RedTeam-MCP
mcp
Warn
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This framework provides an AI-powered autonomous red team and internal network penetration testing environment via the Model Context Protocol (MCP). It allows Large Language Models to directly control and execute offensive security tools.
Security Assessment
Risk: High. This tool is fundamentally designed to execute shell commands, perform aggressive network scanning, and run offensive exploitation tools (like Nuclei, Impacket, and fscan). The core purpose is to act as an automated "hacker." While the light code scan did not find hardcoded secrets or explicitly dangerous coding patterns within the repository's own 12 files, the tool is built to download, deploy, and execute third-party binaries for vulnerability exploitation and Active Directory attacks. This presents a massive inherent risk if integrated into any environment other than an isolated testing lab.
Quality Assessment
The project is very new and currently has low community visibility with only 6 GitHub stars, meaning it has not been broadly peer-reviewed. Although the repository is active (last updated today), it contains a discrepancy: the README displays an MIT license badge, but the automated audit found no actual license file in the repository. This means the legal usage terms are currently undefined, and community trust cannot be accurately gauged yet.
Verdict
Use with extreme caution — strictly limit installation to isolated sandbox environments meant for authorized security auditing.
This framework provides an AI-powered autonomous red team and internal network penetration testing environment via the Model Context Protocol (MCP). It allows Large Language Models to directly control and execute offensive security tools.
Security Assessment
Risk: High. This tool is fundamentally designed to execute shell commands, perform aggressive network scanning, and run offensive exploitation tools (like Nuclei, Impacket, and fscan). The core purpose is to act as an automated "hacker." While the light code scan did not find hardcoded secrets or explicitly dangerous coding patterns within the repository's own 12 files, the tool is built to download, deploy, and execute third-party binaries for vulnerability exploitation and Active Directory attacks. This presents a massive inherent risk if integrated into any environment other than an isolated testing lab.
Quality Assessment
The project is very new and currently has low community visibility with only 6 GitHub stars, meaning it has not been broadly peer-reviewed. Although the repository is active (last updated today), it contains a discrepancy: the README displays an MIT license badge, but the automated audit found no actual license file in the repository. This means the legal usage terms are currently undefined, and community trust cannot be accurately gauged yet.
Verdict
Use with extreme caution — strictly limit installation to isolated sandbox environments meant for authorized security auditing.
RedTeam-MCP: AI-Powered Autonomous Red Team Framework via Model Context Protocol. AI红队与内网渗透自动化框架,支持 gogo, fscan, httpx, nuclei, impacket, playwright 等 15+ 渗透工具,让 LLM 直接化身安全审计黑客。
README.md
RedTeam-MCP
AI-Powered Autonomous Red Team Framework
Let AI Become Your Security Audit Hacker
English · 中文 · Documentation · Quick Start
🎯 Overview
RedTeam-MCP is an AI-powered red team penetration testing framework based on Model Context Protocol (MCP). Through MCP, AI Agents can autonomously perform internal network penetration testing, Active Directory attacks, vulnerability exploitation, and other red team tasks.
Core Philosophy: No manual operation required. AI takes over all penetration tools for truly automated security testing.
✨ Key Features
| Feature | Description |
|---|---|
| 🚀 Plug & Play | 15+ tools auto-install, one-click Windows deployment |
| 🤖 AI-Driven | AI calls penetration tools directly via MCP |
| 💰 Token Optimized | Smart output compression, saves 80% tokens |
| 🛡️ Full AD Coverage | BloodHound + impacket + Responder full chain |
| 🌐 Multi-Client | Cursor, Claude Desktop, VS Code Cline |
🛠️ Tool Matrix
Network Scanning
| Tool | Function | Use Case |
|---|---|---|
| gogo | Fast asset discovery | Internal host detection |
| fscan | Comprehensive scanner | Port/vulnerability/weak password |
Web Security
| Tool | Function | Use Case |
|---|---|---|
| httpx | Web fingerprinting | Tech stack identification |
| nuclei | POC batch scanning | Known vulnerability detection |
| ffuf | Directory fuzzing | Web directory brute force |
Active Directory Attacks 🏆
| Tool | Function | Use Case |
|---|---|---|
| SharpHound | Windows collector | Domain data collection |
| bloodhound-python | Cross-platform collector | Linux/macOS data collection |
| GetNPUsers | AS-REP Roast | Enumerate no-preauth users |
| GetUserSPNs | Kerberoasting | Request SPN ticket cracking |
| secretsdump | LSASS Dump | Extract plaintext and hashes |
| ntlmrelayx | NTLM Relay | Relay attacks |
| pywerview | Domain enumeration | Users/computers/groups |
| ldapdomaindump | LDAP dump | Domain info snapshot |
Lateral Movement
| Tool | Function | Use Case |
|---|---|---|
| nxc | NetExec | SMB/WinRM/SSH |
| wmiexec | WMI execution | Fileless lateral |
| psexec | PSEXEC | Service execution |
Proxy & Credentials
| Tool | Function | Use Case |
|---|---|---|
| chisel | HTTP tunnel | Port forwarding |
| responder | LLMNR spoofing | Hash collection |
🚀 Quick Start
1️⃣ Requirements
Python 3.8+
Windows 10/11 or Linux/macOS
8GB+ RAM (recommended)
2️⃣ Installation
# Clone repository
git clone https://github.com/ktol1/RedTeam-MCP.git
cd RedTeam-MCP/redteam-server
# Create virtual environment
python -m venv venv
# Activate venv
# Windows PowerShell
.\venv\Scripts\Activate.ps1
# Linux/macOS
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Download binary tools (auto-downloads gogo, fscan, httpx, nuclei, etc.)
python install_tools.py
3️⃣ Configure MCP
Cursor IDE
Open Settings → Features → MCP Servers → Add New Server
{
"mcpServers": {
"RedTeam-MCP": {
"command": "D:\\RedTeam-MCP\\redteam-server\\venv\\Scripts\\python.exe",
"args": ["D:\\RedTeam-MCP\\redteam-server\\server.py"]
}
}
}
Claude Desktop
Edit %APPDATA%\Claude\claude_desktop_config.json:
{
"mcpServers": {
"RedTeam-MCP": {
"command": "D:\\RedTeam-MCP\\redteam-server\\venv\\Scripts\\python.exe",
"args": ["D:\\RedTeam-MCP\\redteam-server\\server.py"]
}
}
}
4️⃣ Start Using
Tell your AI:
🎯 Scan 192.168.1.0/24, find all Windows hosts and identify open services
🎯 Use SharpHound to collect corp.local domain info, analyze attack paths
🎯 Set up chisel proxy on 192.168.1.100 to access 10.10.10.0/24 network
🎯 Perform Kerberoasting attack on 192.168.1.50
📊 Architecture
┌─────────────────────────────────────────────────────────────────┐
│ │
│ ██████╗ ██████╗ ███████╗███╗ ███╗███████╗ ██████╗ ██╗ │
│ ██╔══██╗██╔══██╗██╔════╝████╗ ████║██╔════╝██╔═══██╗██║ │
│ ██████╔╝██████╔╝███████╗██╔████╔██║█████╗ ██║ ██║██║ │
│ ██╔═══╝ ██╔══██╗╚════██║██║╚██╔╝██║██╔══╝ ██║ ██║╚═╝ │
│ ██║ ██║ ██║███████║██║ ╚═╝ ██║███████╗╚██████╔╝██╗ │
│ ╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ │
│ │
│ Model Context Protocol │
│ │
└─────────────────────────────┬───────────────────────────────────┘
│
┌───────────────┼───────────────┐
│ │ │
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Cursor │ │ Claude │ │ Cline │
