MCP server providing access to Atomic Red Team security tests with search, validation, and creation capabilities

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cyberbuff from gravatar.com cyberbuff

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: cyberbuff
  • Tags atomic-red-team , mcp
  • Requires: Python >=3.10
Report project as malware

Project description

Atomic Red Team MCP Server

An MCP (Model Context Protocol) server that provides access to Atomic Red Team tests.

Available Tools and Resources

The server provides the following MCP tools:

  • query_atomics - Search atomics by technique ID, name, description, or platform
  • refresh_atomics - Download latest atomics from GitHub
  • validate_atomic - Validate atomic test YAML
  • get_validation_schema - Get the atomic test schema
  • execute_atomic - Execute atomic tests (requires ENABLE_ATOMIC_EXECUTION=true)

And resources:

  • file://documents/{technique_id} - Read atomic test files by technique ID

Usage Examples

  • "Search mshta atomics for windows"
  • "Show me all the atomic tests for T1059.002"
  • "Find all the applescript atomics for macOS"
  • "Validate this atomic test YAML "

Installation

The Atomic Red Team MCP server can be installed in various development tools and AI assistants. Choose your platform below for detailed installation instructions:

Quick Start

Recommended: Using uvx

uvx atomic-red-team-mcp

Using Docker

docker run --rm -i ghcr.io/cyberbuff/atomic-red-team-mcp:latest

Platform-Specific Guides

Installation Methods

Each platform supports multiple installation methods:

  1. uvx (Recommended) - Easiest setup, automatic updates
  2. Docker - Isolated environment, consistent across systems
  3. Remote Server ⚠️ - Hosted on Railway (free tier, may have limits)

Configuration

Environment Variables

Server Configuration

  • MCP_TRANSPORT - Transport protocol (stdio, sse, streamable-http)

Repository Configuration

  • GITHUB_URL - GitHub URL for atomics repository (default: https://github.com)
  • GITHUB_USER - GitHub user/org (default: redcanaryco)
  • GITHUB_REPO - Repository name (default: atomic-red-team)

Security Configuration

  • ENABLE_ATOMIC_EXECUTION - Enable the execute_atomic tool (default: false). Set to true, 1, or yes to enable. ⚠️ WARNING: Only enable in controlled environments as this allows executing potentially dangerous security tests.
  • Enable Authentication if you are hosting a remote MCP server

Authentication Configuration

  • MCP_AUTH_TOKEN - Static bearer token for authentication (optional, authentication disabled if not set)
  • MCP_AUTH_CLIENT_ID - Client identifier for authenticated requests (default: authorized-client)

Enabling Atomic Test Execution

By default, the execute_atomic tool is disabled for safety reasons. To enable it:

# Using uvx
ENABLE_ATOMIC_EXECUTION=true uvx atomic-red-team-mcp

⚠️ Security Warning: Only enable atomic test execution in controlled, isolated environments (like test VMs or sandboxes). These tests can modify system state, create files, execute commands, and perform actions that may be flagged as malicious by security tools.

Authentication

The server supports static token authentication for securing access to the MCP tools and resources. When enabled, clients must include a bearer token in the Authorization header:

Authorization: Bearer <your-token>

To enable authentication:

  1. Set the MCP_AUTH_TOKEN environment variable:

    export MCP_AUTH_TOKEN="your-secure-token-here"

  2. Start the server (authentication is automatically enabled)

  3. Clients authenticate by including the token in requests:

    curl -H "Authorization: Bearer your-secure-token-here" http://localhost:8000

Security Notes:

  • Authentication is disabled by default (no token required)
  • When MCP_AUTH_TOKEN is set, all requests must include a valid bearer token
  • Use strong, randomly generated tokens in production
  • Never commit tokens to version control
  • For development/testing, use a simple token. For production, use a cryptographically secure token

Example with Docker:

docker run --rm -i \
  -e MCP_AUTH_TOKEN="my-secure-token" \
  -e MCP_AUTH_CLIENT_ID="my-client" \
  ghcr.io/cyberbuff/atomic-red-team-mcp:latest

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cyberbuff from gravatar.com cyberbuff

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: cyberbuff
  • Tags atomic-red-team , mcp
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

1.3.2

1.3.1

1.2.6

1.2.5

1.2.4

1.2.3

1.2.1

1.2.0

This version

1.1.0

1.0.1

1.0.0

0.1.3

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

atomic_red_team_mcp-1.1.0.tar.gz (14.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

atomic_red_team_mcp-1.1.0-py3-none-any.whl (23.6 kB view details)

Uploaded Python 3

File details

Details for the file atomic_red_team_mcp-1.1.0.tar.gz.

File metadata

  • Download URL: atomic_red_team_mcp-1.1.0.tar.gz
  • Upload date:
  • Size: 14.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for atomic_red_team_mcp-1.1.0.tar.gz
Algorithm Hash digest
SHA256 a758aaaa76c55e5ec425dd9f91d772bc4845d8afb1ee51ab38205e309fe4359b
MD5 bb337687041b67e081dc44c934883f80
BLAKE2b-256 d794c405b47fb29e91c5b2c7a35bc7b654684bf02124c0a9bbf1e3185130a9b1

See more details on using hashes here.

Provenance

The following attestation bundles were made for atomic_red_team_mcp-1.1.0.tar.gz:

Publisher: release.yml on cyberbuff/atomic-red-team-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file atomic_red_team_mcp-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for atomic_red_team_mcp-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6d969e8b1735d803da4a6df58be41691858fd0a9138403fbe2e3771ecd047c4c
MD5 ca238e53e18501ad340cc7abddb4698e
BLAKE2b-256 e91519e8bc64d59d791e0dfac8bce50fe9eeaad48ddf9e6801d906402494366b

See more details on using hashes here.

Provenance

The following attestation bundles were made for atomic_red_team_mcp-1.1.0-py3-none-any.whl:

Publisher: release.yml on cyberbuff/atomic-red-team-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page