MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

L
Localmcpinventory
by @kannanprabu
GitHub Repo(1 stars)

MCP server by kannanprabu

Created 6/3/2026
Updated about 5 hours ago
README
View Source
Repository documentation and setup instructions

MCP Server Discovery Toolkit

Enterprise toolkit for discovering, inventorying, and monitoring unauthorized MCP (Model Context Protocol) servers across the corporate estate.

Author: Kannan Ramamoorthy Version: 2.0.0

Overview

This toolkit provides end-to-end MCP server discovery -- from scanning a single laptop to continuous fleet-wide monitoring via Intune and MDE threat hunting.

One machine           --> Script 1 (local scan)
Many machines         --> Script 2 (fleet scan via WinRM)
Continuous monitoring --> Script 3+4 (Intune, runs every hour)
Threat hunting        --> Script 5 (KQL in MDE portal)

Quick Start

# Step 1: Run locally to test (no setup needed)
Set-ExecutionPolicy Bypass -Scope Process
.\Detect-MCPServers-Local.ps1

# Step 2: Export results to JSON for review
.\Detect-MCPServers-Local.ps1 -ExportJson

# Step 3: Deploy to enterprise (see Intune Deployment below)

Scripts

1. Detect-MCPServers-Local.ps1

What it does: Scans your own machine for any MCP servers.

What it checks (9 areas):

  1. Config files -- Claude Desktop, Cursor, VS Code, VS Code Insiders, Windsurf, VSCodium, Copilot CLI, Claude Code, workspace .vscode/mcp.json
  2. Running processes -- node, python, npx, uvx, deno, bun with MCP patterns (deduplicated by PID)
  3. Network ports -- 19+ common MCP ports with IPv4+IPv6 support, smart probing (root, /sse, /mcp, HTTPS)
  4. Named pipes -- Windows IPC channels with MCP keywords
  5. Registry -- startup entries, scheduled tasks referencing MCP/Claude
  6. Docker containers -- running containers with MCP-related images
  7. WSL environments -- MCP configs and processes inside WSL distros
  8. Installed packages -- npm, pnpm, pip, pipx, uv tool, winget (with -SkipPackages option)
  9. Environment variables -- API keys (ANTHROPIC_API_KEY, MCP_SERVER, CLAUDE_, etc.)

What you see:

  • Summary card with total findings and risk counts
  • Confidence scoring (Confirmed / Likely / Candidate) to reduce false positives
  • Findings grouped by category with risk level
  • List of unique MCP server names discovered
  • Active MCP processes with PIDs (deduplicated)
  • High risk items highlighted (if any)

Usage:

# Basic scan (console output only, no file dump)
.\Detect-MCPServers-Local.ps1

# Export to JSON for sharing/analysis
.\Detect-MCPServers-Local.ps1 -ExportJson

# Export to CSV (for Excel, with formula-injection hardening)
.\Detect-MCPServers-Local.ps1 -ExportCsv -OutputPath "C:\Reports\MCP_Scan"

# Scan additional custom ports
.\Detect-MCPServers-Local.ps1 -AdditionalPorts 9090,9443 -ExportJson

# Fast scan (skip package managers and port probing)
.\Detect-MCPServers-Local.ps1 -SkipPackages -SkipPortProbe

# Deep scan (probe all ports, not just runtime-owned)
.\Detect-MCPServers-Local.ps1 -DeepScan -ExportJson

Requirements: Windows 10/11 or Windows Server 2019+. Admin preferred for full process details.

Think of it as: A security flashlight you shine on one laptop.

2. Invoke-MCPFleetScan.ps1

What it does: Runs MCP detection remotely across hundreds/thousands of machines at once.

How it works:

  • Takes a list of computers (from Active Directory, CSV file, or manual list)
  • Connects to each machine via WinRM (PowerShell Remoting)
  • Runs detection in parallel (20 machines at a time, configurable)
  • Aggregates all results into one fleet report
  • Shows top affected hosts and risk breakdown

Usage:

# Scan specific computers
.\Invoke-MCPFleetScan.ps1 -ComputerNames "PC001","PC002","PC003" -Credential (Get-Credential)

# Scan all Windows computers from an AD OU
.\Invoke-MCPFleetScan.ps1 -ADOrgUnit "OU=Workstations,DC=corp,DC=contoso,DC=com"

# Scan from a CSV list (must have "ComputerName" column)
.\Invoke-MCPFleetScan.ps1 -ComputerListCSV ".\endpoints.csv" -ExportHtml -ExportJson

# Increase parallelism for large fleets
.\Invoke-MCPFleetScan.ps1 -ComputerListCSV ".\endpoints.csv" -ThrottleLimit 50 -ExportCsv

CSV format expected:

ComputerName
PC001
PC002
PC003

Requirements: RSAT, ActiveDirectory module (for AD OU mode), WinRM enabled on target machines.

Think of it as: Running the flashlight across your entire office building at once.

3. MCP-Intune-Detection.ps1

What it does: Silently runs on every Intune-managed device to check for MCP servers. This is the recommended approach for continuous enterprise monitoring.

How it works:

  • Deployed via Intune Proactive Remediations
  • Runs as SYSTEM -- scans ALL user profiles on the machine (not just one user)
  • Checks configs, processes, ports, npm packages, env vars across all users
  • Writes results to registry key HKLM:\SOFTWARE\Microsoft\MCP_Discovery
  • Returns exit code: 0 = clean, 1 = MCP detected (triggers remediation)
  • Registry results can be queried fleet-wide via MDE Advanced Hunting (Script 5, Query 4)

Intune Deployment Steps:

  1. Go to Intune > Devices > Scripts & Remediations > Proactive Remediations
  2. Create a new remediation package
  3. Upload MCP-Intune-Detection.ps1 as the Detection script
  4. Upload MCP-Intune-Remediation.ps1 as the Remediation script
  5. Configure settings:
    • Run this script using the logged-on credentials: No (runs as SYSTEM)
    • Enforce script signature check: No
    • Run script in 64-bit PowerShell: Yes
  6. Set schedule: Every 1 hour (recommended)
  7. Assign to a device group (start with a pilot group, then expand)

What gets written to registry:

HKLM:\SOFTWARE\Microsoft\MCP_Discovery
  - LastScan      : timestamp of last scan
  - FindingCount  : number of findings (integer)
  - Findings      : pipe-delimited list of findings
  - Hostname      : machine name
  - Status        : DETECTED or CLEAN

Think of it as: A silent alarm sensor on every managed device -- always watching.

4. MCP-Intune-Remediation.ps1

What it does: Only runs when the Detection script finds MCP (exit code 1). Collects detailed inventory and optionally alerts SOC.

How it works:

  • Collects full process inventory (name, PID, owner, command line)
  • Scans config files across ALL user profiles on the machine
  • Redacts secrets/tokens before logging
  • Writes enriched JSON report to registry
  • Discovery-only by default -- does NOT kill anything
  • Can optionally kill MCP processes (requires SOC approval)
  • Can send alerts to Teams/Sentinel via webhook

Configuration (edit before deploying):

# Inside the script, change these values:
$EnforceRemediation = $false   # Set $true to kill MCP processes (SOC approval required)
$SOCWebhookUrl     = ""        # Teams/Sentinel/Logic App webhook URL for alerts

SOC Webhook alert format: Sends a Teams MessageCard with host name, timestamp, and detected processes.

Think of it as: When the alarm goes off, this is the security guard that investigates and reports.

5. MCP-MDE-AdvancedHunting.kql

What it does: 10 ready-to-use KQL queries for Microsoft Defender portal to hunt for MCP activity across your entire fleet.

| Query | What It Finds | Lookback | |-------|---------------|----------| | 1. MCP Process Detection | node/python/deno/bun launching MCP server patterns | 7 days | | 2. MCP Config File Activity | Creation/modification of MCP config files (expanded paths) | 14 days | | 3. MCP Network Connections | Connections on 19+ MCP ports (IPv4+IPv6) | 7 days | | 4. Intune Registry Beacon | Registry data from Intune Detection script | 1 day | | 5. Package Manager Installs | npm/pip/pipx/pnpm/yarn/uv/bun MCP packages | 30 days | | 6. API Key Exposure | API keys visible in process command lines | 7 days | | 7. Fleet Summary Dashboard | Fleet-wide MCP summary for exec reporting | 7 days | | 8. Inbound Lateral Movement | MCP servers accepting non-localhost connections | 7 days | | 9. Docker Container MCP | Docker containers running MCP-related images | 7 days | | 10. WSL MCP Activity | WSL processes running MCP servers | 7 days |

How to use:

  1. Go to security.microsoft.com > Hunting > Advanced Hunting
  2. Copy and paste any individual query from the .kql file
  3. Click Run query
  4. For executive dashboards, use Query 7

Think of it as: The security camera footage you review in the MDE console.

Recommended Enterprise Deployment

Phase 1: Validate (Day 1)

  • Run Script 1 locally on your machine to verify detection works
  • Review the console output and exported JSON

Phase 2: Pilot (Week 1)

  • Deploy Scripts 3+4 via Intune to a small pilot group (10-50 devices)
  • Use Script 5 Query 4 in MDE to see pilot results fleet-wide
  • Validate findings are accurate, no false positives

Phase 3: Fleet Rollout (Week 2+)

  • Expand Intune assignment to all managed devices
  • Set up recurring MDE Advanced Hunting queries or custom detection rules
  • Optional: Configure SOC webhook for real-time alerts

Phase 4: Ongoing Monitoring

  • Intune runs every hour automatically
  • Use MDE Query 7 for weekly executive reports
  • Use Script 2 for ad-hoc sweeps of non-Intune machines

