Documentation → Scanning
Scanning is how MCTS finds MCP servers and collects data before analysis. You only need one scan mode for most workflows.
Answer these questions:
Do you have the server's source code on disk?
- Yes →
mcts scan ./server.pyormcts scan ./repo/(getting started) - Not sure which file →
mcts scan . --auto
Confused by Overall Score vs Absolute Risk? → Scoring developer guide
Do you need what the server advertises at runtime?
- Add
--live --i-understand-live-risk→ Live scanning
Is the server hosted remotely (no local source)?
--url https://...→ Remote scanning
Do you have an exported tools/list JSON and no network?
--snapshot tools.json→ Static snapshot
Do you want to audit MCP configs on your machine?
mcts inventory --scanormcts scan --machine-wide→ Config inventory
Do you want to stress-test protocol handling?
mcts fuzzthen pipe events into scan → Protocol fuzzing
| Mode | Reads source | Starts server | Network | Command |
|---|---|---|---|---|
| Static (default) | Yes | No | No | mcts scan ./server.py |
| Live | Optional | Yes | No | mcts scan … --live --i-understand-live-risk |
| Remote | No | No | Yes | mcts scan . --url … --i-understand-live-risk |
| Snapshot | No | No | No | mcts scan . --snapshot tools.json |
| Inventory | Config only | No | No | mcts inventory --scan |
| Fuzz | No | Yes | No | mcts fuzz … |
After discovery, all modes feed the same analyzers and produce the same report format (legacy score + v2 score_v2 when --scoring v2|both, default both).
| Guide | When to read it |
|---|---|
| Live Scanning | Probe a running local server |
| Remote Scanning | Scan a hosted HTTP/SSE endpoint |
| Static Snapshot | Air-gapped scan from JSON |
| Protocol Fuzzing | Protocol hardening tests |
| TypeScript Discovery | Node.js / TypeScript MCP servers |
| Config Inventory | Local MCP client configs + skills |
| Readiness Scanning | Production readiness (not security score) |
- Getting started
- Security checks — what runs after discovery
- CLI reference
- Documentation index