Cobalt Strike MCP Server - provides access to Cobalt Strike API operations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for chatflowdev1208 from gravatar.com chatflowdev1208

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.8
Report project as malware

Project description

Cobalt Strike MCP Server

An MCP (Model Context Protocol) server that provides access to Cobalt Strike API operations.

Features

  • Automatic Authentication: Authenticates with Cobalt Strike API and manages bearer token
  • Dynamic Tool Generation: Automatically creates MCP tools from the OpenAPI specification
  • Full API Coverage: Exposes all Cobalt Strike API operations as MCP tools

Setup

  1. Install dependencies:
pip install -r requirements.txt
  1. Configure environment variables (copy .env.example to .env and edit):
cp .env.example .env
  1. Set your Cobalt Strike credentials:
export CS_BASE_URL="https://your-cs-server:50443"
export CS_USERNAME="your-username"
export CS_PASSWORD="your-password"
export CS_VERIFY_SSL="false"  # Set to "true" if using valid SSL cert

Usage

Running the Server

python server.py

Using with MCP Client

Add to your MCP client configuration (e.g., Claude Desktop):

{
  "mcpServers": {
    "cobalt-strike": {
      "command": "python",
      "args": ["/path/to/CS-MCP/server.py"],
      "env": {
        "CS_BASE_URL": "https://your-cs-server:50443",
        "CS_USERNAME": "your-username",
        "CS_PASSWORD": "your-password",
        "CS_VERIFY_SSL": "false"
      }
    }
  }
}

How It Works

  1. Authentication: On startup, the server authenticates with /api/auth/login and retrieves a bearer token
  2. API Client Initialization: Creates an HTTP client with the bearer token in the Authorization header
  3. OpenAPI Spec Loading: Fetches the OpenAPI specification from /v3/api-docs
  4. Tool Generation: Dynamically creates MCP tools for each API operation
  5. Request Handling: Routes tool calls to the appropriate API endpoints with proper authentication

Environment Variables

  • CS_BASE_URL: Base URL of the Cobalt Strike server
  • CS_USERNAME: Username for authentication (required)
  • CS_PASSWORD: Password for authentication (required)
  • CS_VERIFY_SSL: Whether to verify SSL certificates (default: false)

Security Notes

  • Store credentials securely (use environment variables, not hardcoded values)
  • Consider using SSL certificate verification in production (CS_VERIFY_SSL=true)
  • The bearer token is managed automatically and refreshed as needed

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for chatflowdev1208 from gravatar.com chatflowdev1208

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

This version

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2.tar.gz (27.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2-py3-none-any.whl (32.7 kB view details)

Uploaded Python 3

File details

Details for the file iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2.tar.gz.

File metadata

  • Download URL: iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2.tar.gz
  • Upload date:
  • Size: 27.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2.tar.gz
Algorithm Hash digest
SHA256 b6646f254c9b8926e49f2568be290701c444acb117969bb40fae4761ef2122ea
MD5 0592cebadd1899e743261bda66ecdf0f
BLAKE2b-256 1cc42374260c4500183e414033a8e770a8be5279c08b527f6e46aa1cfa29e179

See more details on using hashes here.

File details

Details for the file iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 32.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for iflow_mcp_ibaic_cobalt_strike_mcp-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 f8d09b70a195993d37803830cdef9ed2dc1776b1e28d8e0b7cfbb9db23474a4b
MD5 02e496af8a5e5d31a9f9a196c790d4a0
BLAKE2b-256 49ddf97e4517f0278bbcbb6c4afb86710aa4f0343bd9d4aa4570942a06dd5cf3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page