How They All Fit Together

| Use Case | Script | When to Use | |----------|--------|-------------| | Test on your own machine | Script 1 | Ad-hoc, development, validation | | One-time fleet sweep | Script 2 | Incident response, machines without Intune | | Continuous monitoring | Scripts 3+4 | Ongoing, deployed via Intune (recommended) | | SOC investigation and reporting | Script 5 | Threat hunting, executive dashboards |

Risk Levels

| Level | Meaning | Examples | |-------|---------|----------| | High | Credentials exposed or active MCP with secrets | API keys in env vars, configs with TOKEN/SECRET | | Medium | MCP server present but no credential exposure | Running MCP process, config file found | | Low | Indicator present but not active | Installed npm package, registry entry |

Confidence Levels (v2.0)

| Level | Meaning | Examples | |-------|---------|----------| | Confirmed | MCP verified via config parsing, HTTP probe, or package match | Config with mcpServers block, SSE response confirmed | | Likely | Strong indicator but not definitively confirmed | Runtime process with stdio/RPC pattern, named pipe | | Candidate | Weak indicator, may be a false positive | Common port with non-runtime process listening |

Requirements

| Script | Requirements | |--------|-------------| | Script 1 | Windows 10/11, Windows Server 2019+ (Admin preferred) | | Script 2 | RSAT, ActiveDirectory module, WinRM enabled on targets | | Scripts 3+4 | Intune-managed endpoints, deployed as Proactive Remediation | | Script 5 | Microsoft Defender for Endpoint, Advanced Hunting access |

Known Limitations

  • Linux/Mac: These scripts are Windows-only. Linux and macOS endpoints require separate tooling.
  • Script 2 (Fleet Scan): Requires WinRM enabled on targets. Many environments disable this by default.
  • Intune scripts: Only cover Intune-managed (enrolled) devices. BYOD and unmanaged devices are not scanned.
  • MDE queries: Only work on MDE-onboarded devices.
  • Port scanning: Confidence scoring (v2.0) reduces false positives — only runtime-owned ports are probed by default.
  • WSL scanning: Requires WSL distros to be in a running or startable state.
  • Docker scanning: Requires Docker Desktop to be running.

Changelog

v2.0.0

Consistency & completeness update — all scripts now share the same detection logic:

  • Expanded config paths: Added VS Code Insiders, Windsurf, VSCodium, Claude Code (.claude.json, .claude/settings.json), workspace .vscode/mcp.json, nested mcp.servers format
  • Expanded process patterns: Added mcp-proxy, supergateway, smithery, mcpo, bun.exe; deduplicated by PID
  • Expanded port list: 19 ports (added 3002, 3333, 4001, 5001, 5555, 8001, 9001); IPv4+IPv6 via Get-NetTCPConnection
  • Confidence scoring: All findings tagged as Confirmed/Likely/Candidate to reduce false positives
  • Smart port probing: Only probes ports owned by runtime processes (node/python/etc.) unless -DeepScan; probes /, /sse, /mcp independently; HTTPS support for 8443
  • Full redaction: Centralized Invoke-Redact function covers key=value, --token VALUE, "key":"value", Bearer tokens, connection strings
  • Docker detection: Scans running containers for MCP-related images
  • WSL detection: Scans WSL distros for MCP configs and processes
  • Package managers: Added pipx, pnpm, uv tool support; -SkipPackages switch for performance
  • Performance: Excluded heavy directories (node_modules, .git, OneDrive, caches); process owner lookup only on matched processes; -SkipPortProbe switch
  • CSV hardening: Formula-injection protection for Excel export
  • Output directory creation: Auto-creates export path if missing
  • KQL queries: Added Query 9 (Docker) and Query 10 (WSL); expanded all patterns and ports to match PS scripts
  • Fleet scan: Remote scriptblock aligned with all v2.0 patterns, all user profiles scanned, IPv6 support
  • Intune scripts: Same expanded config paths, process patterns, port list, Docker detection, pipx support

v1.1.0

  • Fixed: Console output no longer dumps raw PowerShell objects
  • Fixed: Intune scripts now scan ALL user profiles (not just SYSTEM profile)
  • Fixed: Registry writes use New-ItemProperty -PropertyType instead of invalid -Type parameter
  • Fixed: Replaced Unicode box-drawing characters with ASCII for PowerShell 5.1 compatibility
  • Added: Clean summary console output with category breakdown, server list, and active processes
  • Added: Comprehensive README with deployment guide

v1.0.0

  • Initial release
Quick Setup
Installation guide for this server

Installation Command (package not published)

git clone https://github.com/kannanprabu/LocalMCPInventory
Manual Installation: Please check the README for detailed setup instructions and any additional dependencies required.

Cursor configuration (mcp.json)

{ "mcpServers": { "kannanprabu-localmcpinventory": { "command": "git", "args": [ "clone", "https://github.com/kannanprabu/LocalMCPInventory" ] } } }