RedTeam

RedTeam-MCP is an AI-driven red team automation framework that consolidates 16+ offensive security tools behind the MCP (Model Context Protocol) interface. Once deployed, an MCP-compatible LLM can autonomously plan, discover assets, fingerprint targets, and execute a sequence of security tools to assess a network or host. The server exposes tools for asset discovery, web reconnaissance, vulnerability verification, Active Directory attacks, lateral movement, and automated reporting, all through standardized MCP Tool calls. Typical usage is to connect an MCP client (e.g., Claude Desktop, Cursor IDE, or VS Code MCP integration) to the RedTeam server and issue high-level reconnaissance or attack commands; the server will orchestrate the underlying tools and return structured results that the AI can reason about and summarize.

Key capabilities include autonomous asset discovery and fingerprinting, web application detection and technology profiling, template-based vulnerability checks, Active Directory attack vectors (Kerberoasting, AS-REP Roasting, DCSync, delegation), lateral movement techniques (Pass-the-Hash, WMI execution, SMB relays), and automated reporting that consolidates findings into an attack-chain narrative. The integration is designed to be zero-config for the tools themselves, with built-in timeout control and non-interactive execution to keep AI prompts flowing without prompts for credentials. Users can trigger targeted scans (e.g., scan a subnet for live hosts or enumerate open ports and services) and then request AI-generated attack chains and recommendations based on the results.

Prerequisites:

• Python 3.10+ installed on Windows or Linux
• Git installed
• Internet access to download tools and dependencies

Step 1: Clone the repository

git clone https://github.com/ktol1/RedTeam-MCP.git
cd RedTeam-MCP/redteam-server

Step 2: Set up a Python virtual environment

• Windows

python -m venv venv
venv\Scripts\activate.bat

• Linux

python3 -m venv venv
source venv/bin/activate

Step 3: Install dependencies and download tools

pip install -r requirements.txt
python3 install_tools_linux.py  # or python install_tools.py on Windows

Step 4: Ensure binaries are executable (Linux)

chmod +x ../redteam-tools/*

Step 5: Add tools to PATH (optional, Linux)

echo 'export PATH="$HOME/RedTeam-MCP/redteam-tools:$PATH"' >> ~/.bashrc
source ~/.bashrc

Step 6: Run the MCP server (example wiring for MCP clients)

• Ensure you are in the virtual environment

# Start the server in a way the MCP client expects (example placeholder)
python path/to/redteam-server/server.py

Step 7: Connect via an MCP client

• VS Code / Cline / Roo Code example (as shown in the README):

{
  "mcpServers": {
    "RedTeam": {
      "command": "path/to/venv/Scripts/python.exe",
      "args": ["path/to/redteam-server/server.py"]
    }
  }
}

• Claude Desktop / Cursor IDE examples are provided in the README; adjust paths to your environment accordingly.

Notes:

• Run inside the Python virtual environment to avoid module-not-found errors.
• The server exposes tools via MCP; no separate driver installation is required beyond the initial tool download step.

Tips and common issues:

• Prerequisites must be met before starting (Python 3.10+, dependencies, tool downloads).
• If you encounter ModuleNotFoundError: No module named 'mcp', ensure your venv is activated and dependencies are installed inside that environment.
• For Windows, use the Scripts/python.exe path in the MCP server configuration; for Linux, use bin/python3 as appropriate.
• The MCP Inspector URL (returned after starting) includes a token; store it securely as it authenticates MCP clients.
• When integrating with AI clients, begin with simple discovery queries (e.g., scan a subnet) and progressively request more complex workflows (fingerprinting, exploit templates, and reporting).
• Ensure network access to target subnets and that tool binaries have the correct executable permissions.
• The README notes 15+ integrated tools; you’ll typically see assets discovery, web reconnaissance, vulnerability scanning, AD attack tooling, lateral movement tooling, and reporting utilities available through MCP Tool calls.