Cobalt Strike MCP Server

/** * Payload generation-related MCP tools */ import { Tool } from '@modelcontextprotocol/sdk/types.js'; import { CobaltStrikeClient } from '../api/client.js'; export function createPayloadTools(client: CobaltStrikeClient): Tool[] { return [ { name: 'generate_stager_payload', description: 'Generate a stager payload for a listener', inputSchema: { type: 'object', properties: { listenerName: { type: 'string', description: 'The listener name', }, architecture: { type: 'string', description: 'The architecture (x86 or x64)', enum: ['x86', 'x64'], }, output: { type: 'string', description: 'Output format (C, C#, COM Scriptlet, Java, Perl, PowerShell, PowerShell Command, Python, Raw, Ruby, VBA, Veil)', enum: ['C', 'C#', 'COM Scriptlet', 'Java', 'Perl', 'PowerShell', 'PowerShell Command', 'Python', 'Raw', 'Ruby', 'VBA', 'Veil'], }, payloadFileName: { type: 'string', description: 'Optional filename for the payload (auto-generated if not provided)', }, }, required: ['listenerName', 'architecture', 'output'], }, }, { name: 'generate_stageless_payload', description: 'Generate a stageless payload for a listener', inputSchema: { type: 'object', properties: { listenerName: { type: 'string', description: 'The listener name', }, architecture: { type: 'string', description: 'The architecture (x86 or x64)', enum: ['x86', 'x64'], }, output: { type: 'string', description: 'Output format (C, C#, Java, Perl, Python, Raw, Ruby, VBA)', enum: ['C', 'C#', 'Java', 'Perl', 'Python', 'Raw', 'Ruby', 'VBA'], }, exitFunction: { type: 'string', description: 'Exit function (Process or Thread)', enum: ['Process', 'Thread'], }, systemCallMethod: { type: 'string', description: 'System call method (None, Direct, Indirect)', enum: ['None', 'Direct', 'Indirect'], }, useListenerGuardRails: { type: 'boolean', description: 'Use listener guard rails (true) or custom guard rails (false)', }, payloadFileName: { type: 'string', description: 'Optional filename for the payload', }, }, required: ['listenerName', 'architecture', 'output', 'exitFunction', 'systemCallMethod', 'useListenerGuardRails'], }, }, { name: 'download_payload', description: 'Download a generated payload file', inputSchema: { type: 'object', properties: { fileName: { type: 'string', description: 'The payload file name to download', }, }, required: ['fileName'], }, }, ]; } export async function handlePayloadTool( name: string, args: any, client: CobaltStrikeClient ): Promise<string> { switch (name) { case 'generate_stager_payload': const stagerResult = await client.generateStagerPayload( args.listenerName, args.architecture, args.output, args.payloadFileName ); return JSON.stringify(stagerResult, null, 2); case 'generate_stageless_payload': const stagelessResult = await client.generateStagelessPayload( args.listenerName, args.architecture, args.output, args.exitFunction, args.systemCallMethod, args.useListenerGuardRails, args.payloadFileName, args.guardRails ); return JSON.stringify(stagelessResult, null, 2); case 'download_payload': const payload = await client.downloadPayload(args.fileName); return JSON.stringify({ payload, message: 'Payload downloaded (base64 encoded)' }, null, 2); default: throw new Error(`Unknown payload tool: ${name}`); } }