Atomic Red Team MCP
Provides access to Atomic Red Team tests, enabling search, validation, and execution of atomic tests via natural language.
README
Atomic Red Team MCP Server
An MCP (Model Context Protocol) server that provides access to Atomic Red Team tests.
Available Tools and Resources
The server provides the following MCP tools:
query_atomics- Search atomics by technique ID, name, description, or platformrefresh_atomics- Download latest atomics from GitHubvalidate_atomic- Validate atomic test YAMLget_validation_schema- Get the atomic test schemaexecute_atomic- Execute atomic tests (requiresART_EXECUTION_ENABLED=true)
And resources:
file://documents/{technique_id}- Read atomic test files by technique ID
Usage Examples
- "Search mshta atomics for windows"
- "Show me all the atomic tests for T1059.002"
- "Find all the applescript atomics for macOS"
- "Validate this atomic test YAML <yaml-content-here>"
Installation
The Atomic Red Team MCP server can be installed in various development tools and AI assistants. Choose your platform below for detailed installation instructions:
Quick Start
Recommended: Using uvx
uvx atomic-red-team-mcp
Using Docker
docker run --rm -i ghcr.io/cyberbuff/atomic-red-team-mcp:latest
Platform-Specific Guides
- VSCode - Installation guide for VSCode
- Claude Desktop & Claude Code - Installation guide for Anthropic's Claude Desktop app and Claude Code CLI
- Cursor - Installation guide for Cursor IDE
- Windsurf - Installation guide for Windsurf editor
- Google AI Studio / Gemini - Installation guide for Google's AI tools
- Other Tools - Cline, Zed, and generic MCP clients
Installation Methods
Each platform supports multiple installation methods:
- uvx (Recommended) - Easiest setup, automatic updates
- Docker - Isolated environment, consistent across systems
- Remote Server ⚠️ - Hosted on Railway (free tier, may have limits)
Configuration
Environment Variables
Check the .env.example file for a list of environment variables and their default values.
Server Configuration
ART_MCP_TRANSPORT- Transport protocol (stdio, sse, streamable-http)ART_MCP_HOST- Server host address (default: 0.0.0.0)ART_MCP_PORT- Server port number (default: 8000)
Repository Configuration
ART_GITHUB_URL- GitHub URL for atomics repository (default: https://github.com)ART_GITHUB_USER- GitHub user/org (default: redcanaryco)ART_GITHUB_REPO- Repository name (default: atomic-red-team)ART_DATA_DIR- Local directory path where atomic test files are stored (default: ./atomics)
Security Configuration
ART_EXECUTION_ENABLED- Enable theexecute_atomictool (default: false). Set totrue,1, oryesto enable. ⚠️ WARNING: Only enable in controlled environments as this allows executing potentially dangerous security tests.- Enable Authentication if you are hosting a remote MCP server
Authentication Configuration
ART_AUTH_TOKEN- Static bearer token for authentication (optional, authentication disabled if not set)ART_AUTH_CLIENT_ID- Client identifier for authenticated requests (default: authorized-client)
Enabling Atomic Test Execution
By default, the execute_atomic tool is disabled for safety reasons. To enable it:
# Using uvx
ART_EXECUTION_ENABLED=true uvx atomic-red-team-mcp
⚠️ Security Warning: Only enable atomic test execution in controlled, isolated environments (like test VMs or sandboxes). These tests can modify system state, create files, execute commands, and perform actions that may be flagged as malicious by security tools.
Authentication
The server supports static token authentication for securing access to the MCP tools and resources. When enabled, clients must include a bearer token in the Authorization header:
Authorization: Bearer <your-token>
To enable authentication:
-
Set the
ART_AUTH_TOKENenvironment variable:export ART_AUTH_TOKEN="your-secure-token-here" -
Start the server (authentication is automatically enabled)
-
Clients authenticate by including the token in requests:
curl -H "Authorization: Bearer your-secure-token-here" http://localhost:8000
Security Notes:
- Authentication is disabled by default (no token required)
- When
ART_AUTH_TOKENis set, all requests must include a valid bearer token - Use strong, randomly generated tokens in production
- Never commit tokens to version control
- For development/testing, use a simple token. For production, use a cryptographically secure token
Example with Docker:
docker run --rm -i \
-e ART_AUTH_TOKEN="my-secure-token" \
-e ART_AUTH_CLIENT_ID="my-client" \
ghcr.io/cyberbuff/atomic-red-team-mcp:latest
Built With
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.