Network scanner and auditor for Model Context Protocol deployments
mcpmap, from Canack, is a security-auditing and network discovery tool for the Model Context Protocol that maps AI-integrated server infrastructure. It discovers MCP endpoints, enumerates available tools and assigns risk levels to flag potentially dangerous tool executions. The app offers tiered probing modes and integrity checks. Security researchers, AI system architects, and DevOps engineers use it to maintain visibility and reduce the risk of unauthorized AI operations. Its nmap-like interface is familiar to network administrators.
What tasks can you actually use it for?
mcpmap performs network-wide discovery using port scanning and HTTP heuristics to locate active MCP servers across IP ranges, then performs automated enumeration of exposed tools and resources. It supports both passive discovery and progressively intrusive probes so teams can gather metadata or exercise tools during penetration tests. Output is intended to produce actionable inventory data that helps surface which endpoints expose callable AI tools.
How reliable and actionable are its security findings?
The tool combines automated risk classification with behavioral checks, and it performs integrity verification using baseline pinning to detect unauthorized changes in tool definitions. It flags protocol-specific vectors such as schema poisoning, tool squatting, temporal rug-pulls, and exfiltration chains by analysing server responses and resource manifests. Accuracy depends on probe depth and server behavior, so high-risk findings require human verification before remediation.
Is it practical to install and embed in automation pipelines?
mcpmap is implemented in Rust, which gives a compact, performance-oriented binary suitable for scripted runs. Installation paths include Homebrew, Cargo, and Docker, and the developer provides a container image for headless environments. The app's JSON output option supports machine parsing and integration into CI/CD or monitoring systems, enabling scheduled audits and automated alerts within existing DevOps workflows.
Who should run intrusive probes, and where does it fit into workflows?
The intended audience includes security researchers, AI system architects, and DevOps engineers responsible for MCP deployments; the project is recognised within the MCP developer community as a critical utility. Default passive mode and the Tier 1 metadata-only probing level are appropriate for discovery on production networks. Higher tiers that invoke tools are intended for controlled penetration-testing environments and should not be run against unknown production services without authorization.
Practical for teams that embed automated MCP checks into audits
mcpmap is a pragmatic option for security teams that need repeatable discovery and flagging of risky MCP endpoints. Its findings supply signals suitable for automated monitoring and incident triage, but intrusive probes require controlled test environments and human review of high-risk results. Use the tool as part of an auditing pipeline to catch protocol-specific attack patterns, not as a sole oracle of system correctness.





