🚨 DVMCP - Damn Vulnerable Model Context Protocol

⚠️ CRITICAL SECURITY WARNING ⚠️

THIS APPLICATION CONTAINS INTENTIONAL SECURITY VULNERABILITIES

This is a deliberately vulnerable application designed for:

• Security training
• Penetration testing practice
• MCP vulnerability research

DO NOT DEPLOY THIS IN PRODUCTION OR ANY INTERNET-FACING ENVIRONMENT

🎯 Purpose

DVMCP is the first dedicated penetration testing lab for Model Context Protocol (MCP) vulnerabilities. Similar to DVWA, but specifically targeting AI/LLM integration security.

🔥 Real Vulnerabilities Included

• Command Injection - Execute arbitrary system commands
• SQL Injection - Dump database contents
• Path Traversal - Read system files
• Authentication Bypass - Hijack sessions
• Prompt Injection - Manipulate AI behavior
• Token Theft - Steal API credentials
• Privilege Escalation - Gain admin access

🚀 Quick Start

# Clone the repository
git clone https://github.com/yourusername/dvmcp.git
cd dvmcp

# Run with Docker (RECOMMENDED - Isolated Environment)
docker-compose up -d

# Access the lab
http://localhost:5000

🏁 CTF Flags

Hidden flags are scattered throughout the system:

• FLAG{dvmcp_welcome} - Find your first flag
• More flags hidden in exploits...

📚 Documentation

• Setup Guide
• Vulnerability Guide
• Exploitation Walkthrough

⚡ Difficulty Levels

• Easy: Basic vulnerabilities with hints
• Medium: Real-world scenarios
• Hard: Advanced exploitation required

🛡️ Responsible Use

This lab is for educational purposes only. By using DVMCP, you agree to:

• Only run it in isolated environments
• Not use learned techniques maliciously
• Report any unintended vulnerabilities

---

Remember: With great power comes great responsibility. Happy hacking! 🎩