Skip to main content
Glama

Cobalt Strike MCP Server

by MickeyDB
OverviewInspectNewSchemaRelated ServersScore
TypeScript
Remote
2
  • Apple
  • Linux
spawn.ts30.4 kB
/** * Spawn operation-related MCP tools */ import { Tool } from '@modelcontextprotocol/sdk/types.js'; import { CobaltStrikeClient } from '../api/client.js'; export function createSpawnTools(client: CobaltStrikeClient): Tool[] { return [ { name: 'spawn_beacon', description: 'Spawn a new beacon session on a target', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon to spawn from', }, listener: { type: 'string', description: 'Listener name for the new beacon', }, }, required: ['beaconId', 'listener'], }, }, { name: 'spawn_powershell', description: 'Execute PowerShell command on a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, commandlet: { type: 'string', description: 'PowerShell commandlet to execute', }, arguments: { type: 'string', description: 'Optional arguments for the commandlet', }, }, required: ['beaconId', 'commandlet'], }, }, { name: 'spawn_command', description: 'Execute a command on a beacon (spawns in new process)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Command to execute', }, arguments: { type: 'string', description: 'Optional command arguments', }, }, required: ['beaconId', 'command'], }, }, { name: 'spawn_shell', description: 'Execute a shell command on a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Shell command to execute', }, }, required: ['beaconId', 'command'], }, }, { name: 'spawn_screenshot', description: 'Take a screenshot on a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_hashdump', description: 'Dump password hashes from a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_mimikatz', description: 'Run Mimikatz on a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Mimikatz command to execute', }, }, required: ['beaconId', 'command'], }, }, { name: 'spawn_logon_passwords', description: 'Dump logon passwords using Mimikatz', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_process_list', description: 'List processes on a beacon', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_beacon_asUser', description: 'Spawn a beacon as a specific user', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, listener: { type: 'string', description: 'Listener name for the new beacon', }, domain: { type: 'string', description: 'Domain name', }, username: { type: 'string', description: 'Username', }, password: { type: 'string', description: 'Password', }, }, required: ['beaconId', 'listener', 'domain', 'username', 'password'], }, }, { name: 'spawn_beacon_under', description: 'Spawn a beacon under a specific process', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, listener: { type: 'string', description: 'Listener name for the new beacon', }, pid: { type: 'number', description: 'Parent process ID', minimum: 0, }, }, required: ['beaconId', 'listener', 'pid'], }, }, { name: 'spawn_command_runAs', description: 'Run a command as a specific user', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Command to execute', }, domain: { type: 'string', description: 'Domain name', }, username: { type: 'string', description: 'Username', }, password: { type: 'string', description: 'Password', }, }, required: ['beaconId', 'command', 'domain', 'username', 'password'], }, }, { name: 'spawn_dcsync', description: 'Perform DCSync attack (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain to sync from', }, user: { type: 'string', description: 'User to extract credentials for', }, }, required: ['beaconId'], }, }, { name: 'spawn_keylogger', description: 'Start keylogger (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, pid: { type: 'number', description: 'Process ID to keylog', minimum: 0, }, }, required: ['beaconId', 'pid'], }, }, { name: 'spawn_command_runNoOutput', description: 'Run command without output', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Command to execute', }, }, required: ['beaconId', 'command'], }, }, { name: 'spawn_command_runUnder', description: 'Run command under a process', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'Command to execute', }, pid: { type: 'number', description: 'Parent process ID', minimum: 0, }, }, required: ['beaconId', 'command', 'pid'], }, }, { name: 'spawn_chromedump', description: 'Dump Chrome passwords (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_dotnetAssembly', description: 'Execute .NET assembly', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, assembly: { type: 'string', description: 'Path to .NET assembly', }, arguments: { type: 'string', description: 'Arguments for the assembly', }, }, required: ['beaconId', 'assembly'], }, }, { name: 'spawn_net_computers', description: 'Enumerate computers (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain to query', }, }, required: ['beaconId'], }, }, { name: 'spawn_net_dclist', description: 'List domain controllers (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain to query', }, }, required: ['beaconId'], }, }, { name: 'spawn_net_domainControllers', description: 'List domain controllers (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain to query', }, }, required: ['beaconId'], }, }, { name: 'spawn_net_domainTrusts', description: 'Enumerate domain trusts (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain to query', }, }, required: ['beaconId'], }, }, { name: 'spawn_net_group', description: 'Enumerate groups (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target domain controller', }, groupName: { type: 'string', description: 'Group name to query', }, }, required: ['beaconId', 'target', 'groupName'], }, }, { name: 'spawn_net_localGroup', description: 'Enumerate local groups (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, groupName: { type: 'string', description: 'Group name to query', }, }, required: ['beaconId', 'target', 'groupName'], }, }, { name: 'spawn_net_logons', description: 'Enumerate logged on users (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, }, required: ['beaconId', 'target'], }, }, { name: 'spawn_net_sessions', description: 'Enumerate sessions (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, }, required: ['beaconId', 'target'], }, }, { name: 'spawn_net_share', description: 'Enumerate shares (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, }, required: ['beaconId', 'target'], }, }, { name: 'spawn_net_time', description: 'Get time from target (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, }, required: ['beaconId', 'target'], }, }, { name: 'spawn_net_user', description: 'Enumerate users (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target domain controller', }, }, required: ['beaconId'], }, }, { name: 'spawn_net_user_detail', description: 'Get user details (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target domain controller', }, user: { type: 'string', description: 'Username to query', }, }, required: ['beaconId', 'target', 'user'], }, }, { name: 'spawn_net_view', description: 'View network resources (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, target: { type: 'string', description: 'Target host', }, }, required: ['beaconId'], }, }, { name: 'spawn_portscan', description: 'Perform port scan (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, targets: { type: 'string', description: 'Target hosts (comma-separated or CIDR)', }, ports: { type: 'string', description: 'Ports to scan (e.g., "80,443,8080" or "1-1024")', }, }, required: ['beaconId', 'targets', 'ports'], }, }, { name: 'spawn_postExDll', description: 'Load post-exploitation DLL (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, dllPath: { type: 'string', description: 'Path to the DLL file', }, }, required: ['beaconId', 'dllPath'], }, }, { name: 'spawn_powershell_unmanaged', description: 'Execute unmanaged PowerShell (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, command: { type: 'string', description: 'PowerShell command to execute', }, }, required: ['beaconId', 'command'], }, }, { name: 'spawn_printscreen', description: 'Print screen (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_pth', description: 'Pass-the-hash (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, domain: { type: 'string', description: 'Domain name', }, username: { type: 'string', description: 'Username', }, hash: { type: 'string', description: 'NTLM hash', }, }, required: ['beaconId', 'domain', 'username', 'hash'], }, }, { name: 'spawn_screenwatch', description: 'Start screen watch (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, }, required: ['beaconId'], }, }, { name: 'spawn_shellcode', description: 'Execute shellcode (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, shellcode: { type: 'string', description: 'Shellcode (base64 encoded)', }, }, required: ['beaconId', 'shellcode'], }, }, { name: 'spawn_ssh', description: 'Inject SSH session (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, host: { type: 'string', description: 'SSH host', }, port: { type: 'number', description: 'SSH port', minimum: 1, maximum: 65535, }, username: { type: 'string', description: 'SSH username', }, password: { type: 'string', description: 'SSH password', }, }, required: ['beaconId', 'host', 'username', 'password'], }, }, { name: 'spawn_sshKey', description: 'Inject SSH session with key (spawn mode)', inputSchema: { type: 'object', properties: { beaconId: { type: 'string', description: 'The ID of the beacon', }, host: { type: 'string', description: 'SSH host', }, port: { type: 'number', description: 'SSH