MCP Red Team Server
Manage bug bounty reports and vulnerability disclosures via HackerOne API.
Scan files, URLs, IPs, and domains for malware and reputation data via VirusTotal API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Red Team Servercreate a new operation for web app penetration test"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Red Team Server
A Model Context Protocol (MCP) server for orchestrating red team security assessments. This server enables LLMs to manage security operations, agents, targets, and findings through structured tool calls aligned with the MITRE ATT&CK framework.
Features
45 MCP Tools organized by MITRE ATT&CK workflow stages
Multi-LLM Support - Works with Claude, GPT-4, Gemini, and any MCP-compatible model
Security Integrations - VirusTotal, AlienVault OTX, and HackerOne APIs
Operation Management - Track assessments from planning through reporting
Finding Documentation - Record vulnerabilities with severity, evidence, and CVSS scores
Related MCP server: MCPwner
Quick Start
Prerequisites
Node.js 18+
npm or yarn
Installation
# Clone the repository
git clone https://github.com/yourusername/mcp-redteam-server.git
cd mcp-redteam-server
# Install dependencies
npm install
# Start the server
npm run devMCP Client Configuration
Add to your MCP client configuration (e.g., Claude Desktop):
{
"mcpServers": {
"redteam": {
"command": "npm",
"args": ["run", "start"],
"cwd": "/path/to/mcp-redteam-server"
}
}
}Tools by Workflow Stage
Planning (7 tools)
Setup agents, operations, and targets before engagement.
Tool | Description |
| Create a new agent with type and capabilities |
| List all agents, optionally filtered by status |
| Get detailed info about a specific agent |
| Update agent properties |
| Create a new operation targeting a system |
| Define a target (web app, network, host, API, database, cloud) |
| Create asset in HackerOne organization |
Reconnaissance (16 tools)
Gather intelligence on targets using built-in tools and external APIs.
Tool | Description |
| List operations with status/phase filters |
| Get operation details including findings |
| List all targets with optional type filter |
| Get target details including vulnerabilities |
| Update target information |
| Look up file hash on VirusTotal |
| Scan URL for malicious content |
| Get VirusTotal IP address report |
| Get VirusTotal domain report |
| Get AlienVault OTX threat intelligence |
| Get OTX threat feeds/pulses |
| Get HackerOne program details and scope |
| List all accessible HackerOne programs |
| List assets in a HackerOne organization |
| Get activity feed for a program |
Exploitation (4 tools)
Execute attacks, activate agents, and record vulnerabilities.
Tool | Description |
| Set agent status to active for deployment |
| Begin execution of an operation |
| Update operation phase or details |
| Record a vulnerability on a target |
Post-Exploitation (3 tools)
Document findings during active exploitation.
Tool | Description |
| Record a security finding with severity, evidence, and mitigation |
| Create/import vulnerability report to HackerOne |
| Update severity of a HackerOne report |
Reporting (15 tools)
Generate reports, review findings, manage resources, and interact with HackerOne.
Tool | Description |
| List findings filtered by operation, agent, or severity |
| Get detailed finding information |
| Generate comprehensive operation report |
| Get overall metrics across all operations |
| Mark operation as completed |
| Remove an operation |
| Remove a target |
| Remove an agent |
| List HackerOne vulnerability reports with filters |
| Get HackerOne report details |
| Change report state (triage, resolve, close) |
| Add comment to a report |
| Award bounty on a report |
| Get program bounty balance |
| Get program analytics data |
Security Integrations
VirusTotal
Scan files, URLs, IPs, and domains for malware and reputation data.
# Set your API key
export VIRUSTOTAL_API_KEY="your-api-key"Get your key: VirusTotal API
AlienVault OTX
Access Open Threat Exchange for threat intelligence and IOC lookups.
# Set your API key
export OTX_API_KEY="your-api-key"Get your key: AlienVault OTX
HackerOne
Manage bug bounty reports and vulnerability disclosures.
# Set your API key (format: username:token)
export HACKERONE_API_KEY="your-username:your-token"Get your credentials: HackerOne Settings → API Tokens
Enums and Types
Agent Types
reconnaissance | exploitation | post_exploitation |
persistence | lateral_movement | command_controlOperation Phases (MITRE ATT&CK)
planning | reconnaissance | initial_access | execution |
persistence | privilege_escalation | defense_evasion |
credential_access | discovery | lateral_movement |
collection | exfiltration | impactTarget Types
web_application | network | host | api | database | cloud_infrastructureFinding Types
vulnerability | misconfiguration | weak_credential |
exposed_data | privilege_escalation | lateral_movementSeverity Levels
critical | high | medium | low | infoProject Structure
src/
├── index.ts # Server entry point
├── config/
│ └── index.ts # Configuration
├── store/
│ └── index.ts # In-memory data store
├── tools/
│ ├── index.ts # Tool registration with workflow stages
│ ├── agent-tools.ts # Agent CRUD tools
│ ├── operation-tools.ts # Operation lifecycle tools
│ ├── target-tools.ts # Target management tools
│ ├── analysis-tools.ts # Findings and reporting tools
│ └── integration-tools.ts # External API integrations
├── resources/
│ └── index.ts # MCP resource registration
├── types/
│ └── index.ts # TypeScript interfaces
└── utils/
└── logger.ts # Winston loggingEnvironment Variables
Variable | Default | Description |
| 3000 | Server port |
| development | Environment |
| redteam-mcp-server | Server name |
| 1.0.0 | Server version |
| info | Logging level |
| - | VirusTotal API key |
| - | AlienVault OTX API key |
| - | HackerOne API key (username:token) |
Development
# Run in development mode with hot reload
npm run dev
# Build for production
npm run build
# Run production build
npm run start
# Lint code
npm run lintLLM Compatibility
This server implements the Model Context Protocol standard and works with:
Claude (Anthropic) - Native MCP support
GPT-4/GPT-4o (OpenAI) - Via MCP adapters
Gemini (Google) - Via MCP adapters
Open-source models - Any model with MCP/function calling support
Contributing
See CONTRIBUTING.md for guidelines.
License
MIT License - see LICENSE for details.
Acknowledgments
Model Context Protocol by Anthropic
Security research community
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/canstralian/MCPServerforRedTeamAgenticWorkflowszip'
If you have feedback or need assistance with the MCP directory API, please join our Discord server