Cobalt Strike MCP Server

220 tools. 146 can modify or destroy data without limits.

19 destructive tools with no built-in limits. Policy required.

Last updated:

146 can modify or destroy data
74 read-only
220 tools total

Community server · catalogue entry verified 04/07/2026

How to control Cobalt Strike MCP Server ↓

What Cobalt Strike MCP Server exposes to your agents

Read (74) Write / Execute (127) Destructive / Financial (19)
Critical Risk

The most dangerous Cobalt Strike MCP Server tools

146 of Cobalt Strike MCP Server's 220 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Cobalt Strike MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Cobalt Strike MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "beacon_delete_file": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "beacon_create_directory": {
    "limits": [
      {
        "counter": "beacon_create_directory_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "beacon_download_file": {
    "limits": [
      {
        "counter": "beacon_download_file_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Cobalt Strike MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON COBALT STRIKE →

Instant setup, no code required.

All 220 Cobalt Strike MCP Server tools

EXECUTE 113 tools
Execute beacon_change_directory Change current directory on a beacon Execute beacon_copy_file Copy a file on a beacon Execute create_listener Create a new listener (HTTP, HTTPS, DNS, SMB, etc.) Execute create_listener_dns Create a DNS listener Execute create_listener_externalC2 Create an ExternalC2 listener Execute create_listener_foreignHttp Create a Foreign HTTP listener Execute create_listener_foreignHttps Create a Foreign HTTPS listener Execute create_listener_http Create an HTTP listener Execute create_listener_https Create an HTTPS listener Execute create_listener_smb Create an SMB listener Execute create_listener_tcp Create a TCP listener Execute create_listener_userDefinedC2 Create a User-Defined C2 listener Execute elevate_beacon Elevate to a new beacon with higher privileges Execute elevate_command Elevate a command with higher privileges Execute execute_beacon_command Execute a command on a beacon (e.g., Execute execute_bof Execute a BOF (Beacon Object File) on a beacon. Common BOFs: @artifacts/BOFs/whoami.x64.o, @artifacts/BOFs/who Execute execute_bof_pack Execute a BOF with packing Execute execute_bof_packed Execute a packed BOF Execute execute_browserpivot_stop Stop browser pivot Execute execute_cancel_file_download Cancel file download Execute execute_checkin Force beacon to check in immediately Execute execute_exit Exit the beacon Execute execute_get_system Get SYSTEM privileges Execute execute_get_uid Get user ID Execute execute_job_stop Stop a job Execute execute_kerberos_ticket_use Use a Kerberos ticket Execute execute_kill_process Kill a process by PID Execute execute_link_smb Link to SMB beacon Execute execute_link_tcp Link to TCP beacon Execute execute_make_token Make a token using logon credentials Execute execute_make_token_upn Make a token using UPN (User Principal Name) Execute execute_net_domain Get domain information Execute execute_powershell_import Import PowerShell module Execute execute_rev2self Revert to self (drop impersonated token) Execute execute_rportfwd_start Start reverse port forward Execute execute_rportfwd_stop Stop reverse port forward Execute execute_setenv Set an environment variable Execute execute_socks_stop Stop SOCKS proxy Execute execute_socks_stop_port Stop SOCKS proxy on specific port Execute execute_socks4_start Start SOCKS4 proxy Execute execute_socks5_start Start SOCKS5 proxy Execute execute_steal_token Steal a token from a process Execute execute_timestomp Modify file timestamps Execute execute_tokenStore_steal Steal a token and add it to the token store Execute execute_tokenStore_stealAndUse Steal a token and immediately use it Execute execute_tokenStore_use Use a token from the token store Execute execute_unlink Unlink from beacon Execute generate_stageless_payload Generate a stageless payload for a listener Execute generate_stager_payload Generate a stager payload for a listener Execute inject_beacon Inject beacon into a process Execute inject_browserpivotStart Start browser pivot Execute inject_dll Inject a DLL into a process Execute inject_hashdump Dump password hashes (inject mode) Execute inject_keylogger Start keylogger on a process Execute inject_loadDll Load DLL Execute