๐ฅ๏ธ Post-Exploitation tmux MCP Server
A MCP server that exposes essential tmux features as MCP tools โ giving AI agents a terminal multiplexer for post-exploitation operations, with built-in guardrails that block destructive commands.
โจ Tools (14)
| Category |
Tools |
Description |
| Sessions |
3 |
Create, list, kill |
| Windows |
3 |
Create, list, kill |
| Panes |
3 |
Split, list, kill |
| Command Execution |
3 |
execute_command, send_keys, capture_pane โ all guarded |
| Utility |
2 |
validate_command_safety, kill_server |
๐ก๏ธ Guardrails
Every command sent through execute_command or send_keys is validated before execution. The guardrails block:
- File destruction โ
rm -rf /, shred, wipefs
- Disk operations โ
mkfs, dd if=, fdisk, parted
- Fork bombs โ
:(){ :|:& };:
- System shutdown โ
shutdown, reboot, halt, init 0/6
- Critical process killing โ
kill -9 1, killall -9
- Permission bombs โ
chmod -R 777 /
- Dangerous redirects โ
> /etc/passwd, > /etc/shadow
- Network destruction โ
iptables -F
- Log tampering โ
> /var/log/, history -c
- Obfuscated execution โ
curl ... | sh, base64 -d | sh
๐ฆ Installation
cd Post-Exploitation
pip install -r requirements.txt
Prerequisite: tmux must be installed on the target machine.
๐ Usage
Run the MCP server
python server.py
Test with the interactive client
python client.py
The client connects to server.py via stdio, lists available tools, and gives you an interactive REPL to call them.
Connect from an MCP client (e.g. AI agent)
{
"mcpServers": {
"post-exploitation-tmux": {
"command": "python3",
"args": ["path/to/Post-Exploitation/server.py"]
}
}
}
๐ง Tool Reference
Sessions
| Tool |
Description |
create_session(name, window_name?) |
Create a new detached session |
list_sessions() |
List all sessions |
kill_session(name) |
Destroy a session |
Windows
| Tool |
Description |
create_window(session, name?) |
Create a new window |
list_windows(session) |
List windows |
kill_window(session, index) |
Kill a window |
Panes
| Tool |
Description |
split_pane(session, window, direction?) |
Split pane vertically/horizontally |
list_panes(session, window) |
List panes with command & PID |
kill_pane(session, window, pane) |
Kill a pane |
Command Execution (Guarded)
| Tool |
Description |
execute_command(session, window, pane, command) |
Run a command (guardrail-checked) |
send_keys(session, window, pane, keys, press_enter?) |
Send keystrokes (guarded if Enter) |
capture_pane(session, window, pane, start?, end?) |
Read pane output (trailing blanks stripped) |
Utility
| Tool |
Description |
validate_command_safety(command) |
Pre-check a command without executing |
kill_server() |
Kill the tmux server (destroys all sessions) |
๐ Project Structure
Post-Exploitation/
โโโ server.py # FastMCP server โ 14 tools
โโโ tmux_wrapper.py # Thin Python wrapper around tmux CLI
โโโ guardrails.py # Command validation & safety checks
โโโ client.py # Interactive MCP test client
โโโ test_guardrails.py # Guardrails unit tests
โโโ requirements.txt # Python dependencies
โโโ README.md # This file
๐งช Testing
Run guardrail tests
python test_guardrails.py
Test MCP tools interactively
python client.py
โ ๏ธ Disclaimer
This tool is intended for authorized penetration testing and security research only. Unauthorized use against systems you do not own or have explicit permission to test is illegal.
