Automated Adversary Emulation
An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built for IaC stability, consistency, and speed.
What is Automated Adversary Emulation?
Automated Adversary Emulation is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to automated adversary emulation lab with terraform and mcp server. build caldera techniques and operations assisted with llms. built for iac stability, consistency, and speed.
An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built for IaC stability, consistency, and speed.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- An automated Adversary Emulation lab with terraform and MCP
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx automatedemulationConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Automated Adversary Emulation
AutomatedEmulation is an Infrastructure-as-Code lab for building and running automated adversary emulation exercises, combining Terraform-provisioned AWS infrastructure with MITRE Caldera 5.3 and its MCP server plugin. The Caldera MCP server acts as an API wrapper that gives LLMs context for building new attack techniques, operation planners, and CTI pipelines with RAG integration — all within a self-contained lab environment. Security teams and red teams use it to design and execute realistic attack simulations against Windows Server 2022 targets, track results in VECTR, and monitor LLM inference calls through an integrated MLflow server, enabling reproducible, LLM-assisted adversary emulation at IaC speed.
Prerequisites
- Terraform installed (for provisioning the AWS lab infrastructure)
- AWS account with programmatic access: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
- Sufficient AWS permissions to create EC2 instances, security groups, and VPCs
- An MCP-compatible client such as Claude Desktop for interacting with the Caldera MCP server
- Git to clone the repository
Clone the repository
Clone the AutomatedEmulation repository to your local machine.
git clone https://github.com/iknowjason/AutomatedEmulation
cd AutomatedEmulationSet AWS credentials
Export your AWS credentials. The Terraform configuration will use these to provision EC2 instances, security groups, and VPC resources in your AWS account.
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_keyInitialize and apply Terraform
Initialize the Terraform providers and apply the configuration to provision the lab. This creates the Linux Caldera server and Windows client EC2 instances automatically.
terraform init
terraform apply -auto-approveRetrieve lab access credentials
After Terraform finishes, retrieve the IP addresses and credentials for your lab instances.
terraform outputAccess the Caldera and VECTR consoles
Log in to the Caldera interface at the URL shown in terraform output. The Caldera MCP server plugin and MLflow monitoring server start automatically.
# Caldera console: https://[ec2-address]:8443
# VECTR console: https://[ec2-address]:8081
# MLflow server: http://[ec2-address]:5000Configure your MCP client to connect to Caldera
Add the Caldera MCP server connection to your claude_desktop_config.json. The Caldera MCP plugin exposes API-wrapped tools for building abilities, operations, and CTI queries.
{
"mcpServers": {
"caldera": {
"command": "npx",
"args": ["automatedemulation"],
"env": {
"CALDERA_URL": "https://your-ec2-address:8443",
"CALDERA_API_KEY": "your_caldera_api_key"
}
}
}
}Automated Adversary Emulation Examples
Client configuration
Configure your MCP client to connect to the Caldera MCP server running on your provisioned EC2 instance. Retrieve the API key from terraform output.
{
"mcpServers": {
"caldera": {
"command": "npx",
"args": ["automatedemulation"],
"env": {
"CALDERA_URL": "https://your-ec2-ip:8443",
"CALDERA_API_KEY": "your_caldera_api_key"
}
}
}
}Prompts to try
These prompts leverage the Caldera MCP server to build attack techniques, design operations, and query threat intelligence within the emulation lab.
- "List all available Caldera abilities and their ATT&CK technique mappings"
- "Create a new Caldera ability that performs credential dumping using Mimikatz on the Windows agent"
- "Build an operation that executes a phishing simulation followed by lateral movement to the Windows target"
- "Show me the results of the last adversary emulation operation in VECTR format"
- "Query the CTI knowledge base for techniques associated with APT29"Troubleshooting Automated Adversary Emulation
Terraform apply fails with AWS permission errors
Ensure your IAM user or role has permissions to create EC2 instances, VPCs, security groups, and related networking resources. A policy with EC2FullAccess and VPCFullAccess is the minimum requirement. Check that your AWS credentials are correctly exported and that you are targeting the right AWS region.
Caldera console is not accessible after terraform apply
Wait 3-5 minutes after terraform apply completes — Caldera and its plugins take time to install and start on the EC2 instance. Verify the EC2 instance is running in the AWS console. Check that your local IP is permitted in the security group rules, which are configured in bas.tf.
Lab costs money even when not in use
Run terraform destroy -auto-approve when you are finished with the lab. The EC2 instances will continue to incur costs while running. The lab is designed to be ephemeral — provision it when needed and destroy it when done to minimize AWS charges.
Frequently Asked Questions about Automated Adversary Emulation
What is Automated Adversary Emulation?
Automated Adversary Emulation is a Model Context Protocol (MCP) server that automated adversary emulation lab with terraform and mcp server. build caldera techniques and operations assisted with llms. built for iac stability, consistency, and speed. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Automated Adversary Emulation?
Follow the installation instructions on the Automated Adversary Emulation GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Automated Adversary Emulation?
Automated Adversary Emulation works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Automated Adversary Emulation free to use?
Yes, Automated Adversary Emulation is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Automated Adversary Emulation Alternatives — Similar Security Servers
Looking for alternatives to Automated Adversary Emulation? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Automated Adversary Emulation in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Automated Adversary Emulation?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.