inject_mimikatz Run Mimikatz (inject mode) Execute inject_net_view View network resources Execute inject_portscan Perform port scan Execute inject_postExDll Load post-exploitation DLL Execute inject_powershell_unmanaged Execute unmanaged PowerShell Execute inject_printscreen Print screen (inject mode) Execute inject_pth Pass-the-hash attack Execute inject_screenshot Take screenshot (inject mode) Execute inject_screenwatch Start screen watch (inject mode) Execute inject_shellcode Inject shellcode into a process Execute inject_ssh Inject SSH session Execute inject_sshKey Inject SSH session with key Execute remoteExec_beacon Remotely execute a beacon on a target Execute remoteExec_command Remotely execute a command on a target Execute set_beacon_beacon_gate Enable or disable beacon gate Execute set_beacon_block_dlls Enable or disable block DLLs Execute set_beacon_c2_host_hold Hold C2 host (prevent failover) Execute set_beacon_c2_host_release Release C2 host (allow failover) Execute set_beacon_dns_mode Set DNS mode for beacon Execute set_beacon_ppid Set the parent process ID for a beacon Execute set_beacon_sleep Set the sleep time and jitter for a beacon Execute set_beacon_spawnto Set the spawn-to process for a beacon Execute set_beacon_spoofed_arguments Set spoofed arguments for beacon Execute set_beacon_syscall_method Set the system call method for a beacon Execute spawn_beacon Spawn a new beacon session on a target Execute spawn_beacon_asUser Spawn a beacon as a specific user Execute spawn_beacon_under Spawn a beacon under a specific process Execute spawn_chromedump Dump Chrome passwords (spawn mode) Execute spawn_command Execute a command on a beacon (spawns in new process) Execute spawn_command_runAs Run a command as a specific user Execute spawn_command_runNoOutput Run command without output Execute spawn_command_runUnder Run command under a process Execute spawn_dcsync Perform DCSync attack (spawn mode) Execute spawn_dotnetAssembly Execute .NET assembly Execute spawn_hashdump Dump password hashes from a beacon Execute spawn_keylogger Start keylogger (spawn mode) Execute spawn_mimikatz Run Mimikatz on a beacon Execute spawn_net_computers Enumerate computers (spawn mode) Execute spawn_net_domainTrusts Enumerate domain trusts (spawn mode) Execute spawn_net_group Enumerate groups (spawn mode) Execute spawn_net_sessions Enumerate sessions (spawn mode) Execute spawn_net_share Enumerate shares (spawn mode) Execute spawn_net_time Get time from target (spawn mode) Execute spawn_net_user Enumerate users (spawn mode) Execute spawn_net_user_detail Get user details (spawn mode) Execute spawn_net_view View network resources (spawn mode) Execute spawn_portscan Perform port scan (spawn mode) Execute spawn_postExDll Load post-exploitation DLL (spawn mode) Execute spawn_powershell Execute PowerShell command on a beacon Execute spawn_powershell_unmanaged Execute unmanaged PowerShell (spawn mode) Execute spawn_printscreen Print screen (spawn mode) Execute spawn_pth Pass-the-hash (spawn mode) Execute spawn_screenshot Take a screenshot on a beacon Execute spawn_screenwatch Start screen watch (spawn mode) Execute spawn_shell Execute a shell command on a beacon Execute spawn_shellcode Execute shellcode (spawn mode) Execute spawn_ssh Inject SSH session (spawn mode) Execute spawn_sshKey Inject SSH session with key (spawn mode)
READ 74 tools
Read beacon_download_file Download a file from a beacon Read beacon_get_current_directory Get current working directory on a beacon Read beacon_list_directory List directory contents on a beacon Read beacon_list_drives List available drives on a beacon Read download_payload Download a generated payload file Read execute_beacon_info Get beacon information Read execute_clipboard Get clipboard contents Read execute_get_privs Get current privileges Read execute_reg_query Query registry key Read execute_reg_queryv Query registry value Read get_artifacts List available artifacts (BOFs, etc.) Read get_beacon Get detailed information about a specific beacon by ID Read get_beacon_active_downloads Get active file downloads for a beacon Read get_beacon_c2_host_profiles Get available C2 profiles for beacon Read get_beacon_command_help Get help for a specific beacon command Read get_beacon_help Get help for beacon commands Read get_beacon_jobs Get jobs running on a beacon Read get_beacon_keystrokes Get keystrokes for a beacon Read get_beacon_output Get the output from a beacon (console