Name: MITRE ATT&CK MCP Server
Author: stoyky

Key Features

50+ Tools for MITRE ATT&CK Querying
- Comprehensive access to the MITRE ATT&CK knowledge base through structured API tools
Automatic ATT&CK Navigator Layer Generation
- Generate visual representations of techniques used by threat actors
Threat Actor and Malware Attribution
- Query relationships between malware, threat actors, and techniques
Technique Overlap Analysis
- Compare techniques used by different threat actors or malware families

Installation

To clone and run this server, you'll need Git, Python, and PipX installed on your computer.

Ensure Git, Python, and PipX have been installed using their official respective installation instructions for Windows/Mac/Linux
Install the MCP Server using PipX

pipx install git+https://github.com/stoyky/mitre-attack-mcp

How To Use

Configure with Claude AI Desktop

Open Claude's MCP server configuration file.

Windows

C:\Users\[YourUsername]\AppData\Roaming\Claude\claude_desktop_config.json # or C:\Users\[YourUsername]\AppData\Local\AnthropicClaude\claude_desktop_config.json

Linux / Mac

~/.config/Claude/claude_desktop_config.json

Add the following to that file if it doesn't already exist. If it already exists, merge the two JSON structures accordingly.

{ "mcpServers": { "mitre-attack": { "command": "mitre-attack-mcp", "args": [ ] } } }

Note: By default the MCP server stores the mitre-related data in the current users default cache directory. You can specify a custom data directory to use with the following config:

{ "mcpServers": { "mitre-attack": { "command": "mitre-attack-mcp", "args": [ "--data-dir", "<path-to-data-dir>" ] } } }

Changelog

v1.0.2 - Now installable via PipX on Windows, Mac, and Linux. "data directory" argument is now optional and will use the default cache directory if omitted.
v1.0.0 - Initial release
V1.0.1 - Improved robustness of layer metadata generation and error handling in layer generation function