Enterprise DNA
M MCP Servers Developer low

operantlabs/operant-mcp

by Various

Turn your AI agent into a hacker by plugging in this MCP

O

MCP

operantlabs/operant-mcp

Added 1 June 2026

#cybersecurity #cybersecurity-ai #cybersecurity-tools #offensive-security #pentesting

Overview

Operant MCP connects AI agents to a penetration testing framework (Metasploit) via the Model Context Protocol. It allows agents to execute reconnaissance and exploitation commands through a standardized interface.

Best for

Best for
Security researchers and red teams building autonomous penetration testing pipelines

Use cases

  • Automate network scanning and vulnerability assessment
  • Execute Metasploit modules for targeted exploitation
  • Integrate penetration testing workflows into agentic pipelines

How to use

Install

npx operant-mcp

Tools exposed

  • sqli_where_bypass
  • sqli_login_bypass
  • sqli_union_extract
  • sqli_blind_boolean
  • sqli_blind_time
  • sqli_file_read
  • xss_reflected_test
  • xss_payload_generate
  • cmdi_test
  • cmdi_blind_detect
  • path_traversal_test
  • ssrf_test
  • ssrf_cloud_metadata
  • pcap_overview
  • pcap_extract_credentials
  • pcap_dns_analysis
  • pcap_http_objects
  • pcap_detect_scan
  • pcap_follow_stream
  • pcap_tls_analysis

Tested with

Claude Code, Cursor, VS Code

Example client config

{\n  "mcpServers": {\n    "operant": {\n      "command": "npx",\n      "args": ["-y", "operant-mcp"]\n    }\n  }\n}

Notes

Operant MCP connects AI agents to a penetration testing framework (Metasploit) via the Model Context Protocol. It allows agents to execute reconnaissance and exploitation commands through a standardized interface.

8 stars on GitHub. Last updated 2026-04-01. Licensed MIT.

Use cases

  • Automate network scanning and vulnerability assessment
  • Execute Metasploit modules for targeted exploitation
  • Integrate penetration testing workflows into agentic pipelines

Pros

  • Directly bridges AI agents with industry-standard hacking tools
  • Written in TypeScript for type safety and easy integration
  • Small, focused codebase with minimal dependencies

Cons

  • Relies on Metasploit being installed and correctly configured on the host
  • Limited to Metasploit capabilities without additional plugins
  • Requires careful permission management to avoid unintended damage

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Directly bridges AI agents with industry-standard hacking tools
  • Written in TypeScript for type safety and easy integration
  • Small, focused codebase with minimal dependencies

Cons

  • Relies on Metasploit being installed and correctly configured on the host
  • Limited to Metasploit capabilities without additional plugins
  • Requires careful permission management to avoid unintended damage
Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks