An MCP (Model Context Protocol) server that exposes Microsoft's PyRIT AI red-teaming framework as a set of structured, discoverable tools for MCP-compatible agents (Claude Code, Antigravity, etc.).
This server is an execution layer only. It does not contain pentesting methodology, does not decide which attack to run, and does not hardcode attack sequences. The calling agent is responsible for all planning and decision-making; this server just executes what it's told, against authorized targets, and returns structured results.
uv sync
uv run python server.pyThis starts the server on stdio, ready to be attached to an MCP client. See docs/examples.md for Claude Code / Antigravity client configuration.
- Engagements: independent, stateful red-team sessions (
create_engagement,list_engagements,get_engagement,close_engagement). - Targets: configure any REST/JSON chat endpoint as an attack target (
configure_target,get_target,validate_target). - Attacks: run/continue/cancel any of PyRIT's attack strategies against a target
(
list_attack_strategies,run_attack,continue_attack,cancel_attack). - Scoring: score any response with a PyRIT scorer (
score_response,get_scores). - Reports: generate JSON/Markdown/HTML reports from engagement findings, scores, and timeline
(
generate_report,list_reports,export_report). - Discovery: introspect what's available (
get_server_info,get_pyrit_version,list_capabilities). - Findings: record and list findings on an engagement (
add_finding,list_findings).
See docs/tool_reference.md for the full tool reference.
- Python 3.12+
- uv (or Poetry)
uv run pytestThis server is designed for authorized AI security assessments only. It stores no API keys in reports, redacts auth tokens/headers in every serialized view, and never logs secret values. It sends real HTTP requests to whatever endpoint you configure as a target -- only point it at systems you are authorized to test.
Contributions are welcome. See CONTRIBUTING.md.