htb-hosts
Provides tools for managing /etc/hosts entries used in Hack The Box and other lab environments, allowing addition, removal, listing, and cleanup of hostname-to-IP mappings with tagging and backup features.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@htb-hostsadd 10.10.11.161 forest.htb"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
htb-hosts
Sudo-free, cleanable /etc/hosts management for Hack The Box (and any lab work).
Doing HTB, pentests, or CTFs means constantly adding IP β hostname lines to
/etc/hosts β then hunting them down to clean up later. htb-hosts keeps every
entry it manages inside one delimited block, grants you passwordless write access
via a POSIX ACL, and gives you one command to wipe a box (or everything). It ships
as both a CLI and a zero-dependency MCP server, so you and your AI coding
agents can manage hosts the same safe way.
$ htb-hosts add 10.10.11.161 forest.htb dc01.forest.htb
added: 10.10.11.161 forest.htb dc01.forest.htb [tag=forest]
$ htb-hosts show
HTB hosts β 5 managed entries in 3 boxes
forest (2)
10.10.11.161 forest.htb
10.10.11.161 dc01.forest.htb
machine (1)
10.129.45.2 machine.htb www.machine.htb
sequel (2)
10.10.11.202 sequel.htb dc01.sequel.htb
$ htb-hosts clean --exclude forest # done with everything but forest
cleaned 3 entry/entries (all except ~forest)Features
π No sudo for daily use β a one-time ACL grant lets you edit
/etc/hostswithoutsudoever again.π§Ή One-shot cleanup β everything lives in a managed block.
cleanwipes it;clean --tag forestdrops one box;clean --exclude forestkeeps one and clears the rest.π·οΈ Automatic per-box tagging β hostnames are grouped by box name (
dc01.forest.htbβforest), even across multiple IPs.π§° Safe by construction β strict input validation (no injection),
flocklocking, in-place writes that preserve the ACL, and automatic backups on every change.βͺ Backup & restore β named snapshots and one-command rollback.
π€ MCP server included β first-class tools for Claude Code / MCP agents.
πͺΆ Zero runtime dependencies β pure Python standard library.
Related MCP server: mcp-server
Install
Requirements: Linux, Python 3.11+, and a filesystem with POSIX ACL support
(ext4/xfs/btrfs β the default almost everywhere) plus setfacl.
git clone https://github.com/sresarehumantoo/htb-hosts.git
cd htb-hosts
make installmake install copies the tool into /opt/htb-hosts and /usr/local/bin, grants
your user an ACL on /etc/hosts, and registers the MCP server. It works whether
you run it directly or under sudo β the steps that need privilege call sudo
themselves, and the human user is auto-detected (SUDO_USER when under sudo, else
the current user) so the ACL always targets you, not root. Override with
HOSTS_USER=<name> if needed.
The one-time install needs privilege (it writes to
/optand/usr/local/binand sets the ACL). Everydayhtb-hostsuse afterward needs no sudo.
Already have a pile of entries in /etc/hosts? Pull them into the managed block:
htb-hosts migrate # imports existing host lines, tagged by box nameTo uninstall: make remove (leaves your entries + ACL) or make purge (removes
everything, including the managed block and ACL).
Usage
htb-hosts add 10.10.11.161 forest.htb dc01.forest.htb # IP and hosts in any order
htb-hosts add www.forest.htb 10.10.11.161 --tag forest # extra vhost, same box
htb-hosts show # box-grouped overview
htb-hosts show full # also show unmanaged/system lines
htb-hosts list # flat list of managed entries
htb-hosts rm forest.htb # remove one hostname
htb-hosts clean --tag forest # remove a whole box
htb-hosts clean --exclude forest # remove everything EXCEPT forest
htb-hosts clean # wipe all managed entries
htb-hosts doctor # check access / show the fixThe IP can go anywhere in the arguments β htb-hosts add forest.htb 10.10.11.161
works too. Add --json to most commands for machine-readable output.
