MCP.so
Sign In

Metasploit MCP Server

@GH05TCREW

About Metasploit MCP Server

MCP Server for Metasploit

Basic information

Category

Other

License

Apache-2.0

Runtime

python

Transports

stdio

Publisher

GH05TCREW

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "MetasploitMCP": {
      "command": "python",
      "args": [
        "MetasploitMCP.py",
        "--transport",
        "http"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Metasploit MCP Server?

A Model Context Protocol (MCP) server that bridges large language models like Claude with the Metasploit Framework penetration testing platform. It provides standardized tools for dynamically accessing and controlling Metasploit functionality through natural language, enabling automated security testing workflows.

How to use Metasploit MCP Server?

Install dependencies with pip install -r requirements.txt, start the Metasploit RPC service (msfrpcd), then run MetasploitMCP.py. The server supports two transports: HTTP/SSE (default) for most MCP clients, or STDIO for Claude Desktop integration. Configure environment variables for MSF_PASSWORD and optionally MSF_SERVER, MSF_PORT, MSF_SSL, and PAYLOAD_SAVE_DIR.

Key features of Metasploit MCP Server

  • Search and list exploit, payload, and auxiliary modules
  • Execute exploits, auxiliary, and post-exploitation modules
  • Generate payload files and save them locally
  • List, manage, and terminate active sessions
  • Start, list, and stop listeners and background jobs

Use cases of Metasploit MCP Server

  • Conduct automated penetration testing with AI-driven exploit selection and execution
  • Quickly search for relevant Metasploit modules during security assessments
  • Perform post-exploitation enumeration (e.g., logged-on users, system info)
  • Generate and deliver custom payloads for reverse connections
  • Manage reverse handlers and active sessions through a conversational interface

FAQ from Metasploit MCP Server

What are the prerequisites to run Metasploit MCP Server?

You need Metasploit Framework installed with msfrpcd running, Python 3.10 or higher, and the required Python packages from requirements.txt.

How do I configure authentication?

Set the MSF_PASSWORD environment variable to match the password used when starting msfrpcd with the -P flag.

What transport options are available?

The server supports HTTP/SSE (Server-Sent Events) for most MCP clients and STDIO for Claude Desktop integration. Use the --transport flag to select.

Where are generated payloads saved?

By default, payloads are saved to a payloads directory in the user's home folder (~/payloads). This can be overridden with the PAYLOAD_SAVE_DIR environment variable.

Is Metasploit MCP Server safe for production networks?

The README includes a strong security warning: this tool provides direct access to exploitation features and should only be used in environments where explicit permission for security testing has been granted.

Comments

More Other MCP servers