output) Read get_beacon_task Get the status and output of a specific beacon task Read get_beacon_tasks_detail Get detailed task information for a specific beacon Read get_beacon_tasks_summary Get task summary for a specific beacon Read get_beacon_tokenStore Get token store state for beacon Read get_credential Get detailed information about a specific credential by ID Read get_download Get download information by ID Read get_keystrokes Get keystroke data by ID Read get_killdate Get kill date Read get_listener Get listener details by name (generic) Read get_listener_dns Get DNS listener details Read get_listener_externalC2 Get ExternalC2 listener details Read get_listener_foreignHttp Get Foreign HTTP listener details Read get_listener_foreignHttps Get Foreign HTTPS listener details Read get_listener_http Get HTTP listener details Read get_listener_https Get HTTPS listener details Read get_listener_smb Get SMB listener details Read get_listener_tcp Get TCP listener details Read get_listener_userDefinedC2 Get User-Defined C2 listener details Read get_profile Get current Malleable C2 profile Read get_screenshot Get a specific screenshot by ID Read get_system_information Get system information from teamserver Read get_task Get detailed information about a specific task by ID Read get_task_error Get error information for a specific task Read get_task_log Get log information for a specific task Read get_teamserver_info Get information about the Cobalt Strike teamserver (version, license, stats) Read get_teamserver_ip Get teamserver IP Read inject_chromedump Dump Chrome passwords Read inject_dcsync Perform DCSync attack to extract domain credentials Read inject_logonPasswords Dump logon passwords (inject mode) Read inject_net_computers Enumerate computers in the domain Read inject_net_dclist List domain controllers Read inject_net_domain_controllers List domain controllers in the domain Read inject_net_domainTrusts Enumerate domain trusts Read inject_net_groups Enumerate groups in the domain Read inject_net_localGroup Enumerate local groups Read inject_net_logons Enumerate logged on users Read inject_net_sessions Enumerate active sessions on a target Read inject_net_shares Enumerate shares on a target Read inject_net_time Get time from target Read inject_net_user_detail Get detailed information about a specific user Read inject_net_users Enumerate users in the domain Read list_beacons List all active beacons in the Cobalt Strike teamserver Read list_credentials List all stored credentials in the Cobalt Strike teamserver Read list_downloads List all file downloads from beacons Read list_keystrokes List all keystroke captures from beacons Read list_listeners List all active listeners in the Cobalt Strike teamserver Read list_screenshots List all screenshots captured from beacons Read list_tasks List all tasks across all beacons or filter by beacon ID Read spawn_logon_passwords Dump logon passwords using Mimikatz Read spawn_net_dclist List domain controllers (spawn mode) Read spawn_net_domainControllers List domain controllers (spawn mode) Read spawn_net_localGroup Enumerate local groups (spawn mode) Read spawn_net_logons Enumerate logged on users (spawn mode) Read spawn_process_list List processes on a beacon Read test_connection Test the connection to the Cobalt Strike REST API server

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Cobalt Strike MCP Server

Can an AI agent delete data through the Cobalt Strike MCP Server MCP server? +

Yes. The Cobalt Strike MCP Server server exposes 19 destructive tools including beacon_delete_file, clear_beacon_command_queue, delete_credential. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Cobalt Strike MCP Server? +

The Cobalt Strike MCP Server server has 14 write tools including beacon_create_directory, beacon_move_file, beacon_upload_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Cobalt Strike MCP Server.

How many tools does the Cobalt Strike MCP Server MCP server expose? +

220 tools across 4 categories: Destructive, Execute, Read, Write. 74 are read-only. 146 can modify, create, or delete data.

How do I enforce a policy on Cobalt Strike MCP Server? +

Register the Cobalt Strike MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Cobalt Strike MCP Server tool call.

Deterministic rules across all 220 Cobalt Strike MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

220 Cobalt Strike MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.