating readable and tested server code, making it easier for developers to scaffold and maintain MCP-compliant services.
bash-vet-mcp is an open-source CLI tool and MCP server that analyzes and vets shell commands generated by LLMs before execution. It detects potentially destructive patterns and enforces security rules, helping developers and AI agent operators run automation safely.
MCP server for Keysight CyPerf network testing platform
certindex-mcp is an open-source MCP server that exposes CertIndex's Certificate Transparency search tools to any MCP-compatible client. It allows developers and security professionals to integrate CT log search capabilities into their workflows using the Model Context Protocol.
asmhunter-mcp is an open-source MCP server that enables AI-driven bug-bounty reconnaissance, monitoring, triage, and reporting. It is designed for security professionals and integrates with AI agents to streamline vulnerability discovery and management.