Price Per TokenPrice Per Token
attAck MCP Server

attAck MCP Server

by alex-llm

GitHub 3 410 uses Remote
0

About

attAck MCP Server is an interface to the MITRE ATT&CK framework, providing access to a curated knowledge base of adversary tactics, techniques, and procedures (TTPs) observed in real-world cyber attacks. It enables security teams to research attack behaviors, understand platforms at risk, and identify defensive countermeasures. Key capabilities include: - Query techniques by MITRE ID (such as T1059.001) or partial-name fuzzy search to quickly find relevant attack methods. - Retrieve comprehensive attack profiles including affected platforms, kill chain phases, data sources, and external references. - Access mitigation strategies and detection methods for each technique to support defensive planning. - Browse all ATT&CK tactics spanning the cyber attack lifecycle from Initial Access to Exfiltration.

README

attAck-mcp-server

This project is an MCP (Model Context Protocol) server for querying ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) techniques and tactics. It provides a way to access and retrieve information about various attack techniques and tactics used by adversaries.

Tools

The server provides the following tools:

  • query\_technique: This tool allows you to query ATT&CK techniques by ID or name.
    • * Arguments: * technique_id (string, optional): The ID of the technique to query. * tech_name (string, optional): The name (or partial name) of the technique to query. 支持名称模糊搜索。 * Example: - 按ID查询: 
            {
          "technique_id": "T1059.001"
        }
    - 按名称模糊搜索: 
            {
          "tech_name": "phishing"
        }
  • search\_technique\_full: 通过技术 ID 或名称查询攻击技术的所有详细信息,返回的数据包含 ID、名称、描述、适用平台、Kill Chain 阶段、参考资料、子技术及缓解措施。名称搜索返回格式为 { "results": [...], "count": N } 的字典,其中 results 为匹配技术完整数据列表。
    • * Arguments: * technique_id (string, optional): 要查询的技术ID。 * tech_name (string, optional): 技术名称关键字,支持模糊匹配。 * Example: - 按ID查询: 
            {
          "technique_id": "T1059.001"
        }
    - 按名称模糊搜索: 
            {
          "tech_name": "phishing"
        }
  • query\_mitigations: 查询技术的缓解措施
    • * Arguments: * technique_id (string, required): 要查询的技术ID * Example: 
            {
          "technique_id": "T1059.001"
        }
  • query\_detections: 查询技术的检测方法
    • * Arguments: * technique_id (string, required): 要查询的技术ID * Example: 
            {
          "technique_id": "T1059.001"
        }
  • list\_tactics: This tool allows you to retrieve a list of all ATT&CK tactics.
    • * Arguments: None
  • server_info: 返回服务与数据集的版本、维护者和Git信息。
    • * Arguments: None * Example: 
            {}

    Usage

    To use this MCP server, you need to have an MCP client configured to connect to it. Once connected, you can use the provided tools to query ATT&CK techniques and tactics.

    MCP Client 配置说明

    1. 本地 stdio 方式(推荐 Smithery/本地集成)

  • 直接运行:
    •   python main.py
  • 程序会自动选择 stdio 模式(默认或 ATTACK_MCP_MODE=stdio),适用于 Smithery、Cursor 等支持本地 MCP stdio 的客户端。
  • MCP 客户端配置服务类型为"local/stdio",无需指定端口。
  • 适用场景:Smithery 自动化、CI/CD、本地 AI Agent 集成。

    • 2. HTTP/Streamable 方式(远程/开发/调试)

  • 使用 CLI 参数切换模式:
    •   python main.py --mode http --host 0.0.0.0 --port 8081 --log-level info
  • 或通过环境变量控制:
    •   export ATTACK_MCP_MODE=http
  export ATTACK_MCP_HOST=0.0.0.0   # 可选,默认 0.0.0.0 或 $HOST
  export ATTACK_MCP_PORT=8081      # 可选,默认 8081 或 $PORT
  export ATTACK_MCP_LOG_LEVEL=info # 可选,默认 info
  python main.py
  • 运行后服务以 streamable HTTP 方式暴露,可在客户端配置服务类型为 "http",地址如 http://127.0.0.1:8081/mcp
  • 远程部署(如 Smithery Cloud)通常会提供 PORTMCP_TRANSPORT 环境变量,可直接运行 python main.py 即使用 HTTP。对于值为 streamingstreamablestreamable-httpstreamable HTTP transportstdioNotSupported 等新枚举的运行环境,程序会自动回退到 HTTP 模式,无需额外配置。
  • Smithery 等容器平台会通过 PORT(默认为 8081)告知监听端口;程序会自动读取该值并监听在 0.0.0.0:$PORT

