mcp-attack
by ipninichuck
Overview
Provides a graph-based interface for the MITRE ATT&CK Framework, exposing tools for Large Language Models to search, traverse, and generate Navigator layers.
Installation
uv run python -m attack_mcp.mainSecurity Notes
The `generate_navigator_layer` tool allows the `filename` to be specified directly by the user/LLM. While `os.path.abspath` is used, it does not restrict the output file to a specific safe directory, potentially allowing an attacker to write files to arbitrary locations on the server's filesystem (e.g., via path traversal like `../../malicious.json`). This is a critical vulnerability if the client is untrusted or if an LLM is exploited to perform such an action.
Similar Servers
npcpy
Core library of the NPC Toolkit that supercharges natural language processing pipelines and agent tooling. It's a flexible framework for building state-of-the-art applications and conducting novel research with LLMs. Supports multi-agent systems, fine-tuning, reinforcement learning, genetic algorithms, model ensembling, and NumPy-like operations for AI models (NPCArray). Includes a built-in Flask server for deploying agent teams via REST APIs, and multimodal generation (image, video, audio).
Polymcp
A comprehensive TypeScript framework for building and orchestrating Model Context Protocol (MCP) servers and AI agents, enabling LLMs to intelligently discover, select, and execute external tools.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
mcp-server-cortex
This server acts as a bridge, exposing Cortex threat intelligence analysis capabilities as tools consumable by Model Context Protocol (MCP) clients, such as large language models (LLMs).