Your agents trust their tools. LEVIATHAN tests whether they should.
MCP is the protocol agents trust for tool discovery. LEVIATHAN assesses every layer of that trust — from server discovery and fingerprinting to schema integrity, trust redirection, and lateral movement through delegation chains. If it touches MCP, LEVIATHAN tests it.
Discovers MCP servers via port scanning, registry enumeration, and DNS resolution. Maps tool definitions, capabilities, and trust relationships across the environment.
Creates controlled MCP server replicas for security testing. Clones tool definitions, capabilities, and TLS certificates. Full JSON-RPC response handling.
Generates test cases that modify tool definitions — hidden parameters, type changes, description alterations, annotation removal. Tests whether agents detect modifications.
Fingerprints MCP server implementations and assesses security posture. Checks authentication, TLS, SSRF indicators, schema enforcement, token handling, and transport security.
Assesses whether agents detect server identity changes — DNS remapping, TLS certificate swaps, registry updates, and capability drift. Tests trust validation mechanisms.
Analyses what a compromised MCP server enables — data access, command execution, privilege escalation, denial of service, and data manipulation across connected agents.
Maps lateral movement paths through MCP trust relationships. BFS graph analysis, delegation chain discovery, blast radius calculation, and critical server identification.
Captures and signs every assessment action with Ed25519 cryptographic integrity. Tamper-proof evidence trail for audit, compliance, and legal hold.
Cryptographic override. Private key controlled. One operator. Founder's machine only. ANTIDOTE not available — MCP compromise is architectural.
Discovery and fingerprinting only. Maps MCP servers, enumerates tools, identifies trust relationships. No active interference. No server modification.
Simulates all assessment techniques. Schema tests, redirection tests, impact analysis. Ed25519 required. Shows what would happen without executing.
Full assessment with active techniques. 44 UNLEASHED findings across 8 attack vectors. Server impersonation, registry manipulation, tool injection, agent command assessment.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
8 subsystems. 44 UNLEASHED findings. 8 attack vectors. Every MCP server. Every trust relationship. Every tool definition. Assessed.