mythic_mcp
by: xpn
A simple POC to expose Mythic as a MCP server
📌Overview
Purpose: The Mythic MCP framework enables the deployment of LLMs (Large Language Models) to perform automated penetration testing on behalf of users.
Overview: The Mythic MCP is designed to facilitate quick and efficient penetration testing by utilizing advanced language models. It allows users to configure their environment with Claude Desktop and automate testing scenarios against predefined objectives, simulating specific threat actors.
Key Features:
-
Automated Pentesting: Allows LLMs to conduct penetration tests automatically, minimizing manual effort while maximizing efficiency. This feature supports real-world threat actor emulations, enabling users to evaluate their systems against specific attack vectors.
-
Customizable Configuration: Users can easily set up the MCP Server by modifying the
claude_desktop_config.jsonfile to fit their requirements. This ensures that the setup process is flexible and straightforward, allowing for tailored deployments.
Mythic MCP
A quick MCP demo for Mythic, allowing LLMs to pentest on our behalf!
Requirements
- uv
- python3
- Claude Desktop (or other MCP Client)
Usage with Claude Desktop
To deploy this MCP Server with Claude Desktop, edit your claude_desktop_config.json to add the following:
{
"mcpServers": {
"mythic_mcp": {
"command": "/Users/xpn/.local/bin/uv",
"args": [
"--directory",
"/full/path/to/mythic_mcp/",
"run",
"main.py",
"mythic_admin",
"mythic_admin_password",
"localhost",
"7443"
]
}
}
}
Once done, start Claude Desktop. Sample prompts demonstrate how to task the LLM, for example:
You are an automated pentester, tasked with emulating a specific threat actor. The threat actor is APT31. Your objective is: Add a flag to C:\win.txt on DC01. Perform any required steps to meet the objective, using only techniques documented by the threat actor.