Metasploit MCP Server for AI assistants to interact with Metasploit Framework
Project description
Metasploit MCP Server
A Model Context Protocol (MCP) server for interacting with the Metasploit Framework.
Changelog
v1.6.4
- Bug Fix: Fixed invalid pymetasploit3 API parameters in
session.run_with_output()calls - Removed non-existent parameters:
terminating_strs,timeout_exception, andtimeout - Implemented proper timeout handling using
asyncio.wait_for()wrapper - Changed exception handling from
TimeoutErrortoasyncio.TimeoutError - This resolves compatibility issues with the pymetasploit3 library
v1.6.3
- Breaking Change: Changed default execution mode from async (
run_as_job: true) to sync (run_as_job: false) forrun_exploitandrun_post_modulefunctions - This resolves issues where async execution returned boolean values that caused "'bool' object is not subscriptable" errors
- Users can still explicitly set
run_as_job: truefor async execution when needed run_auxiliary_modulewas already defaulting to sync execution
Features
- List exploits and payloads
- Generate payloads
- Run exploits, post modules, and auxiliary modules
- Manage sessions and listeners
- Send commands to active sessions
Installation
pip install gc-metasploit
Or install with uvx:
uvx gc-metasploit
Usage
Ensure Metasploit RPC is running:
msfrpcd -P your_password -S -a 127.0.0.1
Then start the MCP server:
# As a command-line tool (HTTP/SSE mode by default):
gc-metasploit
# Or as a module:
python -m gc_metasploit.server
# Specify transport mode and options:
gc-metasploit --transport http --host 0.0.0.0 --port 8085
gc-metasploit --transport stdio
Transport Options
The server supports two transport methods:
- HTTP/SSE (Server-Sent Events): Default mode for interoperability with most MCP clients
- STDIO (Standard Input/Output): Used with Claude Desktop and similar direct pipe connections
For Claude Desktop integration, configure claude_desktop_config.json:
{
"mcpServers": {
"metasploit": {
"command": "gc-metasploit",
"args": [
"--transport",
"stdio"
],
"env": {
"MSF_PASSWORD": "yourpassword"
}
}
}
}
For other MCP clients that use HTTP/SSE:
-
Start the server in HTTP mode (default):
gc-metasploit --transport http --host 0.0.0.0 --port 8085
-
Configure your MCP client to connect to:
- SSE endpoint:
http://your-server-ip:8085/sse
- SSE endpoint:
Environment Variables
MSF_PASSWORD: Metasploit RPC password (default: 'yourpassword')MSF_SERVER: Metasploit RPC server (default: '127.0.0.1')MSF_PORT: Metasploit RPC port (default: '55553')MSF_SSL: Use SSL (default: 'false')PAYLOAD_SAVE_DIR: Directory to save generated payloads (default: '~/payloads')
License
Apache 2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gc_metasploit-1.6.4.tar.gz.
File metadata
- Download URL: gc_metasploit-1.6.4.tar.gz
- Upload date:
- Size: 21.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
63b6242f3dd1ff79b940d6a888957ed0a8cafd9c7a5e0d42b65640a76cdc8fda
|
|
| MD5 |
dc10fa5d5c0a15465cbd2d7b126f2768
|
|
| BLAKE2b-256 |
421b4e47f3a616ee582b5c17111da9561b5bf292de5c74556fc2ce1cba96cec0
|
File details
Details for the file gc_metasploit-1.6.4-py3-none-any.whl.
File metadata
- Download URL: gc_metasploit-1.6.4-py3-none-any.whl
- Upload date:
- Size: 22.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e49a3497ea20a4b3aa744f412311eebd5629996f5fe28bb8b2662ed7f53ccc8
|
|
| MD5 |
3ce7523d98404747d177b946fbc5f759
|
|
| BLAKE2b-256 |
38164142389d9b506ec7f8a6afb8e6c2bf077eaef10b03dc0b01fbb45534f63a
|
