CTF-agent
by wechicken456
Overview
AI assistant for solving Capture-The-Flag (CTF) cybersecurity challenges.
Installation
uv run mcp_server.pyEnvironment Variables
- PYTHON_CONTAINER_NAME
- WEB_CONTAINER_NAME
- NETWORK_CONTAINER_NAME
Security Notes
The server uses `subprocess.run(cmd, shell=True)` for many tools (e.g., `curl`, `xxd`, `exiftool`, `checksec`, `ropgadget`, `binwalk`, `gdb`, `one_gadget`, `libc_database`, `run_shell_command`, `run_ffuf_scan`), which introduces significant command injection risks if user inputs are not perfectly sanitized. The `run_python_script` tool allows arbitrary Python code execution, which is demonstrated as exploitable in `my_first_pwnie.py` with `eval(input())`. Docker containers are granted `NET_ADMIN` and `NET_RAW` capabilities, allowing extensive network manipulation. While these features are intended for a CTF solving agent, they make the server highly insecure for general-purpose use or in untrusted environments, posing a critical risk of host compromise if the underlying MCP communication is compromised or misused.
Similar Servers
gemini-cli
Provides an A2A (Agent-to-Agent) server for the Gemini CLI, enabling external agents to interact with and utilize the CLI's capabilities for executing tasks and accessing tools.
gemini-mcp-tool
A Model Context Protocol (MCP) server that enables AI assistants to interact with the Google Gemini CLI for comprehensive code and file analysis, structured edit suggestions, and creative brainstorming.
nova-llm
A full-stack LLM agent workflow with custom tool calling capabilities and configuration with Model Context Protocol (MCP) servers, supporting multiple Gemini models.
ctfd-mcp-server
Provides a Model Context Protocol (MCP) server to enable AI tools and automation to interact with the CTFd platform for challenge retrieval and flag submission.