Skip to main content

IoTSploit MCP runtime (FastMCP stdio server + WebSocket bridge), framework-free outer ring.

Project description

iotsploit-mcp

iotsploit-mcp exposes IoTSploit to external coding agents through MCP over streamable HTTP. It is intended to run on the IoTSploit rig, next to iotsploit-django, iotsploit-core, the plugin packages, and the attached hardware.

Commands

Start the MCP HTTP endpoint (the default; serves both the Django AI assistant and external agents):

export IOTSPLOIT_DJANGO_API_BASE_URL="http://127.0.0.1:8888"
iotsploit-mcp
iotsploit-mcp http --host 127.0.0.1 --port 9900

The MCP endpoint is http://<rig-host>:9900/mcp.

Bind to 127.0.0.1 for local use (the default). The HTTP endpoint does not require authentication in this MVP. If you expose the service beyond loopback (0.0.0.0 or a LAN address), protect it with a firewall, TLS/reverse proxy, or re-add authentication before sharing the rig.

Agent Config

Claude Code:

claude mcp add --transport http iotsploit http://<rig-host>:9900/mcp

Codex, Cursor, or generic MCP config:

{
  "mcpServers": {
    "iotsploit": {
      "type": "http",
      "url": "http://<rig-host>:9900/mcp"
    }
  }
}

Environment

  • IOTSPLOIT_MCP_HOST: optional default host for the MCP server.
  • IOTSPLOIT_MCP_PORT: optional default port for the MCP server.
  • IOTSPLOIT_DJANGO_API_BASE_URL: Django API base URL, default http://127.0.0.1:8888.
  • IOTSPLOIT_DJANGO_API_TOKEN: optional bearer token forwarded from MCP to Django.
  • IOTSPLOIT_DJANGO_API_TIMEOUT_S: Django request timeout in seconds.
  • IOTSPLOIT_MCP_LOG_TO_FILE: set to 1 to enable MCP file logging.

Current Tool Surface

This branch exposes a read-only HTTP-backed MVP:

  • System: system_status, system_health, list_urls
  • Plugins/groups: list_plugins, describe_plugin, list_groups
  • Drivers/devices: list_device_drivers, describe_driver, scan_devices, list_devices, device_info, get_driver_states
  • Targets: list_targets, get_current_target
  • Firmware: firmware_list, firmware_info
  • Fuzzer results: fuzzer_campaign_status, fuzzer_campaign_statistics, fuzzer_results_summary, fuzzer_artifacts
  • Tools/files: get_tools_status, get_tool_details, list_files
  • Local rig helper: list_serial_ports

Mutating and destructive tools are intentionally not exposed in this MVP. They require backend auth hardening and the two-key safety gate described in the implementation proposal.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iotsploit_mcp-0.0.7.tar.gz (12.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iotsploit_mcp-0.0.7-py3-none-any.whl (17.8 kB view details)

Uploaded Python 3

File details

Details for the file iotsploit_mcp-0.0.7.tar.gz.

File metadata

  • Download URL: iotsploit_mcp-0.0.7.tar.gz
  • Upload date:
  • Size: 12.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for iotsploit_mcp-0.0.7.tar.gz
Algorithm Hash digest
SHA256 47626116b5c2cabe30109d3a8ba11706250801a674320b27d6e4acfe7038fcbb
MD5 df29ebedf2edf54f7ad94c72dc833b9c
BLAKE2b-256 85abc29bc3ab044bfdcfe94221f42f72f8c23a5bb7278c5c4a229322af136ed3

See more details on using hashes here.

File details

Details for the file iotsploit_mcp-0.0.7-py3-none-any.whl.

File metadata

  • Download URL: iotsploit_mcp-0.0.7-py3-none-any.whl
  • Upload date:
  • Size: 17.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for iotsploit_mcp-0.0.7-py3-none-any.whl
Algorithm Hash digest
SHA256 7af6d6a42e5f540d53ed6762085b591e8041c1d5ca76158e679d174e162e711d
MD5 4b8634114d0f32e661745859e073bc4a
BLAKE2b-256 f45310c26c4722a5e2a41062b2cf37ab38fe08c2ae6d853f5d5499b3824e48fc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page