This server wraps the official MITRE ATT&CK STIX data and exposes it through 50+ MCP tools. You get structured access to techniques, threat groups, software, campaigns, and mitigations across Enterprise, Mobile, and ICS domains. It handles STIX downloads automatically, caches everything in memory for fast lookups, and includes tools to generate ATT&CK Navigator layers as JSON. Reach for this when you need an LLM to query threat intelligence programmatically, map adversary TTPs, or generate coverage visualizations without scraping. The data comes straight from MITRE's official releases, updates on first run, and supports queries like finding all techniques used by APT29 or listing mitigations for a specific technique ID.
claude mcp add --transport stdio io.github.imouiche-mitre-attack-mcp-server -- npx -y @imouiche/mitre-attack-mcp-server