r/cybersecurity: mcpwn — Open-Source Security Testing Toolkit for MCP Servers Covering RCE, Path Traversal, and Prompt Injection

A developer released mcpwn, an open-source security scanner for Model Context Protocol servers that detects RCE via command injection, path traversal in file handling, prompt injection, and protocol vulnerabilities by analyzing server response content for exploitation signatures rather than solely crash behavior. The tool addresses a growing gap: MCP deployments are expanding rapidly as the AI agent ecosystem matures, but purpose-built security testing tooling has significantly lagged adoption.