Viper
Adversary simulation and Red teaming platform with AI
What is Viper?
Viper is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to adversary simulation and red teaming platform with ai
Adversary simulation and Red teaming platform with AI
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Adversary simulation and Red teaming platform with AI
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx viperConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Viper
Viper is an open-source adversary simulation and red team operations platform that integrates a built-in LLM agent to automate post-exploitation workflows across the full MITRE ATT&CK framework. It ships an independent MCP server that surfaces security tools — including nmap and nuclei — so that AI agents can call them via natural language, and it replicates the msfconsole experience with smart CLI prompts, hotkeys, and real-time output. Security engineers and red teamers use Viper to run AI-assisted campaigns with 100+ post-exploitation modules, team collaboration, anti-tracing, and 24/7 automated monitoring.
Prerequisites
- Docker and Docker Compose (recommended deployment method for Viper)
- A Linux host or server — Windows/macOS via Docker is supported but Linux is the primary target
- Network access to target systems for penetration testing (only use in authorized environments)
- An MCP-compatible AI client (Claude Desktop, Claude Code) to leverage the MCP server
- API key for an LLM provider if you want the built-in LLM agent capabilities
Pull and start Viper with Docker
Viper is distributed as a Docker image. Pull the latest image and start the container, exposing the web dashboard port. Check the releases page for the latest version tag.
docker pull registry.cn-shenzhen.aliyuncs.com/toys2/viper:latest
docker run --rm -it \
-p 60000:60000 \
registry.cn-shenzhen.aliyuncs.com/toys2/viper:latestAccess the Viper web dashboard
Open the Viper dashboard in your browser. The default port is 60000. Set a strong password on first login before using the platform in any real engagement.
# Open: http://localhost:60000Connect the built-in MCP server
Viper runs an independent MCP server that exposes security tools like nmap and nuclei for natural-language invocation by AI agents. Configure your MCP client to connect to it.
{
"mcpServers": {
"viper": {
"command": "npx",
"args": ["viper"],
"env": {
"VIPER_HOST": "http://localhost:60000"
}
}
}
}Configure the LLM agent
In the Viper dashboard, navigate to the AI Agent settings and enter your LLM provider API key. The agent can then automate reconnaissance, module selection, and post-exploitation steps based on natural language instructions.
Load a post-exploitation module
From the dashboard or the CLI (which replicates msfconsole), browse and load any of the 100+ MITRE ATT&CK-aligned modules. The CLI supports smart prompts and real-time output for interactive sessions.
Viper Examples
Client configuration
claude_desktop_config.json snippet to connect an AI client to the Viper MCP server.
{
"mcpServers": {
"viper": {
"command": "npx",
"args": ["viper"],
"env": {
"VIPER_HOST": "http://localhost:60000"
}
}
}
}Prompts to try
Sample prompts once Viper's MCP server is connected to your AI client.
- "Run an nmap scan on 192.168.1.0/24 and summarize open ports."
- "Use nuclei to scan the target for known CVEs and report critical findings."
- "Select the appropriate post-exploitation module for lateral movement on a Windows target."
- "Summarize the MITRE ATT&CK techniques covered by the modules currently loaded."Troubleshooting Viper
Docker container exits immediately after launch
Run with `docker logs <container-id>` to inspect the error. Ensure port 60000 is not already bound on your host. Try mapping to a different host port: -p 60001:60000.
MCP security tools (nmap, nuclei) not responding
Verify the Viper container is running and reachable at the configured VIPER_HOST address. The MCP server runs inside the container, so the host URL must point to the exposed Docker port. Check firewall rules if running on a remote server.
LLM agent does not take automated actions
Confirm the API key for your LLM provider is correctly entered in the AI Agent settings inside the dashboard. Check the Viper logs for authentication errors from the LLM provider endpoint.
Frequently Asked Questions about Viper
What is Viper?
Viper is a Model Context Protocol (MCP) server that adversary simulation and red teaming platform with ai It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Viper?
Follow the installation instructions on the Viper GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Viper?
Viper works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Viper free to use?
Yes, Viper is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Viper Alternatives — Similar Security Servers
Looking for alternatives to Viper? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Viper in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Viper?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.