operantlabs/operant-mcp
by Various
Turn your AI agent into a hacker by plugging in this MCP
MCP
operantlabs/operant-mcp
Added 1 June 2026
Overview
Operant MCP connects AI agents to a penetration testing framework (Metasploit) via the Model Context Protocol. It allows agents to execute reconnaissance and exploitation commands through a standardized interface.
Best for
Best for
Security researchers and red teams building autonomous penetration testing pipelines
Use cases
- Automate network scanning and vulnerability assessment
- Execute Metasploit modules for targeted exploitation
- Integrate penetration testing workflows into agentic pipelines
How to use
Install
npx operant-mcp Tools exposed
sqli_where_bypasssqli_login_bypasssqli_union_extractsqli_blind_booleansqli_blind_timesqli_file_readxss_reflected_testxss_payload_generatecmdi_testcmdi_blind_detectpath_traversal_testssrf_testssrf_cloud_metadatapcap_overviewpcap_extract_credentialspcap_dns_analysispcap_http_objectspcap_detect_scanpcap_follow_streampcap_tls_analysis
Tested with
Claude Code, Cursor, VS Code
Example client config
{\n "mcpServers": {\n "operant": {\n "command": "npx",\n "args": ["-y", "operant-mcp"]\n }\n }\n} Notes
Operant MCP connects AI agents to a penetration testing framework (Metasploit) via the Model Context Protocol. It allows agents to execute reconnaissance and exploitation commands through a standardized interface.
8 stars on GitHub. Last updated 2026-04-01. Licensed MIT.
Use cases
- Automate network scanning and vulnerability assessment
- Execute Metasploit modules for targeted exploitation
- Integrate penetration testing workflows into agentic pipelines
Pros
- Directly bridges AI agents with industry-standard hacking tools
- Written in TypeScript for type safety and easy integration
- Small, focused codebase with minimal dependencies
Cons
- Relies on Metasploit being installed and correctly configured on the host
- Limited to Metasploit capabilities without additional plugins
- Requires careful permission management to avoid unintended damage
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Directly bridges AI agents with industry-standard hacking tools
- Written in TypeScript for type safety and easy integration
- Small, focused codebase with minimal dependencies
Cons
- Relies on Metasploit being installed and correctly configured on the host
- Limited to Metasploit capabilities without additional plugins
- Requires careful permission management to avoid unintended damage
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.