Back to Home
consigcody94 icon

metasploit-mcp-server

Verified Safe

by consigcody94

View Source

Overview

Provides AI agents with secure, controlled access to Metasploit Framework for authorized penetration testing, security research, and CTF challenges.

Installation

Run Command
metasploit-mcp serve --password yourpassword

Environment Variables

  • METASPLOIT_MCP_MSF_HOST
  • METASPLOIT_MCP_MSF_PORT
  • METASPLOIT_MCP_MSF_PASSWORD
  • METASPLOIT_MCP_MSF_USERNAME
  • METASPLOIT_MCP_MSF_SSL
  • METASPLOIT_MCP_MSF_SSL_VERIFY
  • METASPLOIT_MCP_MSF_TOKEN
  • METASPLOIT_MCP_MSF_URI
  • METASPLOIT_MCP_CONNECTION_TIMEOUT
  • METASPLOIT_MCP_REQUEST_TIMEOUT
  • METASPLOIT_MCP_MAX_RETRIES
  • METASPLOIT_MCP_RETRY_DELAY
  • METASPLOIT_MCP_RATE_LIMIT_ENABLED
  • METASPLOIT_MCP_RATE_LIMIT_CALLS
  • METASPLOIT_MCP_RATE_LIMIT_PERIOD
  • METASPLOIT_MCP_SERVER_NAME
  • METASPLOIT_MCP_SERVER_VERSION
  • METASPLOIT_MCP_AUTH_MODE
  • METASPLOIT_MCP_AUTH_TOKEN
  • METASPLOIT_MCP_ALLOWED_MODULES
  • METASPLOIT_MCP_BLOCKED_MODULES
  • METASPLOIT_MCP_MAX_CONCURRENT_SESSIONS
  • METASPLOIT_MCP_SESSION_TIMEOUT
  • METASPLOIT_MCP_LOG_LEVEL
  • METASPLOIT_MCP_LOG_FILE
  • METASPLOIT_MCP_LOG_JSON
  • METASPLOIT_MCP_ENABLE_EXPLOIT_TOOLS
  • METASPLOIT_MCP_ENABLE_PAYLOAD_TOOLS
  • METASPLOIT_MCP_ENABLE_AUXILIARY_TOOLS
  • METASPLOIT_MCP_ENABLE_POST_TOOLS
  • METASPLOIT_MCP_ENABLE_SESSION_TOOLS
  • METASPLOIT_MCP_ENABLE_DB_TOOLS
  • METASPLOIT_MCP_REQUIRE_CONFIRMATION
  • METASPLOIT_MCP_DRY_RUN_MODE
  • METASPLOIT_MCP_AUDIT_LOGGING

Security Notes

The server is built with a strong emphasis on security. It uses pydantic's SecretStr for sensitive credentials, includes dry-run mode, module whitelisting/blacklisting, rate limiting, and comprehensive audit logging. SSL/TLS is supported for RPC communication. The default setting for `msf_ssl_verify=False` is noted as a potential risk for MITM if not explicitly set to `True` with trusted CAs, though it's typical for lab environments with self-signed certificates.

Similar Servers

tfmcp

350

A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.

Other
9
$Medium

pentestMCP

32

This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.

Other
2
$High

mcp-zap-server

30

Orchestrates OWASP ZAP security scanning actions (spider, active scan, OpenAPI import, reporting) via the Model Context Protocol, enabling AI agents like Claude Desktop or Cursor to perform security testing.

Other
9
$Low

mcp-security-scanner

18

A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.

8
$Medium

Stats

Interest Score0
Security Score9
Cost ClassLow
Avg Tokens750
Stars0
Forks0
Last Update2025-12-01

Tags

MetasploitAI AgentsPenetration TestingSecurityModel Context Protocol