CrackMapExec MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SSH_KEY | Yes | Path to SSH private key | |
| SSH_USER | Yes | SSH username | |
| KALI_HOST | No | Hostname or IP of the Kali Linux host | kali |
| NXC_BINARY | No | Binary name (nxc or crackmapexec) | nxc |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| cme_smbB | Execute SMB protocol operations with NetExec/CrackMapExec. Supports enumeration of shares, users, groups, sessions, credential dumping (SAM, LSA, NTDS), and command execution. |
| cme_winrmC | Execute WinRM protocol operations. Supports remote command execution and credential dumping on hosts with WinRM enabled (ports 5985/5986). |
| cme_sshB | Execute SSH protocol operations. Supports password and key-based authentication for Linux/Unix hosts. |
| cme_mssqlA | Execute MSSQL protocol operations. Supports SQL query execution and command execution via xp_cmdshell. |
| cme_ldapB | Execute LDAP protocol operations. Supports Active Directory enumeration including users, computers, groups, delegation, and custom LDAP queries. |
| cme_rdpC | Execute RDP protocol operations. Check RDP access and screenshot capabilities. |
| cme_wmiB | Execute WMI protocol operations. Supports remote command execution via WMI. |
| cme_modulesA | List available modules for a protocol or get options for a specific module. |
| cme_sprayA | Perform password spraying attacks across multiple targets. Supports jitter and continues on success options. |
| cme_credsB | Manage the NetExec credential database. View, search, and export stored credentials from previous scans. |
| cme_rawA | Execute a raw NetExec/CrackMapExec command. Use this for advanced operations not covered by other tools. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/schwarztim/sec-crackmapexec-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server