Get up and running with the ThreatExploit MCP server. This guide walks you through installing the server, configuring your environment, and connecting it to AI assistants like Claude so you can run pentests and manage cloud infrastructure through natural conversation.
Prerequisites
Before you begin, ensure you have the following ready:
Python 3.10+ installed on your system.
A ThreatWinds account with an active bearer token.
At least one pt-agent compute instance running. The MCP server will automatically discover and connect to your active instances.
Installation and Configuration
Follow these steps to download the server, install its dependencies, and configure your authentication token.
- 1
Clone the repository
First, download the ThreatExploit MCP server source code to your local machine.
git clone https://github.com/threatwinds/threatexploit-mcp.git cd threatexploit-mcp - 2
Set up a virtual environment
Create and activate a Python virtual environment to keep your dependencies isolated.
python3 -m venv .venv source .venv/bin/activate - 3
Install dependencies
Install the required packages (which include
mcp,httpx, andpython-dotenv).pip install -r requirements.txt - 4
Configure your environment
Create your environment file by copying the provided example template.
cp .env.example .envOpen the newly created
.envfile in your preferred text editor and add your ThreatWinds bearer token:BEARER_TOKEN=your-token-here
Never commit your .env file to version control. The repository is pre-configured with a .gitignore file to prevent this, but always ensure your BEARER_TOKEN remains secure.
Connecting to your AI Client
Once your server is configured, you need to tell your AI assistant how to communicate with it.
In the examples below, make sure to replace /path/to/MCP with the actual absolute path to the threatexploit-mcp directory on your machine.
Claude Code
You can add the server to Claude Code directly via the command line:
claude mcp add threatexploit -- /path/to/MCP/.venv/bin/python /path/to/MCP/server.pyAlternatively, you can manually add it to your Claude Code MCP settings file:
{
"mcpServers": {
"threatexploit": {
"command": "/path/to/MCP/.venv/bin/python",
"args": ["/path/to/MCP/server.py"]
}
}
}Claude Desktop
To use the server with the Claude Desktop app, open your claude_desktop_config.json file and add the following configuration:
{
"mcpServers": {
"threatexploit": {
"command": "/path/to/MCP/.venv/bin/python",
"args": ["/path/to/MCP/server.py"]
}
}
}Testing the Server
If you want to test the server's tools and capabilities before connecting it to Claude, you can use the MCP Inspector.
Make sure your virtual environment is activated, then run:
source .venv/bin/activate
mcp dev server.pyThis will launch a local web interface where you can inspect the available tools and test requests manually.
How it Works
Once connected, the MCP server acts as a bridge between your AI assistant and your security infrastructure. It routes all operations through the ThreatExploit Studio proxy via HTTPS, allowing Claude to safely interact with your pt-agent instances.
flowchart LR
Claude["Claude (AI Client)"] <-->|Natural Language / MCP| Server["ThreatExploit MCP Server"]
Server <-->|HTTPS API| Studio["ThreatExploit Studio Proxy"]
Studio <-->|Auto-discovery & Control| Agent["pt-agent Instances"]The server automatically discovers running instances via the ThreatWinds compute API, meaning you don't need to manually configure IP addresses or connection details for your agents.
