MCP Server, specs and documentation

Author: cdelafuente-r7

Gemfile

@@ -53,5 +53,7 @@ group :test do
   gem 'allure-rspec'
   # Manipulate Time.now in specs
   gem 'timecop'
+  # stub and set expectations on HTTP requests
+  gem 'webmock', '~> 3.18'
 end
 

Gemfile.lock

@@ -42,6 +42,7 @@ PATH
       jsobfu
       json
       lru_redux
+      mcp (= 0.13.0)
       metasm
       metasploit-concern
       metasploit-credential (>= 6.0.21)
@@ -223,6 +224,9 @@ GEM
     concurrent-ruby (1.3.5)
     connection_pool (2.5.4)
     cookiejar (0.3.4)
+    crack (1.0.1)
+      bigdecimal
+      rexml
     crass (1.0.6)
     csv (3.3.2)
     daemons (1.4.1)
@@ -281,6 +285,7 @@ GEM
     gyoku (1.4.0)
       builder (>= 2.1.2)
       rexml (~> 3.0)
+    hashdiff (1.2.1)
     hashery (2.1.2)
     hrr_rb_ssh (0.4.2)
     hrr_rb_ssh-ed25519 (0.4.2)
@@ -304,6 +309,9 @@ GEM
     jsobfu (0.4.2)
       rkelly-remix
     json (2.15.1)
+    json-schema (6.2.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
     language_server-protocol (3.17.0.5)
     license_finder (5.11.1)
       bundler
@@ -322,6 +330,8 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     lru_redux (1.1.0)
+    mcp (0.13.0)
+      json-schema (>= 4.1)
     memory_profiler (1.1.0)
     metasm (1.0.5)
     metasploit-concern (5.0.5)
@@ -649,6 +659,10 @@ GEM
     useragent (0.16.11)
     warden (1.2.9)
       rack (>= 2.0.9)
+    webmock (3.26.2)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.9.1)
     websocket-driver (0.7.7)
       base64
@@ -699,6 +713,7 @@ DEPENDENCIES
   simplecov (= 0.18.2)
   test-prof
   timecop
+  webmock (~> 3.18)
   yard
 
 BUNDLED WITH

config/mcp_config.yaml.example

@@ -0,0 +1,32 @@
+# Metasploit RPC API connection (MessagePack)
+msf_api:
+  type: messagepack
+  host: localhost
+  port: 55553
+  ssl: true
+  endpoint: /api/
+  user: msfuser
+  password: CHANGEME
+  auto_start_rpc: true  # Automatically start the RPC server if not running (default: true)
+
+# MCP server configuration
+mcp:
+  transport: stdio  # stdio (default) or http
+  # MCP server network configuration (for HTTP transport only)
+  host: localhost  # Host to bind to (default: localhost)
+  port: 3000       # Port to listen on (default: 3000)
+
+# Rate limiting (optional - defaults shown)
+rate_limit:
+  enabled: true
+  requests_per_minute: 60
+  # If the `burst_size` is greater than `requests_per_minute`, a user will be allowed to exceed the rate limit temporarily.
+  # For example, with `requests_per_minute=5` and `burst_size=10`, a user could make 10 requests in a short period,
+  # but then would be limited to 5 requests per minute thereafter.
+  burst_size: 10
+
+# Logging (optional - defaults shown)
+logging:
+  enabled: false
+  level: INFO  # DEBUG, INFO, WARN, ERROR, FATAL
+  log_file: msfmcp.log

config/mcp_config_jsonrpc.yaml.example

@@ -0,0 +1,31 @@
+# Metasploit RPC API connection (JSON-RPC)
+msf_api:
+  type: json-rpc
+  host: localhost
+  port: 8081
+  ssl: true
+  endpoint: /api/v1/json-rpc
+  token: YOUR_BEARER_TOKEN_HERE
+  # auto_start_rpc is not supported for JSON-RPC (only MessagePack)
+
+# MCP server configuration
+mcp:
+  transport: stdio  # stdio (default) or http
+  # MCP server network configuration (for HTTP transport only)
+  host: localhost  # Host to bind to (default: localhost)
+  port: 3000       # Port to listen on (default: 3000)
+
+# Rate limiting (optional - defaults shown)
+rate_limit:
+  enabled: true
+  requests_per_minute: 60
+  # If the `burst_size` is greater than `requests_per_minute`, a user will be allowed to exceed the rate limit temporarily.
+  # For example, with `requests_per_minute=5` and `burst_size=10`, a user could make 10 requests in a short period,
+  # but then would be limited to 5 requests per minute thereafter.
+  burst_size: 10
+
+# Logging (optional - defaults shown)
+logging:
+  enabled: false
+  level: INFO  # DEBUG, INFO, WARN, ERROR, FATAL
+  log_file: msfmcp.log