MCP GOAT
Intentionally vulnerable MCP server for security training, mapping to OWASP MCP Top 10 with 10 exploitable scenarios ...
What it does
Intentionally vulnerable MCP server for security training, mapping to OWASP MCP Top 10 with 10 exploitable scenarios for learning MCP security vulnerabilities.
An intentionally vulnerable MCP server designed for security education, analogous to OWASP WebGoat but for the MCP ecosystem. Maps to the OWASP MCP Top 10 (2025) with 10 exploitable vulnerability scenarios including token mismanagement, path traversal, SQL injection, tool poisoning, and privilege escalation. Pairs with the ramparts Rust security scanner to guide practitioners through identifying and remediating vulnerabilities.
Capabilities
Server
Quality
deterministic score 0.56 from registry signals: · indexed on pulsemcp · has source repo · 3 github stars · registry-generated description present