{"id":"gh05tcrew-metasploitmcp","name":"MetasploitMCP","af_score":47.5,"security_score":39.5,"reliability_score":21.2,"what_it_does":"MetasploitMCP is an MCP server that bridges MCP clients (e.g., Claude Desktop via STDIO or other MCP clients via HTTP/SSE) to the Metasploit Framework using the Metasploit RPC service (msfrpcd). It exposes MCP tools for discovering exploit/payload modules, running exploit/auxiliary/post modules, managing sessions and listeners, and generating payload files.","best_when":"In a segregated, permissioned testing lab where a user explicitly authorizes exploit execution and can review actions before they run.","avoid_when":"When running in sensitive environments, without clear authorization, or as a publicly reachable service without strong network controls and operator oversight.","last_evaluated":"2026-03-30T13:27:05.554660+00:00","has_mcp":true,"has_api":false,"auth_methods":["Metasploit RPC password authentication for msfrpcd (MSF_PASSWORD / -P)"],"has_free_tier":false,"known_gotchas":["High-risk actions can be executed (run_exploit, run_post_module, start_listener). Ensure the agent/operator has strong gating and human approval.","Requires Metasploit RPC (msfrpcd) to be running and reachable; incorrect MSF_SERVER/MSF_PORT or password will break functionality.","If used with STDIO (e.g., Claude Desktop), ensure the client process environment variables (MSF_PASSWORD, PAYLOAD_SAVE_DIR) are set correctly.","Payload generation writes files locally; agents should avoid repeated payload generation that overwrites or fills disk."],"error_quality":0.0}