port', minimum: 1, maximum: 65535, }, username: { type: 'string', description: 'SSH username', }, key: { type: 'string', description: 'SSH private key', }, }, required: ['beaconId', 'host', 'username', 'key'], }, }, ]; } export async function handleSpawnTool( name: string, args: any, client: CobaltStrikeClient ): Promise<string> { switch (name) { case 'spawn_beacon': const beaconResult = await client.spawnBeacon(args.beaconId, args.listener); return JSON.stringify({ taskId: beaconResult, message: 'Beacon spawn initiated' }, null, 2); case 'spawn_powershell': const psResult = await client.spawnPowerShell(args.beaconId, args.commandlet, args.arguments); return JSON.stringify({ taskId: psResult, message: 'PowerShell command submitted' }, null, 2); case 'spawn_command': const cmdResult = await client.spawnCommand(args.beaconId, args.command, args.arguments); return JSON.stringify({ taskId: cmdResult, message: 'Command submitted' }, null, 2); case 'spawn_shell': const shellResult = await client.spawnShell(args.beaconId, args.command); return JSON.stringify({ taskId: shellResult, message: 'Shell command submitted' }, null, 2); case 'spawn_screenshot': const screenshotResult = await client.spawnScreenshot(args.beaconId); return JSON.stringify({ taskId: screenshotResult, message: 'Screenshot command submitted' }, null, 2); case 'spawn_hashdump': const hashdumpResult = await client.spawnHashdump(args.beaconId); return JSON.stringify({ taskId: hashdumpResult, message: 'Hashdump command submitted' }, null, 2); case 'spawn_mimikatz': const mimikatzResult = await client.spawnMimikatz(args.beaconId, args.command); return JSON.stringify({ taskId: mimikatzResult, message: 'Mimikatz command submitted' }, null, 2); case 'spawn_logon_passwords': const logonResult = await client.spawnLogonPasswords(args.beaconId); return JSON.stringify({ taskId: logonResult, message: 'Logon passwords dump submitted' }, null, 2); case 'spawn_process_list': const psListResult = await client.spawnProcessList(args.beaconId); return JSON.stringify({ taskId: psListResult, message: 'Process list command submitted' }, null, 2); case 'spawn_beacon_asUser': const spawnAsUserResult = await client.spawnBeaconAsUser(args.beaconId, args.listener, args.domain, args.username, args.password); return JSON.stringify({ taskId: spawnAsUserResult, message: 'Spawn beacon as user command submitted' }, null, 2); case 'spawn_beacon_under': const spawnUnderResult = await client.spawnBeaconUnder(args.beaconId, args.listener, args.pid); return JSON.stringify({ taskId: spawnUnderResult, message: 'Spawn beacon under process command submitted' }, null, 2); case 'spawn_command_runAs': const spawnRunAsResult = await client.spawnCommandRunAs(args.beaconId, args.command, args.domain, args.username, args.password); return JSON.stringify({ taskId: spawnRunAsResult, message: 'Run command as user command submitted' }, null, 2); case 'spawn_dcsync': const spawnDcsyncResult = await client.spawnDCSync(args.beaconId, args.domain, args.user); return JSON.stringify({ taskId: spawnDcsyncResult, message: 'DCSync (spawn) command submitted' }, null, 2); case 'spawn_keylogger': const spawnKeyloggerResult = await client.spawnKeylogger(args.beaconId, args.pid); return JSON.stringify({ taskId: spawnKeyloggerResult, message: 'Keylogger (spawn) command submitted' }, null, 2); case 'spawn_command_runNoOutput': const spawnRunNoOutputResult = await client.spawnCommandRunNoOutput(args.beaconId, args.command); return JSON.stringify({ taskId: spawnRunNoOutputResult, message: 'Run command no output command submitted' }, null, 2); case 'spawn_command_runUnder': const spawnRunUnderResult = await client.spawnCommandRunUnder(args.beaconId, args.command, args.pid); return JSON.stringify({ taskId: spawnRunUnderResult, message: 'Run command under process command submitted' }, null, 2); case 'spawn_chromedump': const spawnChromedumpResult = await client.spawnChromedump(args.beaconId); return JSON.stringify({ taskId: spawnChromedumpResult, message: 'Chrome dump (spawn) command submitted' }, null, 2); case 'spawn_dotnetAssembly': const spawnDotnetResult = await client.spawnDotnetAssembly(args.beaconId, args.assembly, args.arguments); return JSON.stringify({ taskId: spawnDotnetResult, message: 'Execute .NET assembly command submitted' }, null, 2); case 'spawn_net_computers': const spawnNetComputersResult = await client.spawnNetComputers(args.beaconId, args.domain); return JSON.stringify({ taskId: spawnNetComputersResult, message: 'Net computers (spawn) command submitted' }, null, 2); case 'spawn_net_dclist': const spawnNetDclistResult = await client.spawnNetDclist(args.beaconId, args.domain); return JSON.stringify({ taskId: spawnNetDclistResult, message: 'Net dclist (spawn) command submitted' }, null, 2); case 