Is Cobaltstrike Mcp Server safe to use?

Cobaltstrike Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Cobaltstrike Mcp Server?

Cobaltstrike Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Cobaltstrike Mcp Server?

Cobaltstrike Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Cobaltstrike Mcp Server actively maintained?

Cobaltstrike Mcp Server is less actively maintained — last commit was 162 days ago. It has 24 GitHub stars.

Cobaltstrike Mcp Server

Name: Cobaltstrike Mcp Server
Author: Cobalt-Strike

Official

by Cobalt-Strike

MCP Server for Cobalt Strike interaction.

24 0 tools GitHub

No known CVEs

Apache-2.0 license

Maintained

Last commit 162d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "cobaltstrike-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/cobaltstrike-mcp-server)](https://mcppedia.org/s/cobaltstrike-mcp-server)

Read me

What Cobaltstrike Mcp Server does

This is a PoC MCP server developed as part of some internal experiments during the development of CS 4.12 and the CS REST API. More information can be found here.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Cobaltstrike Mcp Server safe to use?: Cobaltstrike Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Cobaltstrike Mcp Server?: Cobaltstrike Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Cobaltstrike Mcp Server?: Cobaltstrike Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Cobaltstrike Mcp Server actively maintained?: Cobaltstrike Mcp Server is less actively maintained — last commit was 162 days ago. It has 24 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Cobaltstrike Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "cobaltstrike-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/cobaltstrike-mcp-server)](https://mcppedia.org/s/cobaltstrike-mcp-server)

Read me

What Cobaltstrike Mcp Server does

This is a PoC MCP server developed as part of some internal experiments during the development of CS 4.12 and the CS REST API. More information can be found here.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Cobalt Strike MCP Server

This is a PoC MCP server developed as part of some internal experiments during the development of CS 4.12 and the CS REST API. More information can be found here.

https://github.com/user-attachments/assets/92d15b5f-4744-41aa-a803-abe342db8075

[!NOTE] This tool is still in early development stage and subject to breaking changes. It has been heavily vibe-coded, so don't be too hard on the quality of the code 😉

Getting Started

This MCP server provides a bridge between large language models like Claude and the Cobalt Strike C2 framework. It allows AI assistants to dynamically access and control the Cobalt Strike functionality through standardized tools, enabling a natural language interface to adversary simulation workflows.

Prerequisites

Python 3.8+ installed
FastMCP 2.12.5 or higher
The Cobalt Strike API Server should be running.
Cobalt Strike should be installed and configured.
Cobalt Strike should be properly licensed

Installation

Clone the repository

git clone <repository-url>
cd cobaltstrike-mcp-server

Create and activate a virtual environment

Windows:
```
setup.bat
venv\Scripts\activate
```
macOS/Linux:
```
setup.sh
source venv/bin/activate
```

Install dependencies
```
pip install -r requirements.txt
```
Verify Installation
```
python cs_mcp.py --help
```

Alternative: System-wide Installation

pip install -r requirements.txt

Configuration

Environment Variables

You can configure the server using environment variables:

# Cobalt Strike API Configuration
export CS_API_BASE_URL="https://your-teamserver:50443"
export CS_API_USERNAME="your_username"
export CS_API_PASSWORD="your_password"
export CS_API_VERIFY_TLS="false"  # Set to "true" for production
export CS_API_HTTP_TIMEOUT="30.0"

# MCP Server Configuration
export MCP_LISTEN_HOST="127.0.0.1"
export MCP_LISTEN_PORT="3000"
export MCP_TRANSPORT="http"
export MCP_SERVER_NAME="Cobalt Strike MCP"

# Logging
export LOG_LEVEL="INFO"  # DEBUG, INFO, WARNING, ERROR

.env File Support

The server automatically loads environment variables from a .env file in the current directory if it exists:

Copy the example file:
```
cp .env.example .env
```

Edit the configuration:

# Edit .env with your settings
CS_API_USERNAME=rest_client
CS_API_PASSWORD=SecurePassword123
CS_API_VERIFY_TLS=false
MCP_TRANSPORT=stdio

Run without command line arguments:
```
python cs_mcp.py
```

Viewing Environment Variables

Use the --show-env option to see all supported environment variables and their current values:

python cs_mcp.py --show-env

This displays:

All supported environment variables
Current values (SET/NOT SET)
Description and default values
No authentication required

Command Line Arguments

The following parameters can be used while starting the MCP Server:

Cobalt Strike API

--base-url: Base URL for the Cobalt Strike REST API (https://<CS_HOST>:50443)

Authentication

--username: Cobalt Strike username (required)
--password: Cobalt Strike password (required)
--duration-ms: JWT session duration in milliseconds

HTTP Client

--http-timeout: HTTP request timeout in seconds
--insecure: Disable TLS certificate verification
--verify-tls: Enable TLS certificate v

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Cobaltstrike Mcp Server safe to use?: Cobaltstrike Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Cobaltstrike Mcp Server?: Cobaltstrike Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Cobaltstrike Mcp Server?: Cobaltstrike Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Cobaltstrike Mcp Server actively maintained?: Cobaltstrike Mcp Server is less actively maintained — last commit was 162 days ago. It has 24 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Cobaltstrike Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?