Leverages Docker for secure command execution in a sandboxed container, isolating network administration tools from the host system and providing resource limits and network isolation
Uses .env files for configuration management, allowing customization of Docker settings, SSH credentials, and security whitelists through environment variables
Implements YAML-based configuration system for setup and management of the server's security controls and feature settings
ITMCP
Secure network administration tools for AI assistants through the Model Context Protocol (MCP).
Overview
ITMCP is an MCP server that enables AI assistants to safely execute networking commands inside a Docker container sandbox. It provides a secure interface for running common network diagnostic and administration tools while maintaining strict security controls.
The project implements the Model Context Protocol (MCP) to expose networking tools as callable functions for AI assistants, allowing them to perform network diagnostics and system administration tasks in a controlled environment.
Features
Docker Isolation: All commands run in a sandboxed Docker container for enhanced security
Security Controls: Comprehensive whitelisting of hosts, directories, and commands
Network Diagnostic Tools: SSH, ping, nslookup, telnet, dig, tcpdump, and more
File Operations: Secure access to view and analyze files with tools like cat, grep, head, tail
Process Management: View running processes with ps and top tools
Credential Management: Secure handling of SSH keys and passwords
MCP Integration: Full compatibility with the Model Context Protocol
Enterprise-Grade Security: Session management, audit logging, and access controls
Installation
Prerequisites
Python 3.10 or higher
Docker (for containerized execution)
MCP library (version 1.0.0 or higher)
Basic Installation
Clone the repository:
git clone https://github.com/yourusername/itmcp.git cd itmcpInstall dependencies:
pip install -e .
Docker Setup
Build the Docker container:
docker build -t itmcp_container .Run the container:
docker-compose up -d
Configuration
ITMCP uses a YAML-based configuration system and environment variables for setup.
Environment Variables
Create a .env
file in the project root with the following variables:
Security Whitelists
ITMCP implements three key whitelists for security:
Allowed Hosts: Restricts which hosts can be targeted by network tools
Allowed Directories: Limits file system access to specific directories
Allowed Remote Commands: Controls which commands can be executed remotely
Available Tools
ITMCP provides the following network administration tools:
Tool | Description |
| Connect to a target via SSH |
| Ping a host to check connectivity |
| Perform DNS lookup on a hostname or IP address |
| Test TCP connectivity to a host and port |
| Perform DNS lookup with dig command |
| Capture network packets (limited time) |
| List running processes |
| Display content of a file |
| Display system processes (snapshot) |
| Search for patterns in files |
| Display the beginning of a file |
| Display the end of a file |
Security Features
ITMCP implements enterprise-grade security features:
Session Management
Secure session creation with cryptographic tokens
Session expiration and timeout controls
Concurrent session limits
Session validation and regeneration
Audit Logging
Comprehensive command logging
User attribution for all actions
Success/failure logging
Security event flagging
Tamper-evident logs
Access Control
Command whitelisting
Directory restrictions
Host restrictions
Input validation and sanitization
Docker Integration
ITMCP uses Docker to create a secure sandbox for command execution:
All commands are routed through the Docker container
The container has limited access to the host system
Resource limits can be applied to prevent abuse
Network isolation provides an additional security layer
Usage Examples
MCP Configuration
Claude Desktop Configuration
To use ITMCP with Claude desktop, add the following to your config.json
file:
Cline Configuration
For Cline AI, a more detailed configuration is provided in the mcp-config.json
file included in this repository:
To use this configuration with Cline:
Copy the
mcp-config.json
file to your Cline configuration directoryStart Cline with the
--mcp-config
flag pointing to this fileThe ITMCP tools will be available for use in your Cline sessions
Example 1: Ping a Host
Example 2: SSH Connection to Firewall
Example 3: DNS Lookup
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Fork the repository
Create your feature branch (
git checkout -b feature/amazing-feature
)Commit your changes (
git commit -m 'Add some amazing feature'
)Push to the branch (
git push origin feature/amazing-feature
)Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Author
Andrew Hopper
Email: hopperab@gmail.com
Twitter: x.com/andrewhopper
Website: andyhop.316.dev
LinkedIn: linkedin.com/in/andrewhopper
Security Considerations
ITMCP is designed with security in mind, but proper configuration is essential:
Always run in a Docker container for isolation
Carefully configure whitelists for hosts, directories, and commands
Regularly review audit logs for suspicious activity
Keep the system updated with security patches
Follow the security best practices in the documentation
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Secure network administration MCP server that enables AI assistants to safely execute networking commands like SSH, ping, and DNS lookups inside a Docker container sandbox.
Related MCP Servers
- -securityAlicense-qualityAn MCP server to create secure code sandbox environment for executing code within Docker containers.Last updated -269MIT License
- -securityAlicense-qualityAn MCP server that allows managing Docker containers through natural language, enabling users to compose, introspect, and debug containers without running commands themselves.Last updated -618GPL 3.0
- -securityAlicense-qualityAn enhanced MCP server that grants AI assistants the ability to execute terminal commands on a user's system with improved security controls, designed for use in controlled environments.Last updated -MIT License
- AsecurityFlicenseAqualityAn MCP server that allows AI models to execute system commands on local machines or remote hosts via SSH, supporting persistent sessions and environment variables.Last updated -11524