MCP.so
Sign In

Overview

What is Red-team-mcp?

Red-team-mcp is a Model Context Protocol server that provides resources and tools for AI agents to use during red teaming exercises and security testing. It integrates with external security tools such as masscan, nuclei, SSH client, Metasploit RPC, and subfinder, and stores findings in a MongoDB database.

How to use Red-team-mcp?

Set up external dependencies (MongoDB, nuclei, masscan), populate the Metasploit exploits database using the provided scripts, and ensure the Metasploit RPC server is running. Then configure an MCP client to connect to the server, and use the available tools and resources for security testing tasks.

Key features of Red-team-mcp

  • High-speed port scanning via masscan integration
  • Vulnerability detection using Nuclei templates
  • SSH command execution and brute-force capabilities
  • Metasploit exploit database with fast search
  • Exploit execution against targets with payload configuration
  • Domain discovery using subfinder

Use cases of Red-team-mcp

  • Automated reconnaissance and open port discovery
  • Vulnerability scanning with customizable severity filters
  • Credential testing via SSH brute force
  • Searching and executing Metasploit exploits
  • Conducting red team exercises with an AI-driven agent

FAQ from Red-team-mcp

What external tools are required?

Red-team-mcp requires masscan, nuclei, a working SSH client, Metasploit Framework with its RPC server, subfinder, and a MongoDB instance on localhost.

How is the Metasploit exploit database set up?

Run python scripts/setup_exploits_db.py after ensuring MongoDB is running and Metasploit RPC is accessible. This pre-populates the database with all Metasploit exploits and their metadata.

How can I search for exploits?

Use the search_exploits_fast() tool with parameters like platform, CVE, rank, author, or keywords. Examples include search_exploits_fast(platform='windows', search_term='smb').

Where are scan results stored?

All scan findings and exploit metadata are stored in a MongoDB database, allowing fast querying and retrieval by the AI agent.

Does the server require authentication?

SSH tools use credential authentication. The Metasploit RPC connection uses a password configured in the server. No other authentication layer is described in the README.

Tags

More from Other