attAck-mcp-server

alex-llm/attAck-mcp-server

3.3
security

If you are the rightful owner of attAck-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

attAck-mcp-server is an MCP server for querying ATT&CK techniques and tactics.

Tools
4
Resources
0
Prompts
0

attAck-mcp-server

This project is an MCP (Model Context Protocol) server for querying ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) techniques and tactics. It provides a way to access and retrieve information about various attack techniques and tactics used by adversaries.

Tools

The server provides the following tools:

  • query_technique: This tool allows you to query ATT&CK techniques by ID or name.
    • Arguments:
      • technique_id (string, optional): The ID of the technique to query.
      • tech_name (string, optional): The name (or partial name) of the technique to query. 支持名称模糊搜索。
    • Example:
      • 按ID查询:
      {
  "technique_id": "T1059.001"
}
      • 按名称模糊搜索:
      {
  "tech_name": "phishing"
}
  • search_technique_full: 通过技术 ID 或名称查询攻击技术的所有详细信息,返回的数据包含 ID、名称、描述、适用平台、Kill Chain 阶段、参考资料、子技术及缓解措施。名称搜索返回格式为 { "results": [...], "count": N } 的字典,其中 results 为匹配技术完整数据列表。
    • Arguments:
      • technique_id (string, optional): 要查询的技术ID。
      • tech_name (string, optional): 技术名称关键字,支持模糊匹配。
    • Example:
      • 按ID查询:
      {
  "technique_id": "T1059.001"
}
      • 按名称模糊搜索:
      {
  "tech_name": "phishing"
}
  • query_mitigations: 查询技术的缓解措施
    • Arguments:
      • technique_id (string, required): 要查询的技术ID
    • Example: 
      {
  "technique_id": "T1059.001"
}
  • query_detections: 查询技术的检测方法
    • Arguments:
      • technique_id (string, required): 要查询的技术ID
    • Example: 
      {
  "technique_id": "T1059.001"
}
  • list_tactics: This tool allows you to retrieve a list of all ATT&CK tactics.
    • Arguments: None
  • server_info: 返回服务与数据集的版本、维护者和Git信息。
    • Arguments: None
    • Example: 
      {}

Usage

To use this MCP server, you need to have an MCP client configured to connect to it. Once connected, you can use the provided tools to query ATT&CK techniques and tactics.

MCP Client 配置说明

1. 本地 stdio 方式(推荐 Smithery/本地集成)

  • 直接运行: 
    python main.py
  • 程序会自动选择 stdio 模式(默认或 ATTACK_MCP_MODE=stdio),适用于 Smithery、Cursor 等支持本地 MCP stdio 的客户端。
  • MCP 客户端配置服务类型为"local/stdio",无需指定端口。
  • 适用场景:Smithery 自动化、CI/CD、本地 AI Agent 集成。

2. HTTP/Streamable 方式(远程/开发/调试)

  • 使用 CLI 参数切换模式:

    python main.py --mode http --host 0.0.0.0 --port 8081 --log-level info

  • 或通过环境变量控制:

    export ATTACK_MCP_MODE=http
export ATTACK_MCP_HOST=0.0.0.0   # 可选,默认 0.0.0.0 或 $HOST
export ATTACK_MCP_PORT=8081      # 可选,默认 8081 或 $PORT
export ATTACK_MCP_LOG_LEVEL=info # 可选,默认 info
python main.py

  • 运行后服务以 streamable HTTP 方式暴露,可在客户端配置服务类型为 "http",地址如 http://127.0.0.1:8081/mcp

  • 远程部署(如 Smithery Cloud)通常会提供 PORTMCP_TRANSPORT 环境变量,可直接运行 python main.py 即使用 HTTP。对于值为 streamingstreamablestreamable-httpstreamable HTTP transportstdioNotSupported 等新枚举的运行环境,程序会自动回退到 HTTP 模式,无需额外配置。

  • Smithery 等容器平台会通过 PORT(默认为 8081)告知监听端口;程序会自动读取该值并监听在 0.0.0.0:$PORT

  • 工具名称query_techniquesearch_technique_fullquery_mitigationsquery_detectionslist_tacticsserver_info

  • 参数示例

    • 按ID查询技术: 
      {
  "technique_id": "T1059.001"
}
    • 按名称模糊搜索技术: 
      {
  "tech_name": "phishing"
}
    • 使用 search_technique_full 获取技术的完整详细信息: 
      {
  "tech_name": "phishing"
}
    • 查询技术缓解措施: 
      {
  "technique_id": "T1059.001"
}
    • 查询技术检测方法: 
      {
  "technique_id": "T1059.001"
}
    • 查询战术列表: 
      {}
    • 查询服务与数据集信息: 
      {}

具体的客户端配置方式请参考您的 MCP 客户端文档,将上述服务地址和工具名称填入对应位置即可。

Installation

  1. Clone this repository.
  2. Install the required dependencies using pip install -r requirements.txt.
  3. Configure the MCP server in your MCP client.

ATT&CK

ATT&CK is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's attack lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risks against any specific technology or organization.