'spawn_net_domainControllers': const spawnNetDCResult = await client.spawnNetDomainControllers(args.beaconId, args.domain); return JSON.stringify({ taskId: spawnNetDCResult, message: 'Net domain controllers (spawn) command submitted' }, null, 2); case 'spawn_net_domainTrusts': const spawnNetDomainTrustsResult = await client.spawnNetDomainTrusts(args.beaconId, args.domain); return JSON.stringify({ taskId: spawnNetDomainTrustsResult, message: 'Net domain trusts (spawn) command submitted' }, null, 2); case 'spawn_net_group': const spawnNetGroupResult = await client.spawnNetGroup(args.beaconId, args.target, args.groupName); return JSON.stringify({ taskId: spawnNetGroupResult, message: 'Net group (spawn) command submitted' }, null, 2); case 'spawn_net_localGroup': const spawnNetLocalGroupResult = await client.spawnNetLocalGroup(args.beaconId, args.target, args.groupName); return JSON.stringify({ taskId: spawnNetLocalGroupResult, message: 'Net local group (spawn) command submitted' }, null, 2); case 'spawn_net_logons': const spawnNetLogonsResult = await client.spawnNetLogons(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetLogonsResult, message: 'Net logons (spawn) command submitted' }, null, 2); case 'spawn_net_sessions': const spawnNetSessionsResult = await client.spawnNetSessions(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetSessionsResult, message: 'Net sessions (spawn) command submitted' }, null, 2); case 'spawn_net_share': const spawnNetShareResult = await client.spawnNetShare(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetShareResult, message: 'Net share (spawn) command submitted' }, null, 2); case 'spawn_net_time': const spawnNetTimeResult = await client.spawnNetTime(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetTimeResult, message: 'Net time (spawn) command submitted' }, null, 2); case 'spawn_net_user': const spawnNetUserResult = await client.spawnNetUser(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetUserResult, message: 'Net user (spawn) command submitted' }, null, 2); case 'spawn_net_user_detail': const spawnNetUserDetailResult = await client.spawnNetUserDetail(args.beaconId, args.target, args.user); return JSON.stringify({ taskId: spawnNetUserDetailResult, message: 'Net user detail (spawn) command submitted' }, null, 2); case 'spawn_net_view': const spawnNetViewResult = await client.spawnNetView(args.beaconId, args.target); return JSON.stringify({ taskId: spawnNetViewResult, message: 'Net view (spawn) command submitted' }, null, 2); case 'spawn_portscan': const spawnPortscanResult = await client.spawnPortscan(args.beaconId, args.targets, args.ports); return JSON.stringify({ taskId: spawnPortscanResult, message: 'Port scan (spawn) command submitted' }, null, 2); case 'spawn_postExDll': const spawnPostExDllResult = await client.spawnPostExDll(args.beaconId, args.dllPath); return JSON.stringify({ taskId: spawnPostExDllResult, message: 'Post-ex DLL (spawn) command submitted' }, null, 2); case 'spawn_powershell_unmanaged': const spawnPSUnmanagedResult = await client.spawnPowerShellUnmanaged(args.beaconId, args.command); return JSON.stringify({ taskId: spawnPSUnmanagedResult, message: 'PowerShell unmanaged (spawn) command submitted' }, null, 2); case 'spawn_printscreen': const spawnPrintscreenResult = await client.spawnPrintscreen(args.beaconId); return JSON.stringify({ taskId: spawnPrintscreenResult, message: 'Printscreen (spawn) command submitted' }, null, 2); case 'spawn_pth': const spawnPTHResult = await client.spawnPTH(args.beaconId, args.domain, args.username, args.hash); return JSON.stringify({ taskId: spawnPTHResult, message: 'PTH (spawn) command submitted' }, null, 2); case 'spawn_screenwatch': const spawnScreenwatchResult = await client.spawnScreenwatch(args.beaconId); return JSON.stringify({ taskId: spawnScreenwatchResult, message: 'Screenwatch (spawn) command submitted' }, null, 2); case 'spawn_shellcode': const spawnShellcodeResult = await client.spawnShellcode(args.beaconId, args.shellcode); return JSON.stringify({ taskId: spawnShellcodeResult, message: 'Shellcode (spawn) command submitted' }, null, 2); case 'spawn_ssh': const spawnSSHResult = await client.spawnSSH(args.beaconId, args.host, args.port, args.username, args.password); return JSON.stringify({ taskId: spawnSSHResult, message: 'SSH (spawn) command submitted' }, null, 2); case 'spawn_sshKey': const spawnSSHKeyResult = await client.spawnSSHKey(args.beaconId, args.host, args.port, args.username, args.key); return JSON.stringify({ taskId: spawnSSHKeyResult, message: 'SSH key (spawn) command submitted' }, null, 2); default: throw new Error(`Unknown spawn tool: ${name}`); } }

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MickeyDB/Cobalt-Strike-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server