attAck-mcp-server
@alex-llm
About attAck-mcp-server
This project is an MCP (Model Context Protocol) server for querying ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) techniques and tactics. It provides a way to access and retrieve information about various attack techniques and tactics used by adversaries.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"attAck-mcp-server": {
"command": "python",
"args": [
"main.py"
]
}
}
}Tools
8`technique_id` (string, optional): The ID of the technique to query.
按ID查询:
`technique_id` (string, optional): 要查询的技术ID。
按ID查询:
`technique_id` (string, required): 要查询的技术ID
`technique_id` (string, required): 要查询的技术ID
** None
** 返回服务与数据集的版本、维护者和Git信息。
Overview
What is attAck-mcp-server?
attAck-mcp-server is an MCP (Model Context Protocol) server that provides tools to query the MITRE ATT&CK knowledge base for adversary techniques, tactics, mitigations, and detections. It is designed for security analysts, threat researchers, and AI agents integrated via MCP clients.
How to use attAck-mcp-server?
Clone the repository, install dependencies with pip install -r requirements.txt, and ensure enterprise-attack.json is in the project root. Then run python main.py for local stdio mode, or python main.py --mode http --host 0.0.0.0 --port 8081 for HTTP mode. Configure your MCP client to connect using the chosen transport and tool names.
Key features of attAck-mcp-server
- Query techniques by ID or name (fuzzy search).
- Retrieve full technique details including sub-techniques.
- Look up mitigations and detections for a technique.
- List all ATT&CK tactics.
- Return server version and dataset information.
- Supports both local stdio and HTTP/Streamable transports.
Use cases of attAck-mcp-server
- A security analyst queries a technique ID to get its description and platform.
- A threat researcher performs a fuzzy name search for "phishing" to find related techniques.
- An incident responder looks up mitigations and detections for a detected technique.
- A developer retrieves the full list of ATT&CK tactics to integrate into a dashboard.
FAQ from attAck-mcp-server
How do I connect my MCP client to attAck-mcp-server?
You can use stdio mode (default) by running python main.py and configuring your client for local stdio, or HTTP mode by running python main.py --mode http --host 0.0.0.0 --port 8081 and entering http://127.0.0.1:8081/mcp as the server URL.
What dependencies does attAck-mcp-server require?
Install Python dependencies with pip install -r requirements.txt. The MITRE ATT&CK data must be available as a file named enterprise-attack.json in the project root directory.
What tools are provided by attAck-mcp-server?
The server provides six tools: query_technique, search_technique_full, query_mitigations, query_detections, list_tactics, and server_info. Each accepts optional or required arguments as described in the README.
Is attAck-mcp-server suitable for remote or cloud deployments?
Yes. The server can run in HTTP mode and listen on any host and port, making it suitable for remote access or deployment on platforms like Smithery Cloud. It automatically picks up environment variables such as PORT or MCP_TRANSPORT to adapt to the hosting environment.
Does attAck-mcp-server require authentication or API keys?
No authentication or API keys are mentioned. The server runs as a local or network service that MCP clients connect to directly.
More Other MCP servers
Codelf
unbugA search tool helps dev to solve the naming things problem.
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Blender
ahujasidOpen-source MCP to use Blender with any LLM
🪟 Windows-MCP
CursorTouchMCP Server for Computer Use in Windows
Nginx UI
0xJackyYet another WebUI for Nginx
Comments