Metadata-Version: 2.4
Name: iflow-mcp_stoyky-mitre-attack-mcp
Version: 1.0.2
Summary: A Model-Context Protocol server for the MITRE ATT&CK knowledge base
Author: stoyky
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: annotated-types==0.7.0
Requires-Dist: antlr4-python3-runtime==4.9.3
Requires-Dist: anyio==4.9.0
Requires-Dist: arrow==1.3.0
Requires-Dist: attrs==25.3.0
Requires-Dist: black==25.1.0
Requires-Dist: certifi==2025.1.31
Requires-Dist: charset-normalizer==3.4.1
Requires-Dist: check-wheel-contents==0.6.1
Requires-Dist: click==8.1.8
Requires-Dist: colorama==0.4.6
Requires-Dist: colour==0.1.5
Requires-Dist: coverage==7.8.0
Requires-Dist: cpe==1.3.1
Requires-Dist: cybox==2.1.0.21
Requires-Dist: deepdiff==8.4.2
Requires-Dist: drawsvg==2.3.0
Requires-Dist: et_xmlfile==2.0.0
Requires-Dist: exceptiongroup==1.2.2
Requires-Dist: flake8==7.2.0
Requires-Dist: flake8-docstrings==1.7.0
Requires-Dist: fqdn==1.5.1
Requires-Dist: h11==0.14.0
Requires-Dist: httpcore==1.0.7
Requires-Dist: httpx==0.28.1
Requires-Dist: httpx-sse==0.4.0
Requires-Dist: idna==3.10
Requires-Dist: iniconfig==2.1.0
Requires-Dist: isoduration==20.11.0
Requires-Dist: isort==6.0.1
Requires-Dist: jsonpointer==3.0.0
Requires-Dist: jsonschema==4.23.0
Requires-Dist: jsonschema-specifications==2024.10.1
Requires-Dist: loguru==0.7.3
Requires-Dist: lxml==5.3.1
Requires-Dist: maec==4.1.0.17
Requires-Dist: Markdown==3.7
Requires-Dist: markdown-it-py==3.0.0
Requires-Dist: mccabe==0.7.0
Requires-Dist: mcp==1.6.0
Requires-Dist: mdurl==0.1.2
Requires-Dist: mitreattack-python==5.0.0
Requires-Dist: mixbox==1.0.5
Requires-Dist: mypy-extensions==1.0.0
Requires-Dist: netaddr==1.3.0
Requires-Dist: numpy==2.2.4
Requires-Dist: openpyxl==3.1.5
Requires-Dist: ordered-set==4.1.0
Requires-Dist: orderly-set==5.3.0
Requires-Dist: packaging==24.2
Requires-Dist: pandas==2.2.3
Requires-Dist: pathspec==0.12.1
Requires-Dist: pillow==11.1.0
Requires-Dist: platformdirs==4.3.7
Requires-Dist: pluggy==1.5.0
Requires-Dist: pluralizer==1.2.0
Requires-Dist: pooch==1.8.2
Requires-Dist: pycodestyle==2.13.0
Requires-Dist: pycountry==24.6.1
Requires-Dist: pydantic==2.11.1
Requires-Dist: pydantic-settings==2.8.1
Requires-Dist: pydantic_core==2.33.0
Requires-Dist: pydocstyle==6.3.0
Requires-Dist: pyflakes==3.3.1
Requires-Dist: Pygments==2.19.1
Requires-Dist: pyinstrument==5.0.1
Requires-Dist: pytest==8.3.5
Requires-Dist: pytest-cov==6.0.0
Requires-Dist: pytest-dotenv==0.5.2
Requires-Dist: python-dateutil==2.9.0.post0
Requires-Dist: python-dotenv==1.1.0
Requires-Dist: pytz==2025.2
Requires-Dist: referencing==0.36.2
Requires-Dist: requests==2.32.3
Requires-Dist: rfc3339-validator==0.1.4
Requires-Dist: rfc3986-validator==0.1.1
Requires-Dist: rich==14.0.0
Requires-Dist: rpds-py==0.24.0
Requires-Dist: ruff==0.11.2
Requires-Dist: setuptools==80.1.0
Requires-Dist: shellingham==1.5.4
Requires-Dist: simplejson==3.20.1
Requires-Dist: six==1.17.0
Requires-Dist: sniffio==1.3.1
Requires-Dist: snowballstemmer==2.2.0
Requires-Dist: sse-starlette==2.2.1
Requires-Dist: starlette==0.46.1
Requires-Dist: stix==1.2.0.11
Requires-Dist: stix2==3.0.1
Requires-Dist: stix2-elevator==4.1.7
Requires-Dist: stix2-patterns==2.0.0
Requires-Dist: stix2-validator==3.2.0
Requires-Dist: stixmarx==1.0.8
Requires-Dist: tabulate==0.9.0
Requires-Dist: taxii2-client==2.3.0
Requires-Dist: tomli==2.2.1
Requires-Dist: tqdm==4.67.1
Requires-Dist: typer==0.15.2
Requires-Dist: types-python-dateutil==2.9.0.20241206
Requires-Dist: typing-inspection==0.4.0
Requires-Dist: typing_extensions==4.13.0
Requires-Dist: tzdata==2025.2
Requires-Dist: uri-template==1.3.0
Requires-Dist: urllib3==2.3.0
Requires-Dist: uvicorn==0.34.0
Requires-Dist: weakrefmethod==1.0.3
Requires-Dist: webcolors==24.11.1
Requires-Dist: wheel-filename==1.4.2
Requires-Dist: win32_setctime==1.2.0
Requires-Dist: XlsxWriter==3.2.2

<h1 align="center">
  <br>
  MITRE ATT&CK MCP Server
  <br>
</h1>

<h4 align="center">A Model-Context Protocol server for the MITRE ATT&CK knowledge base</h4>

<p align="center">
  <a href="#key-features">Key Features</a> •
  <a href="#installation">Installation</a> •
  <a href="#how-to-use">How To Use</a> •
  <a href="#use-cases">Use Cases</a> •
  <a href="#credits">Credits</a>
</p>

## Key Features

* 50+ Tools for MITRE ATT&CK Querying
  * Comprehensive access to the MITRE ATT&CK knowledge base through structured API tools
* Automatic ATT&CK Navigator Layer Generation
  * Generate visual representations of techniques used by threat actors
* Threat Actor and Malware Attribution
  * Query relationships between malware, threat actors, and techniques
* Technique Overlap Analysis
  * Compare techniques used by different threat actors or malware families

## Installation

To clone and run this server, you'll need [Git](https://git-scm.com), [Python](https://www.python.org/), and [PipX](https://github.com/pypa/pipx) installed on your computer.

1. Ensure Git, Python, and PipX have been installed using their official respective installation instructions for Windows/Mac/Linux
2. Install the MCP Server using PipX
   
```bash
pipx install git+https://github.com/stoyky/mitre-attack-mcp
```

## How To Use

### Configure with Claude AI Desktop

1. Open Claude's MCP server configuration file.

#### Windows

```
C:\Users\[YourUsername]\AppData\Roaming\Claude\claude_desktop_config.json
# or
C:\Users\[YourUsername]\AppData\Local\AnthropicClaude\claude_desktop_config.json
```

#### Linux / Mac

```bash
~/.config/Claude/claude_desktop_config.json
```

2. Add the following to that file if it doesn't already exist. If it already exists, merge the two JSON structures accordingly.

```json
{
  "mcpServers": {
    "mitre-attack": {
      "command": "mitre-attack-mcp",
      "args": [
      ]
    }
  }
}
```

**Note**: By default the MCP server stores the mitre-related data in the current users default cache directory. You can specify a custom data directory to use with the following config:

```json
{
  "mcpServers": {
    "mitre-attack": {
      "command": "mitre-attack-mcp",
      "args": [
        "--data-dir",
        "<path-to-data-dir>"
      ]
    }
  }
}
```

## Changelog

* v1.0.2 - Now installable via PipX on Windows, Mac, and Linux. "data directory" argument is now optional and will use the default cache directory if omitted.
* v1.0.0 - Initial release
* V1.0.1 - Improved robustness of layer metadata generation and error handling in layer generation function

## Use Cases

* Query for detailed information about specific malware, tactics, or techniques
* Discover relationships between threat actors and their tools
* Generate visual ATT&CK Navigator layers for threat analysis
* Find campaign overlaps between different threat actors
* Identify common techniques used by multiple malware families

Please see my [blog](https://www.remyjaspers.com/blog/mitre_attack_mcp_server/) for more information and examples.

## Credits

* [MITRE ATT&CK](https://attack.mitre.org/) - Knowledge base of adversary tactics and techniques
* [MITRE ATT&CK Python](https://github.com/mitre-attack/mitreattack-python) - Python library to interact with the knowledge base
* [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigator) - Tool for visualizing ATT&CK matrices
* [Anthropic](https://www.anthropic.com/) - Developers of the Model-Context Protocol

---

> Created by [Remy Jaspers](https://github.com/stoyky)
