MetasploitMCP
MetasploitMCP is an MCP server that bridges MCP clients (e.g., Claude Desktop via STDIO or other MCP clients via HTTP/SSE) to the Metasploit Framework using the Metasploit RPC service (msfrpcd). It exposes MCP tools for discovering exploit/payload modules, running exploit/auxiliary/post modules, managing sessions and listeners, and generating payload files.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The tool enables powerful exploitation capabilities by bridging an MCP client to Metasploit RPC. README emphasizes responsible use but does not document MCP-level auth/authorization, fine-grained permissions, or rate limiting. TLS/transport security for the MCP HTTP/SSE mode is not described beyond an MSF_SSL=false env var for Metasploit RPC. Secrets are provided via environment variables (e.g., MSF_PASSWORD), which is a better practice than hardcoding, but no additional guidance is provided about logging/handling.
⚡ Reliability
Best When
In a segregated, permissioned testing lab where a user explicitly authorizes exploit execution and can review actions before they run.
Avoid When
When running in sensitive environments, without clear authorization, or as a publicly reachable service without strong network controls and operator oversight.
Use Cases
- • AI-assisted exploration of Metasploit modules (exploits, payloads)
- • Automating Metasploit exploitation workflows from an MCP-enabled assistant
- • Managing Metasploit sessions (run commands, terminate sessions)
- • Creating/managing handlers/listeners programmatically
- • Generating payloads via Metasploit RPC and saving them to disk
Not For
- • Unauthenticated/automated internet-facing deployment
- • Environments without explicit authorization for penetration testing
- • Production systems requiring strict change-control (post-exploitation alters systems)
- • Use as a general-purpose 'security scanner' without human review
Interface
Authentication
README indicates authentication is handled by msfrpcd using a password. No separate MCP-level auth is documented for the MCP server itself.
Pricing
Open-source (Apache-2.0). Operational cost depends on environment and any LLM/MCP client usage.
Agent Metadata
Known Gotchas
- ⚠ High-risk actions can be executed (run_exploit, run_post_module, start_listener). Ensure the agent/operator has strong gating and human approval.
- ⚠ Requires Metasploit RPC (msfrpcd) to be running and reachable; incorrect MSF_SERVER/MSF_PORT or password will break functionality.
- ⚠ If used with STDIO (e.g., Claude Desktop), ensure the client process environment variables (MSF_PASSWORD, PAYLOAD_SAVE_DIR) are set correctly.
- ⚠ Payload generation writes files locally; agents should avoid repeated payload generation that overwrites or fills disk.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for MetasploitMCP.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.