{"id":"gh05tcrew-metasploitmcp","name":"MetasploitMCP","homepage":null,"repo_url":"https://github.com/GH05TCREW/MetasploitMCP","category":"security","subcategories":[],"tags":["security","penetration-testing","metasploit","mcp","automation","exploit-management"],"what_it_does":"MetasploitMCP is an MCP server that bridges MCP clients (e.g., Claude Desktop via STDIO or other MCP clients via HTTP/SSE) to the Metasploit Framework using the Metasploit RPC service (msfrpcd). It exposes MCP tools for discovering exploit/payload modules, running exploit/auxiliary/post modules, managing sessions and listeners, and generating payload files.","use_cases":["AI-assisted exploration of Metasploit modules (exploits, payloads)","Automating Metasploit exploitation workflows from an MCP-enabled assistant","Managing Metasploit sessions (run commands, terminate sessions)","Creating/managing handlers/listeners programmatically","Generating payloads via Metasploit RPC and saving them to disk"],"not_for":["Unauthenticated/automated internet-facing deployment","Environments without explicit authorization for penetration testing","Production systems requiring strict change-control (post-exploitation alters systems)","Use as a general-purpose 'security scanner' without human review"],"best_when":"In a segregated, permissioned testing lab where a user explicitly authorizes exploit execution and can review actions before they run.","avoid_when":"When running in sensitive environments, without clear authorization, or as a publicly reachable service without strong network controls and operator oversight.","alternatives":["Direct Metasploit RPC API (msfrpcd) integration via custom client code","Other orchestration layers for Metasploit (community wrappers) that provide safer workflow gating","Manual use of Metasploit Framework console for highly controlled operations"],"af_score":47.5,"security_score":39.5,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:27:05.554660+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Metasploit RPC password authentication for msfrpcd (MSF_PASSWORD / -P)"],"oauth":false,"scopes":false,"notes":"README indicates authentication is handled by msfrpcd using a password. No separate MCP-level auth is documented for the MCP server itself."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source (Apache-2.0). Operational cost depends on environment and any LLM/MCP client usage."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":47.5,"security_score":39.5,"reliability_score":21.2,"mcp_server_quality":55.0,"documentation_accuracy":60.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":45.0,"scope_granularity":10.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"The tool enables powerful exploitation capabilities by bridging an MCP client to Metasploit RPC. README emphasizes responsible use but does not document MCP-level auth/authorization, fine-grained permissions, or rate limiting. TLS/transport security for the MCP HTTP/SSE mode is not described beyond an MSF_SSL=false env var for Metasploit RPC. Secrets are provided via environment variables (e.g., MSF_PASSWORD), which is a better practice than hardcoding, but no additional guidance is provided about logging/handling.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":0.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"Operations like running exploits/listeners/sessions are inherently non-idempotent; no idempotency guarantees are described.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["High-risk actions can be executed (run_exploit, run_post_module, start_listener). Ensure the agent/operator has strong gating and human approval.","Requires Metasploit RPC (msfrpcd) to be running and reachable; incorrect MSF_SERVER/MSF_PORT or password will break functionality.","If used with STDIO (e.g., Claude Desktop), ensure the client process environment variables (MSF_PASSWORD, PAYLOAD_SAVE_DIR) are set correctly.","Payload generation writes files locally; agents should avoid repeated payload generation that overwrites or fills disk."]}}