IoTSploit MCP runtime (FastMCP stdio server + WebSocket bridge), framework-free outer ring.
Project description
iotsploit-mcp
iotsploit-mcp exposes IoTSploit to external coding agents through MCP over
streamable HTTP. It is intended to run on the IoTSploit rig, next to
iotsploit-django, iotsploit-core, the plugin packages, and the attached
hardware.
Commands
Start the MCP HTTP endpoint (the default; serves both the Django AI assistant and external agents):
export IOTSPLOIT_DJANGO_API_BASE_URL="http://127.0.0.1:8888"
iotsploit-mcp
iotsploit-mcp http --host 127.0.0.1 --port 9900
The MCP endpoint is http://<rig-host>:9900/mcp.
Bind to 127.0.0.1 for local use (the default). The HTTP endpoint does not
require authentication in this MVP. If you expose the service beyond loopback
(0.0.0.0 or a LAN address), protect it with a firewall, TLS/reverse proxy, or
re-add authentication before sharing the rig.
Agent Config
Claude Code:
claude mcp add --transport http iotsploit http://<rig-host>:9900/mcp
Codex, Cursor, or generic MCP config:
{
"mcpServers": {
"iotsploit": {
"type": "http",
"url": "http://<rig-host>:9900/mcp"
}
}
}
Environment
IOTSPLOIT_MCP_HOST: optional default host for the MCP server.IOTSPLOIT_MCP_PORT: optional default port for the MCP server.IOTSPLOIT_DJANGO_API_BASE_URL: Django API base URL, defaulthttp://127.0.0.1:8888.IOTSPLOIT_DJANGO_API_TOKEN: optional bearer token forwarded from MCP to Django.IOTSPLOIT_DJANGO_API_TIMEOUT_S: Django request timeout in seconds.IOTSPLOIT_MCP_LOG_TO_FILE: set to1to enable MCP file logging.
Current Tool Surface
This branch exposes a read-only HTTP-backed MVP:
- System:
system_status,system_health,list_urls - Plugins/groups:
list_plugins,describe_plugin,list_groups - Drivers/devices:
list_device_drivers,describe_driver,scan_devices,list_devices,device_info,get_driver_states - Targets:
list_targets,get_current_target - Firmware:
firmware_list,firmware_info - Fuzzer results:
fuzzer_campaign_status,fuzzer_campaign_statistics,fuzzer_results_summary,fuzzer_artifacts - Tools/files:
get_tools_status,get_tool_details,list_files - Local rig helper:
list_serial_ports
Mutating and destructive tools are intentionally not exposed in this MVP. They require backend auth hardening and the two-key safety gate described in the implementation proposal.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iotsploit_mcp-0.0.7.tar.gz.
File metadata
- Download URL: iotsploit_mcp-0.0.7.tar.gz
- Upload date:
- Size: 12.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47626116b5c2cabe30109d3a8ba11706250801a674320b27d6e4acfe7038fcbb
|
|
| MD5 |
df29ebedf2edf54f7ad94c72dc833b9c
|
|
| BLAKE2b-256 |
85abc29bc3ab044bfdcfe94221f42f72f8c23a5bb7278c5c4a229322af136ed3
|
File details
Details for the file iotsploit_mcp-0.0.7-py3-none-any.whl.
File metadata
- Download URL: iotsploit_mcp-0.0.7-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7af6d6a42e5f540d53ed6762085b591e8041c1d5ca76158e679d174e162e711d
|
|
| MD5 |
4b8634114d0f32e661745859e073bc4a
|
|
| BLAKE2b-256 |
f45310c26c4722a5e2a41062b2cf37ab38fe08c2ae6d853f5d5499b3824e48fc
|