  • 工具名称query_techniquesearch_technique_fullquery_mitigationsquery_detectionslist_tacticsserver_info
  • 参数示例
    • - 按ID查询技术: 
        {
      "technique_id": "T1059.001"
    }
    - 按名称模糊搜索技术: 
        {
      "tech_name": "phishing"
    }
    - 使用 search_technique_full 获取技术的完整详细信息: 
        {
      "tech_name": "phishing"
    }
    - 查询技术缓解措施: 
        {
      "technique_id": "T1059.001"
    }
    - 查询技术检测方法: 
        {
      "technique_id": "T1059.001"
    }
    - 查询战术列表: 
        {}
    - 查询服务与数据集信息: 
        {}

    > 具体的客户端配置方式请参考您的 MCP 客户端文档,将上述服务地址和工具名称填入对应位置即可。

    Installation

    1. Clone this repository. 2. Install the required dependencies using pip install -r requirements.txt. 3. Configure the MCP server in your MCP client.

    ATT&CK

    ATT&CK is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's attack lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risks against any specific technology or organization.

    快速启动

    方式一:直接用 Python 脚本运行(开发/调试推荐)

    1. 安装依赖(建议在虚拟环境中): 

       pip install -r requirements.txt
    2. 确保 enterprise-attack.json 数据集在项目根目录。 3. 启动服务(默认 stdio 模式,适用于本地客户端集成): 
       python main.py
    4. 如果需要以 HTTP 方式提供服务,请显式选择模式: 
       python main.py --mode http --host 127.0.0.1 --port 8081

    方式二:生产环境推荐(Docker 部署)

    #### Docker 1. 构建镜像: 

       docker build -t attack-mcp-server .
    2. 运行容器: 
       docker run -p 8081:8081 attack-mcp-server

    Related MCP Servers

    AI Research Assistant

    AI Research Assistant

    hamid-vakilzadeh

    AI Research Assistant provides comprehensive access to millions of academic papers through the Semantic Scholar and arXiv databases. This MCP server enables AI coding assistants to perform intelligent literature searches, citation network analysis, and paper content extraction without requiring an API key. Key features include: - Advanced paper search with multi-filter support by year ranges, citation thresholds, field of study, and publication type - Title matching with confidence scoring for finding specific papers - Batch operations supporting up to 500 papers per request - Citation analysis and network exploration for understanding research relationships - Full-text PDF extraction from arXiv and Wiley open-access content (Wiley TDM token required for institutional access) - Rate limits of 100 requests per 5 minutes with options to request higher limits through Semantic Scholar

    Web & Search
    12 8
    Linkup

    Linkup

    LinkupPlatform

    Linkup is a real-time web search and content extraction service that enables AI assistants to search the web and retrieve information from trusted sources. It provides source-backed answers with citations, making it ideal for fact-checking, news gathering, and research tasks. Key features of Linkup: - Real-time web search using natural language queries to find current information, news, and data - Page fetching to extract and read content from any webpage URL - Search depth modes: Standard for direct-answer queries and Deep for complex research across multiple sources - Source-backed results with citations and context from relevant, trustworthy websites - JavaScript rendering support for accessing dynamic content on JavaScript-heavy pages

    Web & Search
    2 24
    Math-MCP

    Math-MCP

    EthanHenrickson

    Math-MCP is a computation server that enables Large Language Models (LLMs) to perform accurate numerical calculations through the Model Context Protocol. It provides precise mathematical operations via a simple API to overcome LLM limitations in arithmetic and statistical reasoning. Key features of Math-MCP: - Basic arithmetic operations: addition, subtraction, multiplication, division, modulo, and bulk summation - Statistical analysis functions: mean, median, mode, minimum, and maximum calculations - Rounding utilities: floor, ceiling, and nearest integer rounding - Trigonometric functions: sine, cosine, tangent, and their inverses with degrees and radians conversion support

    Developer Tools
    22 81

    Built by @aellman

    Follow us:
    Advertise | Terms of Service | Privacy Policy

    2026 68 Ventures, LLC. All rights reserved.