Built for purple team exercises and SOC readiness drills, this server gives Claude hands-on cybersecurity simulation tools. You get 12 tools covering the full incident lifecycle: create scenarios tuned to specific APT profiles and CVEs, simulate multi-phase attacks with pseudo command chains, analyze network telemetry, investigate incidents, run forensics, and generate board-level reports. It tracks everything in an append-only audit log with optional HMAC chain sealing for compliance, supports RBAC with approval tokens for destructive ops, and can sync findings back to GRC platforms. The replay_telemetry tool overlays real PCAP or SIEM data onto simulations. Ships with Docker support and an optional HTTP bridge if you want to expose it as a REST API behind authentication.
claude mcp add --transport stdio kayembahamid-cybersim-pro -- docker run -i --rm docker.io/hamcodes/cybersim-pro-mcp:v1.0.1