Guides

Using redteamer with AI

Use redteamer as an MCP (Model Context Protocol) server to expose your modules as tools that AI systems can discover and call safely.

Overview

The Model Context Protocol (MCP) defines a standard way for AI assistants to connect to external tools that run locally.

redteamer includes an MCP server that lets compatible AI systems, including OpenAI, Anthropic, and local LLMs, execute modules and inspect results directly.

When running in MCP mode, redteamer makes each module available as a structured, typed tool.
This allows an assistant to:

Search available modules
Inspect input and output schemas
Execute modules with structured arguments
Retrieve or audit previous results

Start the server with:

rt serve mcp

The server runs locally over stdio. No external network or cloud connection is required.

Available Tools

Tool	Description
search	Discover modules available across local, private, and public sources.
spec	Retrieve input and output schemas for a given module.
prep	Prepare a module for offline execution by pulling dependencies.
run	Execute a module with structured inputs.
audit	Search and review past runs.
output	Retrieve typed output data from a specific run ID.

These correspond to the same CLI subcommands but are exposed through MCP for AI integration.

How It Works

When rt serve mcp starts:

redteamer registers its MCP service over stdio.
Each module and command is exposed as a typed endpoint.
A connected AI assistant discovers these tools and can call them directly.

This makes redteamer act as an intelligent local API that the model can reason about and invoke programmatically.

Connecting to OpenAI

OpenAI’s desktop and API assistants support the MCP protocol through tool connectors.

Install the OpenAI MCP client.

Create a connector configuration that points to redteamer:

{
  "mcpServers": {
    "redteamer": {
      "command": "rt",
      "args": ["serve", "mcp"]
    }
  }
}

Launch your OpenAI assistant or IDE plugin. It will automatically discover redteamer’s tools and list them under available commands.

The assistant can now search, prepare, and run redteamer modules directly from chat.

Connecting to Anthropic

Anthropic’s Claude Desktop and API support the same MCP interface.

Run the MCP server locally:
```
rt serve mcp
```

Add a configuration entry to the Claude Desktop config file (typically ~/.claude/config.json):

{
  "mcpServers": {
    "redteamer": {
      "command": "rt",
      "args": ["serve", "mcp"]
    }
  }
}

Restart Claude Desktop. The assistant will automatically load redteamer’s tools. You can now instruct it to search or run modules directly, for example:
Search for modules that perform subdomain enumeration and run one for example.com.

Connecting to Local LLMs (Llama, Mistral, or Ollama)

Many open-source LLM runtimes such as Llama.cpp, Ollama, or LM Studio can interface with external tools using MCP-compatible bridges.

Start redteamer in MCP mode:
```
rt serve mcp
```
Use an MCP client like mcp-bridge or a local adapter that exposes the MCP tools as JSON schema functions to your model.

Configure the client to map the redteamer server:

{
  "mcpServers": {
    "redteamer": {
      "command": "rt",
      "args": ["serve", "mcp"]
    }
  }
}

Launch your model with the bridge active. The model will discover redteamer’s tools and can call them using the same JSON arguments it uses for local function calls.

This setup works with self-hosted or air-gapped environments and does not require cloud connectivity.

Typical Flow

An AI assistant connected through MCP can perform an end-to-end operation like this:

Search for a module matching “S3 enumeration.”
Inspect the spec to learn the expected inputs and outputs.
Prepare the module for offline use.
Run it with structured input values.
Retrieve results through output or review metadata with audit.

This mirrors the redteamer CLI workflow, but is fully automatable through an AI system.

Security and Deployment Notes

The MCP server runs locally and communicates only over stdio.
No telemetry, network calls, or data sharing occur outside your host.
Logs and runs remain under ~/.local/share/redteamer.

Example Workflow with Claude or ChatGPT

Run redteamer MCP locally:
```
rt serve mcp
```
Open your AI assistant and type:
“List all modules for privilege escalation.” The assistant uses the search tool.
Ask it to run one of them:
“Execute the privilege escalation module against 10.0.0.5.” The assistant calls the run tool and streams outputs.
Request a summary:
“Summarize the results of the last redteamer run.” The assistant fetches and reads the structured output.