│ IDE │ │ Desktop │ │ (VS Code)│
└──────────┘ └──────────┘ └──────────┘
│ │ │
└───────────────┼───────────────┘
│
┌───────────────┴───────────────┐
│ │
▼ ▼
┌─────────────────────┐ ┌─────────────────────┐
│ MCP Server (Python)│ │ MCP Server (Node)│
│ │ │ │
│ ┌───────────────┐ │ │ ┌───────────────┐ │
│ │ server.py │ │ │ │ @playwright/mcp│ │
│ │ │ │ │ │ │ │
│ │ 17+ Tools │ │ │ │ Browser │ │
│ │ Output Opt │ │ │ │ Automation │ │
│ └───────────────┘ │ │ └───────────────┘ │
└─────────────────────┘ └─────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Tool Layer │
│ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ │
│ │ gogo │ │ fscan │ │ httpx │ │ nuclei │ │ Sharp │ │
│ └────────┘ └────────┘ └────────┘ └────────┘ │Hound.exe│ │
│ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ └────────┘ │
│ │ nxc │ │ chisel │ │impacket │ │responder│ │
│ └────────┘ └────────┘ └────────┘ └────────┘ │
└─────────────────────────────────────────────────────────────┘
🎯 AD Attack Flow
┌─────────────────────────────────────────────────────────────────┐
│ Attack Flow │
└─────────────────────────────────────────────────────────────────┘
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ Recon │ ───► │ Collection │ ───► │ Analysis │
└───────────────┘ └───────────────┘ └───────┬───────┘
│ │
▼ ▼
┌───────────────┐ ┌───────────────┐
│ gogo/fscan │ │ BloodHound GUI│
│ kerbrute │ │ attack_paths │
│ pywerview │ │ analysis.py │
└───────────────┘ └───────────────┘
│
┌───────────────┐ ┌───────────────┐ │
│ Attack │ ◄─── │ Lateral │ ◄─────────┘
└───────────────┘ └───────────────┘
│ │
▼ ▼
┌───────────────┐ ┌───────────────┐
│ Kerberoast │ │ nxc smb │
│ AS-REP Roast │ │ wmiexec │
│ secretsdump │ │ psexec │
│ ntlmrelayx │ │ getST │
└───────────────┘ └───────────────┘
📦 MCP Tools
| # | Tool | Function | Command |
|---|---|---|---|
| 1 | invoke_gogo |
Fast asset probe | gogo -t 100 -iL hosts.txt |
| 2 | invoke_fscan |
Network scanner | fscan -hf hosts.txt |
| 3 | invoke_httpx |
Web fingerprinting | httpx -l urls.txt -title |
| 4 | invoke_nuclei |
POC scanner | nuclei -l urls.txt -t vulnerabilities/ |
| 5 | invoke_ffuf |
Directory fuzzing | ffuf -w wordlist.txt -u URL/FUZZ |
| 6 | invoke_nxc |
Lateral movement | nxc smb 192.168.1.0/24 -u user -p pass |
| 7 | invoke_kerbrute |
Kerberos enum | kerbrute userenum -d domain users.txt |
| 8 | invoke_bloodhound_analysis |
BloodHound analysis | Parse JSON to attack report |
| 9 | invoke_powerview |
Domain enum | pywerview get-domain-user |
| 10 | invoke_ldapdomaindump |
LDAP dump | ldapdomaindump ldap://dc |
| 11 | invoke_responder |
LLMNR spoofing | responder -I eth0 |
| 12 | invoke_proxy_setup |
Proxy setup | chisel/nc/powershell |
| 13 | invoke_playwright |
Browser automation | screenshot/form/scraping |
| 14 | invoke_wmiexec |
WMI execution | impacket-wmiexec |
| 15 | invoke_psexec |
PSEXEC | impacket-psexec |
| 16 | invoke_secretsdump |
LSASS Dump | impacket-secretsdump |
| 17 | invoke_ntlmrelayx |
NTLM Relay | impacket-ntlmrelayx |
⚡ Token Optimization
| Optimization | Description | Savings |
|---|---|---|
| ANSI Removal | Strip terminal colors | ~15% |
| Whitespace | Merge blank lines | ~10% |
| Truncation | Max 8000 chars | ~50% |
| Progress Filter | Remove progress bars | ~20% |
| Total | ~80% |
📚 Documentation
| Document | Description |
|---|---|
| SKILL.md | Complete tool docs for AI agents |
| redteam-server/README.md | Server deployment guide |
🤝 Contributing
Issues and Pull Requests welcome!
MIT License · Copyright © 2024-2026 ktol1
If you find this useful, give it a ⭐ Star!
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found