MCP-compliant · Claude · GPT · Cursor · Windsurf
v1.1·evasion_score & attack_chain upgraded

Give your AI agent Red Team superpowers

24 tools · 6 databases · 1,234 techniques.LOLBAS · GTFOBins · WADComs · LOLDrivers — one MCP server.

Get Access →Try Playground
codered — attack_chain

Try it now

Try all 24 tools now

No API key required. Add CodeRed to your MCP client and start exploring instantly.

Rate limited: 5 requests/second globally. Perfect for exploring all capabilities.

Try Playground →
MCP Config (no token needed)
{
  "servers": {
    "codered": {
      "type": "http",
      "url": "https://codered.hackfluency.com/mcp"
    }
  }
}

Browser-based playground with all tools. For production, get a personal API key.

v1.1 — March 2026

Intelligence Engine Upgrade

Smarter scoring, context-aware kill chains, and actionable evasion guidance.

Full changelog →
evasion_score
  • Normalized 0–100 risk scoring across all databases
  • New strict_mode for EDR/SIEM-active environments
  • Automatic low-risk alternative suggestions when score is high
  • Detection-specific evasion hints in every result
attack_chain
  • Auto-detects AD, cloud, web, and OT context from your objective
  • Command previews with placeholder variables in every phase
  • Linux engagements now include linPEAS recon modules
  • Web engagements pull in relevant payload categories automatically
  • Chain-level stealth score and confidence metrics
0
MCP Tools
0
Databases
0+
Techniques
0/27
Tests Passing

24 tools · 8 categories

Complete Red Team arsenal

Every database, every technique, every platform — unified under a single MCP interface your AI agent can call directly.

LOLBASWindows
  • lolbas_search
  • lolbas_get_binary
  • lolbas_list_categories
  • lolbas_build_payload
4 tools
GTFOBinsLinux
  • gtfobins_search
  • gtfobins_get_binary
  • gtfobins_build_payload
3 tools
WADComsActive Directory
  • wadcoms_search
  • wadcoms_get_command
2 tools
LOLDriversKernel
  • loldrivers_search
  • loldrivers_get_driver
2 tools
AdvancedCross-DB
  • search_by_mitre
  • search_by_capability
  • cross_reference
  • detection_context
  • generate_payload_template
5 tools
MegaPlanning
  • attack_chain
  • evasion_score
2 tools
Op StateTracking
  • op_new
  • op_log
  • op_status
  • op_list
4 tools
PAT + PEASSEnumeration
  • pat_search
  • peass_modules
2 tools

Why CodeRed

Built for real engagements

Not a toy. Purpose-built for red teamers who need accurate, actionable intelligence on demand.

Attack Chain Builder

attack_chain

Describe an objective in plain English. CodeRed builds a complete multi-phase kill chain with stealth scores, MITRE mappings, and ready-to-use payloads.

Detection Context

detection_context

Every technique comes with Sigma rules, Elastic queries, and Splunk SPL. Know exactly what your SOC will see before you execute.

Operation Tracking

op_log

Persistent SQLite-backed op log. Create operations, log executions, track timelines — then retrieve the full audit trail anytime.

Cross-DB Intelligence

search_by_mitre

Search by MITRE ATT&CK ID or capability keyword and get matching techniques from all 6 databases simultaneously.

API-Key Auth

auth

Production-grade Unkey.dev middleware. Every request is authenticated, rate-limited, and audited — no infrastructure overhead.

MCP-Native

mcp

Works out-of-the-box with Claude, GPT-4o, Cursor, Windsurf — any MCP-compatible client. No custom plugins needed.

51/51 tests passing6 databases · 1,234 techniques24 tools · 0 failures

…typical of mature red teams or elite consultancies like Mandiant.

GPT-4 Blind Audit·March 2026
See full test evidence

Get started in 60 seconds

Ready to arm your AI agent?

Drop CodeRed into any MCP-compatible client. Add your key and start querying 1,234 Red Team techniques instantly.

{"servers":{"codered":{"type":"http","url":"https://codered.hackfluency.com/mcp","headers":{"Authorization":"Bearer <your-bearer-token>"}}}}
Get your API key →Read the docs