MCP server providing access to Atomic Red Team security tests with search, validation, and creation capabilities
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Atomic Red Team MCP Server
An MCP (Model Context Protocol) server that provides access to Atomic Red Team tests.
Available Tools and Resources
The server provides the following MCP tools:
query_atomics- Search atomics by technique ID, name, description, or platformrefresh_atomics- Download latest atomics from GitHubvalidate_atomic- Validate atomic test YAMLget_validation_schema- Get the atomic test schemaexecute_atomic- Execute atomic tests (requiresART_EXECUTION_ENABLED=true)
And resources:
file://documents/{technique_id}- Read atomic test files by technique ID
Usage Examples
- "Search mshta atomics for windows"
- "Show me all the atomic tests for T1059.002"
- "Find all the applescript atomics for macOS"
- "Validate this atomic test YAML "
Installation
The Atomic Red Team MCP server can be installed in various development tools and AI assistants. Choose your platform below for detailed installation instructions:
Quick Start
Recommended: Using uvx
uvx atomic-red-team-mcp
Using Docker
docker run --rm -i ghcr.io/cyberbuff/atomic-red-team-mcp:latest
Platform-Specific Guides
- VSCode - Installation guide for VSCode
- Claude Desktop & Claude Code - Installation guide for Anthropic's Claude Desktop app and Claude Code CLI
- Cursor - Installation guide for Cursor IDE
- Windsurf - Installation guide for Windsurf editor
- Google AI Studio / Gemini - Installation guide for Google's AI tools
- Other Tools - Cline, Zed, and generic MCP clients
Installation Methods
Each platform supports multiple installation methods:
- uvx (Recommended) - Easiest setup, automatic updates
- Docker - Isolated environment, consistent across systems
- Remote Server ⚠️ - Hosted on Railway (free tier, may have limits)
Configuration
Environment Variables
Server Configuration
ART_MCP_TRANSPORT- Transport protocol (stdio, sse, streamable-http)ART_MCP_HOST- Server host address (default: 0.0.0.0)ART_MCP_PORT- Server port number (default: 8000)
Repository Configuration
ART_GITHUB_URL- GitHub URL for atomics repository (default: https://github.com)ART_GITHUB_USER- GitHub user/org (default: redcanaryco)ART_GITHUB_REPO- Repository name (default: atomic-red-team)ART_DATA_DIR- Local directory path where atomic test files are stored (default: ./atomics)
Security Configuration
ART_EXECUTION_ENABLED- Enable theexecute_atomictool (default: false). Set totrue,1, oryesto enable. ⚠️ WARNING: Only enable in controlled environments as this allows executing potentially dangerous security tests.- Enable Authentication if you are hosting a remote MCP server
Authentication Configuration
ART_AUTH_TOKEN- Static bearer token for authentication (optional, authentication disabled if not set)ART_AUTH_CLIENT_ID- Client identifier for authenticated requests (default: authorized-client)
Enabling Atomic Test Execution
By default, the execute_atomic tool is disabled for safety reasons. To enable it:
# Using uvx
ART_EXECUTION_ENABLED=true uvx atomic-red-team-mcp
⚠️ Security Warning: Only enable atomic test execution in controlled, isolated environments (like test VMs or sandboxes). These tests can modify system state, create files, execute commands, and perform actions that may be flagged as malicious by security tools.
Authentication
The server supports static token authentication for securing access to the MCP tools and resources. When enabled, clients must include a bearer token in the Authorization header:
Authorization: Bearer <your-token>
To enable authentication:
-
Set the
ART_AUTH_TOKENenvironment variable:export ART_AUTH_TOKEN="your-secure-token-here"
-
Start the server (authentication is automatically enabled)
-
Clients authenticate by including the token in requests:
curl -H "Authorization: Bearer your-secure-token-here" http://localhost:8000
Security Notes:
- Authentication is disabled by default (no token required)
- When
ART_AUTH_TOKENis set, all requests must include a valid bearer token - Use strong, randomly generated tokens in production
- Never commit tokens to version control
- For development/testing, use a simple token. For production, use a cryptographically secure token
Example with Docker:
docker run --rm -i \
-e ART_AUTH_TOKEN="my-secure-token" \
-e ART_AUTH_CLIENT_ID="my-client" \
ghcr.io/cyberbuff/atomic-red-team-mcp:latest
Built With
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file atomic_red_team_mcp-1.2.4.tar.gz.
File metadata
- Download URL: atomic_red_team_mcp-1.2.4.tar.gz
- Upload date:
- Size: 17.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9e3b33efe9e288ecbe6512e7ade55f0f26dbe3ea2ccaf61422ec8fb558743406
|
|
| MD5 |
f1353554ef9aad2aad4c0b5dba52c2f0
|
|
| BLAKE2b-256 |
f17d205ca02777e73ab43a6a72f67141738a1235f67da618aaa30d38b8d96963
|
Provenance
The following attestation bundles were made for atomic_red_team_mcp-1.2.4.tar.gz:
Publisher:
release.yml on cyberbuff/atomic-red-team-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
atomic_red_team_mcp-1.2.4.tar.gz -
Subject digest:
9e3b33efe9e288ecbe6512e7ade55f0f26dbe3ea2ccaf61422ec8fb558743406 - Sigstore transparency entry: 630746344
- Sigstore integration time:
-
Permalink:
cyberbuff/atomic-red-team-mcp@c7bea9c8817160c296785345f8b34a1006343fc3 -
Branch / Tag:
refs/tags/v1.2.4 - Owner: https://github.com/cyberbuff
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@c7bea9c8817160c296785345f8b34a1006343fc3 -
Trigger Event:
push
-
Statement type:
File details
Details for the file atomic_red_team_mcp-1.2.4-py3-none-any.whl.
File metadata
- Download URL: atomic_red_team_mcp-1.2.4-py3-none-any.whl
- Upload date:
- Size: 22.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
62ed6cd32883f61458abe7223d8f2a4548f768adfa4cb548a11708eb278a9496
|
|
| MD5 |
cd4e634bc1f94c8038b946ce1373cc6f
|
|
| BLAKE2b-256 |
3bd2ccb7738f07855b79d61e080ff8c0582efdeb86dd2b59935732d78436fd1f
|
Provenance
The following attestation bundles were made for atomic_red_team_mcp-1.2.4-py3-none-any.whl:
Publisher:
release.yml on cyberbuff/atomic-red-team-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
atomic_red_team_mcp-1.2.4-py3-none-any.whl -
Subject digest:
62ed6cd32883f61458abe7223d8f2a4548f768adfa4cb548a11708eb278a9496 - Sigstore transparency entry: 630746349
- Sigstore integration time:
-
Permalink:
cyberbuff/atomic-red-team-mcp@c7bea9c8817160c296785345f8b34a1006343fc3 -
Branch / Tag:
refs/tags/v1.2.4 - Owner: https://github.com/cyberbuff
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@c7bea9c8817160c296785345f8b34a1006343fc3 -
Trigger Event:
push
-
Statement type:
