Mythic MCP Server¶
AI-powered red team operations — give your AI assistant full control of the Mythic C2 Framework.
What is this?¶
Mythic MCP Server is a Model Context Protocol server that wraps every operation in the Mythic C2 Framework as a structured MCP tool, so AI assistants like Claude, ChatGPT, or any MCP-compatible client can:
Authenticate with Mythic instances
Build and deploy payloads (Xenon, Poseidon, Forge, …)
Manage callbacks — issue tasks, read output, pivot
Upload / download files, screenshots, keylogs
Map MITRE ATT&CK techniques to every action
Query operations — hosts, credentials, artifacts, processes
All through natural language — the AI translates intent into the right tool calls automatically.
Architecture¶
flowchart LR
A["AI Assistant<br/>(Claude, etc.)"] -->|MCP Protocol| B["Mythic MCP Server"]
B -->|Go SDK| C["Mythic C2 Framework"]
C --> D["Agents<br/>Xenon · Poseidon · Forge"]
C --> E["C2 Profiles<br/>httpx · tcp · http"]
C --> F["Data<br/>Callbacks · Tasks · Files"]
style A fill:#7c3aed,color:#fff,stroke:none
style B fill:#4f46e5,color:#fff,stroke:none
style C fill:#f59e0b,color:#000,stroke:none
style D fill:#10b981,color:#fff,stroke:none
style E fill:#10b981,color:#fff,stroke:none
style F fill:#10b981,color:#fff,stroke:noneThe server is a thin, type-safe translation layer between the MCP wire protocol and the Mythic Go SDK. Every tool validates inputs against a JSON Schema, calls the SDK, and returns structured results the AI can reason about.
Tool Categories at a Glance¶
| Category | Tools | Description |
|---|---|---|
| Authentication | 7 | Login, logout, API tokens, session management |
| Operations | 11 | Campaign management, event logs, global settings |
| Operators | 12 | User accounts, preferences, invite links |
| Callbacks | 11 | Active agent sessions, P2P edges, tokens |
| Tasks & Responses | 18 | Issue commands, read output, OPSEC bypass |
| Payloads | 12 | Build, download, manage agent binaries |
| Payload Discovery | 3 | Build params, C2 params, command lists |
| C2 Profiles | 10 | Profile lifecycle, IOCs, sample messages |
| Commands | 3 | Command schema and parameter introspection |
| Files | 8 | Upload, download, preview, bulk export |
| Credentials & Artifacts | 14 | Credential store and IOC / forensic evidence tracking |
| MITRE ATT&CK | 6 | Technique lookup, task/command/operation mapping |
| Hosts | 5 | Host inventory, network topology |
| Processes | 5 | Process enumeration and tree views |
| Screenshots | 6 | Capture, timeline, thumbnail, download |
| Keylogs | 3 | Keylogger data retrieval |
| Tags | 10 | Tagging system for any Mythic object |
| Documentation | 2 | Browse agent/C2 docs from within the AI |
Quick Start¶
# Build
go build -o mythic-mcp ./cmd/mythic-mcp
# Run (stdio mode for Claude Desktop)
MYTHIC_URL=https://mythic:7443 \
MYTHIC_API_TOKEN=your-token \
./mythic-mcp
# Run (HTTP/SSE mode for remote clients)
MCP_TRANSPORT=http MCP_HTTP_PORT=3333 \
MYTHIC_URL=https://mythic:7443 \
MYTHIC_API_TOKEN=your-token \
./mythic-mcp
See the Getting Started guide for full instructions.
Built with 
for the red team community · Model Context Protocol · Mythic C2