MCP server for Packmate — CTF network traffic analyzer
Project description
packmate-mcp
MCP server that exposes Packmate — a CTF network traffic analyzer — to LLM tooling like Claude Desktop or Claude Code.
Features
- 16 tools across services, patterns, streams, packets, and pcap-file lifecycle.
- Packet content formatting tuned for LLM consumption:
transcript(auto text/hex withclient→servermarkers),text,hex,python_bytes,base64. - Three-layer trimming (per-packet, total budget, packet count) to keep responses inside the LLM context window.
- Pure async
httpxclient over Packmate's HTTP API + Basic Auth. - stdio transport — drop into Claude Desktop or Claude Code as a subprocess.
Install
uvx packmate-mcp # ephemeral, recommended
# or
pip install packmate-mcp
Configure
All settings are env vars with the PACKMATE_MCP_ prefix:
| Env var | Default | Description |
|---|---|---|
PACKMATE_MCP_BASE_URL |
http://localhost:65000 |
Packmate base URL |
PACKMATE_MCP_LOGIN |
(required) | Basic auth login |
PACKMATE_MCP_PASSWORD |
(required) | Basic auth password |
PACKMATE_MCP_TIMEOUT_SECONDS |
30 |
HTTP request timeout |
PACKMATE_MCP_LOG_LEVEL |
INFO |
DEBUG/INFO/WARNING/ERROR/CRITICAL |
See .env.example for a starter template.
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %AppData%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"packmate": {
"command": "uvx",
"args": ["packmate-mcp"],
"env": {
"PACKMATE_MCP_BASE_URL": "http://localhost:65000",
"PACKMATE_MCP_LOGIN": "BinaryBears",
"PACKMATE_MCP_PASSWORD": "..."
}
}
}
}
Restart Claude Desktop fully (Cmd+Q / tray → Quit), then look for the connector under the + menu.
Claude Code
claude mcp add packmate uvx packmate-mcp \
--env PACKMATE_MCP_LOGIN=BinaryBears \
--env PACKMATE_MCP_PASSWORD=...
Tools
See the design spec for the full list. Highlights:
get_stream(stream_id, content_format='transcript')— fetch a stream with packets pre-rendered. Most common entrypoint.create_pattern+pattern_lookback+list_streams(pattern_id=…)— the native Packmate workflow for content search.set_stream_favorite(stream_id, favorite=True/False)— pin interesting streams.pcap_status/pcap_start— kick off pcap-file processing in FILE mode.
Development
git clone https://github.com/umbra2728/packmate-mcp
cd packmate-mcp
uv sync --dev
uv run pytest
uv run ruff check src tests
uv run mypy src
Manual smoke test against a real Packmate instance:
# in the Packmate repo
docker compose up -d
# back here
PACKMATE_MCP_LOGIN=BinaryBears PACKMATE_MCP_PASSWORD=123456 \
uv run mcp dev src/packmate_mcp/server.py
This opens the MCP Inspector and lets you exercise each tool.
Releasing
This package ships to PyPI via Trusted Publishing. The workflow runs on any v*.*.* tag.
- Bump
versioninpyproject.toml. - Add a
## [X.Y.Z] - YYYY-MM-DDsection toCHANGELOG.md. - Commit, tag, push:
git commit -am "Release vX.Y.Z"
git tag vX.Y.Z
git push --tags
One-time setup (not in repo state):
- On PyPI → Account settings → Add a pending publisher with repo
umbra2728/packmate-mcp, workflowrelease.yml, environmentpypi. - On GitHub → repo → Settings → Environments → create
pypi.
Related
- firegex-mcp — sibling MCP server for Firegex (PCRE2 regex / proxy WAF).
- ad-ctf-toolkit — Claude Code plugin that combines
packmate-mcpandfiregex-mcpwith skills and sub-agents for Attack/Defense CTF rounds.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file packmate_mcp-0.1.1.tar.gz.
File metadata
- Download URL: packmate_mcp-0.1.1.tar.gz
- Upload date:
- Size: 127.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b992fa33fdcbbb397a6620d4519ab34b4e80643aa5da73a6c2683fc84f052f3b
|
|
| MD5 |
108b31066a2972df9a51eb30dd174b62
|
|
| BLAKE2b-256 |
fcb42c9f64af7416435aacbc52ee3fc6933b1f0def0cefe14742dc3ac047d3fe
|
Provenance
The following attestation bundles were made for packmate_mcp-0.1.1.tar.gz:
Publisher:
release.yml on umbra2728/packmate-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
packmate_mcp-0.1.1.tar.gz -
Subject digest:
b992fa33fdcbbb397a6620d4519ab34b4e80643aa5da73a6c2683fc84f052f3b - Sigstore transparency entry: 1524603622
- Sigstore integration time:
-
Permalink:
umbra2728/packmate-mcp@bdfc27067430b6735dfc518811c18a19c0b45c56 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/umbra2728
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@bdfc27067430b6735dfc518811c18a19c0b45c56 -
Trigger Event:
push
-
Statement type:
File details
Details for the file packmate_mcp-0.1.1-py3-none-any.whl.
File metadata
- Download URL: packmate_mcp-0.1.1-py3-none-any.whl
- Upload date:
- Size: 17.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d8b12be49956389fdb7681580fc01d9eace953f0db14768b5f23a0170bb988f9
|
|
| MD5 |
c9594bac77b7fff67ebf615319b95636
|
|
| BLAKE2b-256 |
04345c707e2c30be866ad37e4a5d42ebb0cc656f280a6a541bbaf586c5f862bd
|
Provenance
The following attestation bundles were made for packmate_mcp-0.1.1-py3-none-any.whl:
Publisher:
release.yml on umbra2728/packmate-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
packmate_mcp-0.1.1-py3-none-any.whl -
Subject digest:
d8b12be49956389fdb7681580fc01d9eace953f0db14768b5f23a0170bb988f9 - Sigstore transparency entry: 1524603631
- Sigstore integration time:
-
Permalink:
umbra2728/packmate-mcp@bdfc27067430b6735dfc518811c18a19c0b45c56 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/umbra2728
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@bdfc27067430b6735dfc518811c18a19c0b45c56 -
Trigger Event:
push
-
Statement type: