Cobalt Strike MCP Server

execute.ts•12.9 kB

/** * Advanced execute operation-related MCP tools */ import { Tool } from '@modelcontextprotocol/sdk/types.js'; import { CobaltStrikeClient } from '../api/client.js'; export function createExecuteTools(client: CobaltStrikeClient): Tool[] { return [ { name: 'execute_kill_process', description: 'Kill a process by PID', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, pid: { type: 'number', description: 'Process ID to kill', minimum: 0, }, }, required: ['beaconId', 'pid'], }, }, { name: 'execute_clipboard', description: 'Get clipboard contents', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_setenv', description: 'Set an environment variable', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, name: { type: 'string', description: 'Environment variable name', }, value: { type: 'string', description: 'Environment variable value', }, }, required: ['beaconId', 'name', 'value'], }, }, { name: 'execute_timestomp', description: 'Modify file timestamps', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, file: { type: 'string', description: 'File path', }, accessTime: { type: 'string', description: 'Access time (optional)', }, modifyTime: { type: 'string', description: 'Modify time (optional)', }, }, required: ['beaconId', 'file'], }, }, { name: 'execute_checkin', description: 'Force beacon to check in immediately', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_exit', description: 'Exit the beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_reg_query', description: 'Query registry key', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, path: { type: 'string', description: 'Registry path (e.g., HKLM\\Software\\Microsoft)', }, }, required: ['beaconId', 'path'], }, }, { name: 'execute_reg_queryv', description: 'Query registry value', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, path: { type: 'string', description: 'Registry path', }, value: { type: 'string', description: 'Value name', }, }, required: ['beaconId', 'path', 'value'], }, }, { name: 'execute_beacon_info', description: 'Get beacon information', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_get_uid', description: 'Get user ID', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_job_stop', description: 'Stop a job', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, jobId: { type: 'string', description: 'Job ID to stop', }, }, required: ['beaconId', 'jobId'], }, }, { name: 'execute_kerberos_ticket_purge', description: 'Purge Kerberos tickets', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_kerberos_ticket_use', description: 'Use a Kerberos ticket', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, ticket: { type: 'string', description: 'Kerberos ticket (base64 encoded)', }, }, required: ['beaconId', 'ticket'], }, }, { name: 'execute_powershell_import', description: 'Import PowerShell module', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, module: { type: 'string', description: 'PowerShell module content or path', }, }, required: ['beaconId', 'module'], }, }, { name: 'execute_net_domain', description: 'Get domain information', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_browserpivot_stop', description: 'Stop browser pivot', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_cancel_file_download', description: 'Cancel file download', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, fileId: { type: 'string', description: 'File download ID to cancel', }, }, required: ['beaconId', 'fileId'], }, }, { name: 'execute_socks_stop_all', description: 'Stop all SOCKS proxies', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'execute_socks_stop_port', description: 'Stop SOCKS proxy on specific port', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, port: { type: 'number', description: 'Port number', minimum: 1, maximum: 65535, }, }, required: ['beaconId', 'port'], }, }, ]; } export async function handleExecuteTool( name: string, args: any, client: CobaltStrikeClient ): Promise<string> { switch (name) { case 'execute_kill_process': const killResult = await client.executeKillProcess(args.beaconId, args.pid); return JSON.stringify({ taskId: killResult, message: 'Kill process command submitted' }, null, 2); case 'execute_clipboard': const clipboardResult = await client.executeClipboard(args.beaconId); return JSON.stringify({ taskId: clipboardResult, message: 'Get clipboard command submitted' }, null, 2); case 'execute_setenv': const setenvResult = await client.executeSetEnv(args.beaconId, args.name, args.value); return JSON.stringify({ taskId: setenvResult, message: 'Set environment variable command submitted' }, null, 2); case 'execute_timestomp': const timestompResult = await client.executeTimestomp(args.beaconId, args.file, args.accessTime, args.modifyTime); return JSON.stringify({ taskId: timestompResult, message: 'Timestomp command submitted' }, null, 2); case 'execute_checkin': const checkinResult = await client.executeCheckIn(args.beaconId); return JSON.stringify({ taskId: checkinResult, message: 'Force check-in command submitted' }, null, 2); case 'execute_exit': const exitResult = await client.executeExit(args.beaconId); return JSON.stringify({ taskId: exitResult, message: 'Exit beacon command submitted' }, null, 2); case 'execute_reg_query': const regQueryResult = await client.executeRegQuery(args.beaconId, args.path); return JSON.stringify({ taskId: regQueryResult, message: 'Registry query command submitted' }, null, 2); case 'execute_reg_queryv': const regQueryvResult = await client.executeRegQueryV(args.beaconId, args.path, args.value); return JSON.stringify({ taskId: regQueryvResult, message: 'Registry query value command submitted' }, null, 2); case 'execute_beacon_info': const beaconInfoResult = await client.executeBeaconInfo(args.beaconId); return JSON.stringify({ taskId: beaconInfoResult, message: 'Beacon info command submitted' }, null, 2); case 'execute_get_uid': const getUidResult = await client.executeGetUid(args.beaconId); return JSON.stringify({ taskId: getUidResult, message: 'Get UID command submitted' }, null, 2); case 'execute_job_stop': const jobStopResult = await client.executeJobStop(args.beaconId, args.jobId); return JSON.stringify({ taskId: jobStopResult, message: 'Stop job command submitted' }, null, 2); case 'execute_kerberos_ticket_purge': const kerberosPurgeResult = await client.executeKerberosTicketPurge(args.beaconId); return JSON.stringify({ taskId: kerberosPurgeResult, message: 'Purge Kerberos tickets command submitted' }, null, 2); case 'execute_kerberos_ticket_use': const kerberosUseResult = await client.executeKerberosTicketUse(args.beaconId, args.ticket); return JSON.stringify({ taskId: kerberosUseResult, message: 'Use Kerberos ticket command submitted' }, null, 2); case 'execute_powershell_import': const psImportResult = await client.executePowerShellImport(args.beaconId, args.module); return JSON.stringify({ taskId: psImportResult, message: 'Import PowerShell module command submitted' }, null, 2); case 'execute_net_domain': const netDomainResult = await client.executeNetDomain(args.beaconId); return JSON.stringify({ taskId: netDomainResult, message: 'Get domain info command submitted' }, null, 2); case 'execute_browserpivot_stop': const browserPivotStopResult = await client.executeBrowserPivotStop(args.beaconId); return JSON.stringify({ taskId: browserPivotStopResult, message: 'Stop browser pivot command submitted' }, null, 2); case 'execute_cancel_file_download': const cancelDownloadResult = await client.executeCancelFileDownload(args.beaconId, args.fileId); return JSON.stringify({ taskId: cancelDownloadResult, message: 'Cancel file download command submitted' }, null, 2); case 'execute_socks_stop_all': const socksStopAllResult = await client.executeSOCKSStopAll(args.beaconId); return JSON.stringify({ taskId: socksStopAllResult, message: 'Stop all SOCKS proxies command submitted' }, null, 2); case 'execute_socks_stop_port': const socksStopPortResult = await client.executeSOCKSStopPort(args.beaconId, args.port); return JSON.stringify({ taskId: socksStopPortResult, message: 'Stop SOCKS proxy on port command submitted' }, null, 2); default: throw new Error(`Unknown execute tool: ${name}`); } }

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MickeyDB/Cobalt-Strike-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server