Command reference
Command | What it does |
| Add/update an entry (idempotent; merges by IP) |
| Remove a hostname or a whole IP from the block |
| Pretty, box-grouped overview ( |
| Flat list of managed entries |
| Remove all, one box, or all-but-matches |
| Re-derive every tag from its box name |
| Save an explicit snapshot |
| Roll back to a snapshot |
| Import existing |
| Report access status and the exact fix |
Tagging
Every entry carries a tag, defaulting to the box name derived from its first
hostname (dc01.forest.htb β forest; fileserver.corp.local β corp). That
groups a whole box β even across several IPs β under one tag, so clean --tag forest clears it in one go. Re-derive tags for existing entries any time:
htb-hosts retagKeep-all-but: fuzzy --exclude
The inverse of --tag: remove everything except fuzzy matches. Patterns are
case-insensitive substrings tested against each entry's IP, tag, and hostnames,
and --exclude is repeatable:
htb-hosts clean --exclude forest # keep the forest box, clear the rest
htb-hosts clean --exclude forest --exclude vpnBackup & restore
Every write drops an automatic snapshot (last 5 kept). You can also take named snapshots that are never auto-pruned, and roll back:
htb-hosts backup --label before-pivot # explicit snapshot
htb-hosts restore --list # show snapshots (auto + saved)
htb-hosts restore # roll back to the most recent
htb-hosts restore before-pivot # roll back to a named/substring matchMCP integration
htb-hosts includes a stdio MCP server so MCP-aware agents (e.g. Claude Code) can
manage hosts natively. make install registers it; to register by hand:
claude mcp add -s user htb-hosts -- python3 /opt/htb-hosts/mcp_server.pyhtb_hosts_add, htb_hosts_remove, htb_hosts_list, htb_hosts_show,
htb_hosts_clean (accepts exclude), htb_hosts_retag, htb_hosts_backup,
htb_hosts_restore, htb_hosts_list_backups.
How it works
Everything the tool manages lives between two markers:
# >>> htb-hosts >>> (managed by htb-hosts; run `htb-hosts clean` to remove)
10.10.11.161 forest.htb dc01.forest.htb # tag=forest added=2026-07-11
# <<< htb-hosts <<<Lines outside the markers (localhost, IPv6, anything you added by hand) are never touched.
Write access is granted once via a POSIX ACL:
setfacl -m u:youruser:rw /etc/hostsBecause a non-owner can't re-apply an ACL, the tool edits /etc/hosts in place
(open r+, rewrite, truncate) under an flock β it never renames a temp file over
it, which would drop the ACL and flip ownership. All input is strictly validated so
nothing can inject extra lines, and the prior contents are snapshotted before every
change. If the ACL is ever lost, htb-hosts doctor prints the exact command to
restore it.
Configuration
Variable | Default | Purpose |
|
| Target hosts file (handy for testing) |
|
| Where snapshots are stored |
| (empty) | Comma-separated domain substrings to keep outside the block on |
Development
make test # stdlib unittest suite (no root, /etc/hosts untouched)
make smoke # quick end-to-end CLI check against a throwaway file
make lint # black --check + pylint (gated at 10.00/10)
make help # list all targetsTests load the modules directly from src/, so they exercise the in-repo copy
regardless of what's installed under /opt, and each test runs against a throwaway
temp file β your real /etc/hosts is never touched. Coverage includes input
validation/injection rejection, add/merge/rehome/idempotency, clean/exclude,
migration + tagging, backup/restore, the in-place-edit (inode-preserving) invariant
that protects the ACL, flock concurrency, and the full CLI + MCP surfaces.
Layout
src/htb_hosts.py core library (parse/validate/lock/backup) β /opt/htb-hosts
src/mcp_server.py zero-dependency stdio JSON-RPC MCP server β /opt/htb-hosts
src/htb-hosts CLI entrypoint β /usr/local/bin
tests/ unittest suite (core, CLI, MCP)
Makefile install / remove / lint / test targets
pyproject.toml black + pylint config (line length 100)License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sresarehumantoo/htb-hosts'
If you have feedback or need assistance with the MCP directory API, please join our Discord server