快速启动

方式一:直接用 Python 脚本运行(开发/调试推荐)

  1. 安装依赖(建议在虚拟环境中): 
    pip install -r requirements.txt
  2. 确保 enterprise-attack.json 数据集在项目根目录。
  3. 启动服务(默认 stdio 模式,适用于本地客户端集成): 
    python main.py
  4. 如果需要以 HTTP 方式提供服务,请显式选择模式: 
    python main.py --mode http --host 127.0.0.1 --port 8081

方式二:生产环境推荐(Docker 部署)

Docker
  1. 构建镜像: 
    docker build -t attack-mcp-server .
  2. 运行容器: 
    docker run -p 8081:8081 attack-mcp-server

API 说明

  • /query_technique 通过ID或名称查询攻击技术详情(支持名称模糊搜索)
  • /search_technique_full 通过ID或名称查询攻击技术的完整详细信息(名称搜索返回匹配技术列表,包含子技术与缓解措施)
  • /query_mitigations 查询指定技术的缓解措施
  • /query_detections 查询指定技术的检测方法
  • /list_tactics 获取所有ATT&CK战术分类
  • /server_info 返回服务版本、数据集版本和Git信息

如有问题请联系维护者。

Related MCP Servers

View all security servers →
better-auth-mcp-server

better-auth-mcp-server

4.3

by nahmanmate

MCP Server for Authentication Management

security
gateway

gateway

4.0

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

databases
mcp

mcp

3.8

by semgrep

Semgrep MCP Server is a Model Context Protocol server that uses Semgrep to scan code for security vulnerabilities.

security
LitterBox

LitterBox

3.7

by BlackSnufkin

LitterBox is a controlled sandbox environment for security professionals to develop and test payloads, offering advanced analysis capabilities.

security
ida-pro-mcp

ida-pro-mcp

3.7

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools
win-cli-mcp-server

win-cli-mcp-server

3.7

by simon-ami

The Windows CLI MCP Server is a deprecated project designed for secure command-line interactions on Windows systems, providing controlled access to various shells and remote systems via SSH.

os_automation
volatility3-mcp

volatility3-mcp

3.6

by Kirandawadi

Volatility3 MCP Server is a tool that integrates MCP clients with the Volatility3 memory forensics framework, enabling LLMs to perform memory forensics tasks through a conversational interface.

security
code-sandbox-mcp

code-sandbox-mcp

3.6

by Automata-Labs-team

A secure sandbox environment for executing code within Docker containers. This MCP server provides AI applications with a safe and isolated environment for running code while maintaining security through containerization.

security
MCP-Kali-Server

MCP-Kali-Server

3.6

by Wh0am123

Kali MCP Server is a lightweight API bridge that connects MCP Clients to the API server, allowing execution of commands on a Linux terminal.

security
jadx-mcp-server

jadx-mcp-server

3.6

by zinja-coder

JADX-MCP-SERVER is a fully automated MCP server designed to work with the JADX-AI-MCP Plugin for analyzing Android APKs using LLMs like Claude.

ai_chatbot
risken-mcp-server

risken-mcp-server

3.6

by ca-risken

The RISKEN MCP Server is a Model Context Protocol server that integrates with RISKEN APIs for advanced automation and interaction.

ai_chatbot
Wazuh-MCP-Server

Wazuh-MCP-Server

3.5

by gensecaihq

Wazuh MCP Server is an AI-powered security operations platform that integrates conversational AI with traditional SIEM operations.

security
mcp-server-wazuh

mcp-server-wazuh

3.5

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

security
MCP2Lambda

MCP2Lambda

3.5

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms
remote-mcp-functions-dotnet

remote-mcp-functions-dotnet

3.5

by Azure-Samples

This document provides a quickstart guide to building and deploying a remote Model Context Protocol (MCP) server using Azure Functions with .NET/C#.

cloud_platforms
pentest-mcp

pentest-mcp

3.5

by DMontgomery40

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface, allowing security professionals to execute, chain, and analyze multiple tools through conversational commands.

security
jadx-mcp-plugin

jadx-mcp-plugin

3.5

by mobilehackinglab

The Jadx MCP Plugin provides a Java-based plugin for Jadx, exposing its API over HTTP to enable interaction with MCP clients like Claude, facilitating AI-assisted security analysis of Android apps.

security
VibeShift

VibeShift

3.5

by GroundNG

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants, acting as an automated security engineer to analyze code, identify vulnerabilities, and facilitate AI-driven remediation.

security
mythic_mcp

mythic_mcp

3.5

by xpn

Mythic MCP is a model context protocol server designed to facilitate automated penetration testing using LLMs.

security
GhidraMCP

GhidraMCP

3.5

by 13bm

A Ghidra plugin that implements the Model Context Protocol (MCP) for AI-assisted binary analysis.

developer_tools
aws-security-mcp

aws-security-mcp

3.5

by groovyBugify

AWS Security MCP is a Model Context Protocol server that allows AI assistants to autonomously inspect and analyze AWS infrastructure for security issues.

security
TriageMCP

TriageMCP

3.5

by eversinc33

TriageMCP is an MCP server designed to enable a Language Model (LLM) to perform basic static triage of Portable Executable (PE) files.

security
Snyk

Snyk

3.5

by snyk

MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.

security
mcp-security-audit

mcp-security-audit

3.5

by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities.

security
cve-search_mcp

cve-search_mcp

3.5

by roadwy

A Model Context Protocol (MCP) server for querying the CVE-Search API, providing access to CVE data, vendor and product browsing, and more.

security
mcp-oauth2-aws-cognito

mcp-oauth2-aws-cognito

3.5

by empires-security

This repository demonstrates how to secure a Model Context Protocol (MCP) server using OAuth 2.1 authorization flows with AWS Cognito, implemented entirely with Node.js and Express.js.

security
Basecamp-MCP-Server

Basecamp-MCP-Server

3.5

by georgeantonopoulos

This project provides a Model Context Protocol (MCP) integration for Basecamp 3, allowing Cursor to interact with Basecamp directly through the MCP protocol.

communication