Skip to main content

MCP server for Packmate — CTF network traffic analyzer

Project description

packmate-mcp

MCP server that exposes Packmate — a CTF network traffic analyzer — to LLM tooling like Claude Desktop or Claude Code.

Features

  • 16 tools across services, patterns, streams, packets, and pcap-file lifecycle.
  • Packet content formatting tuned for LLM consumption: transcript (auto text/hex with client→server markers), text, hex, python_bytes, base64.
  • Three-layer trimming (per-packet, total budget, packet count) to keep responses inside the LLM context window.
  • Pure async httpx client over Packmate's HTTP API + Basic Auth.
  • stdio transport — drop into Claude Desktop or Claude Code as a subprocess.

Install

uvx packmate-mcp        # ephemeral, recommended
# or
pip install packmate-mcp

Configure

All settings are env vars with the PACKMATE_MCP_ prefix:

Env var Default Description
PACKMATE_MCP_BASE_URL http://localhost:65000 Packmate base URL
PACKMATE_MCP_LOGIN (required) Basic auth login
PACKMATE_MCP_PASSWORD (required) Basic auth password
PACKMATE_MCP_TIMEOUT_SECONDS 30 HTTP request timeout
PACKMATE_MCP_LOG_LEVEL INFO DEBUG/INFO/WARNING/ERROR/CRITICAL

See .env.example for a starter template.

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %AppData%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "packmate": {
      "command": "uvx",
      "args": ["packmate-mcp"],
      "env": {
        "PACKMATE_MCP_BASE_URL": "http://localhost:65000",
        "PACKMATE_MCP_LOGIN": "BinaryBears",
        "PACKMATE_MCP_PASSWORD": "..."
      }
    }
  }
}

Restart Claude Desktop fully (Cmd+Q / tray → Quit), then look for the connector under the + menu.

Claude Code

claude mcp add packmate uvx packmate-mcp \
  --env PACKMATE_MCP_LOGIN=BinaryBears \
  --env PACKMATE_MCP_PASSWORD=...

Tools

See the design spec for the full list. Highlights:

  • get_stream(stream_id, content_format='transcript') — fetch a stream with packets pre-rendered. Most common entrypoint.
  • create_pattern + pattern_lookback + list_streams(pattern_id=…) — the native Packmate workflow for content search.
  • set_stream_favorite(stream_id, favorite=True/False) — pin interesting streams.
  • pcap_status / pcap_start — kick off pcap-file processing in FILE mode.

Development

git clone https://github.com/umbra2728/packmate-mcp
cd packmate-mcp
uv sync --dev
uv run pytest
uv run ruff check src tests
uv run mypy src

Manual smoke test against a real Packmate instance:

# in the Packmate repo
docker compose up -d
# back here
PACKMATE_MCP_LOGIN=BinaryBears PACKMATE_MCP_PASSWORD=123456 \
  uv run mcp dev src/packmate_mcp/server.py

This opens the MCP Inspector and lets you exercise each tool.

Releasing

This package ships to PyPI via Trusted Publishing. The workflow runs on any v*.*.* tag.

  1. Bump version in pyproject.toml.
  2. Add a ## [X.Y.Z] - YYYY-MM-DD section to CHANGELOG.md.
  3. Commit, tag, push:
git commit -am "Release vX.Y.Z"
git tag vX.Y.Z
git push --tags

One-time setup (not in repo state):

  • On PyPI → Account settings → Add a pending publisher with repo umbra2728/packmate-mcp, workflow release.yml, environment pypi.
  • On GitHub → repo → Settings → Environments → create pypi.

Related

  • firegex-mcp — sibling MCP server for Firegex (PCRE2 regex / proxy WAF).
  • ad-ctf-toolkit — Claude Code plugin that combines packmate-mcp and firegex-mcp with skills and sub-agents for Attack/Defense CTF rounds.

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

packmate_mcp-0.1.1.tar.gz (127.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

packmate_mcp-0.1.1-py3-none-any.whl (17.4 kB view details)

Uploaded Python 3

File details

Details for the file packmate_mcp-0.1.1.tar.gz.

File metadata

  • Download URL: packmate_mcp-0.1.1.tar.gz
  • Upload date:
  • Size: 127.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packmate_mcp-0.1.1.tar.gz
Algorithm Hash digest
SHA256 b992fa33fdcbbb397a6620d4519ab34b4e80643aa5da73a6c2683fc84f052f3b
MD5 108b31066a2972df9a51eb30dd174b62
BLAKE2b-256 fcb42c9f64af7416435aacbc52ee3fc6933b1f0def0cefe14742dc3ac047d3fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for packmate_mcp-0.1.1.tar.gz:

Publisher: release.yml on umbra2728/packmate-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file packmate_mcp-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: packmate_mcp-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 17.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packmate_mcp-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d8b12be49956389fdb7681580fc01d9eace953f0db14768b5f23a0170bb988f9
MD5 c9594bac77b7fff67ebf615319b95636
BLAKE2b-256 04345c707e2c30be866ad37e4a5d42ebb0cc656f280a6a541bbaf586c5f862bd

See more details on using hashes here.

Provenance

The following attestation bundles were made for packmate_mcp-0.1.1-py3-none-any.whl:

Publisher: release.yml on umbra2728/packmate-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page