mitre-attack-mcp

概述

mitre-attack-mcp服务器通过一套完善的API工具集提供对MITRE ATT&CK知识库的全面访问。它提供查询恶意软件、威胁行为者和技术的功能，以及用于比较不同实体所用技术的工具。服务器能够自动生成ATT&CK Navigator可视化图层，这对威胁分析和可视化敌对战术特别有用。

试试问 AI

装完之后，这里有 5 个你可以让 AI 做的事：

• query_attack_data

  Query detailed information about MITRE ATT&CK tactics, techniques, or malware

  试试:Tell me about the technique T1059.001试试:What malware is associated with APT29?试试:Describe the 'Initial Access' tactics
• get_threat_actor_info

  Retrieve information about specific threat actors in the MITRE ATT&CK database

  试试:Show me information about Lazarus Group试试:What techniques does APT28 commonly use?试试:List all known threat actors
• analyze_technique_overlap

  Compare techniques used by different threat actors or malware families

  试试:Which techniques do both APT29 and APT28 have in common?试试:Show me overlapping techniques between Conficker and WannaCry试试:Compare the technique sets of two different threat actors
• generate_attack_navigator_layer

  Create an ATT&CK Navigator layer visualization for threat actors or malware

  试试:Generate a Navigator layer for APT29's techniques试试:Create a layer showing all techniques used by Conti ransomware试试:Build a visualization of MITRE ATT&CK techniques for threat actor analysis
• get_malware_info

  Retrieve detailed information about specific malware in the MITRE ATT&CK database

  试试:Tell me about WannaCry malware试试:What techniques are associated with Emotet?试试:Show all malware families in the database
• find_campaign_overlaps

  Identify campaign overlaps between different threat actors or malware families

  试试:Show me campaign overlaps between APT29 and APT28试试:Identify common campaigns between different ransomware gangs试试:Find overlapping attack campaigns involving both state-sponsored and criminal threat actors
• get_technique_details

  Get comprehensive details about a specific MITRE ATT&CK technique

  试试:Give me details about technique T1059试试:Show all sub-techniques for T1190试试:Describe the permissions required for technique T1059.001
• get_tactics_info

  Retrieve information about MITRE ATT&CK tactics

  试试:List all MITRE ATT&CK tactics试试:Show techniques related to the 'Defense Evasion' tactic试试:What tactics are commonly used by ransomware?
• map_techniques_to_threat_actors

  Map which threat actors use specific techniques in the MITRE ATT&CK database

  试试:Which threat actors use technique T1059?试试:Show me all actors that employ lateral movement techniques试试:List threat actors associated with credential access techniques
• get_malware_techniques

  Get techniques associated with specific malware families

  试试:What techniques does NotPetya use?试试:Show all techniques associated with TrickBot malware试试:List common techniques used by ransomware families
• search_attack_database

  Search the MITRE ATT&CK database for relevant entries using keywords

  试试:Search for techniques related to 'password spraying'试试:Find entries about 'living off the land' techniques试试:Search for MITRE ATT&CK entries about supply chain attacks
• get_attack_matrix

  Retrieve the complete MITRE ATT&CK matrix structure

  试试:Show me the full ATT&CK matrix试试:What techniques are in the 'Execution' tactic?试试:List all techniques in the MITRE ATT&CK enterprise matrix

说明：Tool names inferred from the README's description of features and use cases. The README mentions '50+ Tools for MITRE ATT&CK Querying' but doesn't provide explicit tool names or signatures, only describing functionality. Tools were created

可对比工具

安装

pipx install git+https://github.com/stoyky/mitre-attack-mcp

{
  "mcpServers": {
    "mitre-attack": {
      "command": "mitre-attack-mcp",
      "args": []
    }
  }
}

FAQ

服务器默认将MITRE数据存储在哪里？

默认情况下，MCP服务器将MITRE相关数据存储在当前用户的默认缓存目录中。您可以在配置中使用--data-dir参数指定自定义数据目录。

运行此服务器需要什么版本的Python？

README中没有指定Python版本要求，但由于它通过PipX安装并依赖于mitreattack-python，Python 3.7或更高版本应该兼容。

mitre-attack-mcp 对比