Secure MCP server enabling AI assistants to perform network diagnostics and administration within Docker-isolated environments, offering tools like SSH, ping, and tcpdump with enterprise-grade security, session management, and strict access controls.
Unlock the full potential of ITMCP through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.
Free tier available • No credit card required
Discover shared experiences
Secure network administration tools for AI assistants through the Model Context Protocol (MCP).
ITMCP is an MCP server that enables AI assistants to safely execute networking commands inside a Docker container sandbox. It provides a secure interface for running common network diagnostic and administration tools while maintaining strict security controls.
The project implements the Model Context Protocol (MCP) to expose networking tools as callable functions for AI assistants, allowing them to perform network diagnostics and system administration tasks in a controlled environment.
Clone the repository:
git clone https://github.com/yourusername/itmcp.git cd itmcp
Install dependencies:
pip install -e .
Build the Docker container:
docker build -t itmcp_container .
Run the container:
docker-compose up -d
ITMCP uses a YAML-based configuration system and environment variables for setup.
Create a .env file in the project root with the following variables:
# Docker configuration
USE_DOCKER=true
DOCKER_CONTAINER=itmcp_container
# SSH credentials configuration
SSH_CREDENTIALS_PATH=/app/secrets/ssh_credentials.json
SSH_KEYS_PATH=/app/secrets/keys
# Security whitelists
ALLOWED_HOSTS=localhost,127.0.0.1,example.com
ALLOWED_DIRECTORIES=/tmp,/var/log
ALLOWED_REMOTE_COMMANDS=ls,cat,grep
ITMCP implements three key whitelists for security:
ITMCP provides the following network administration tools:
| Tool | Description |
|---|---|
ssh_tool | Connect to a target via SSH |
ping_tool | Ping a host to check connectivity |
nslookup_tool | Perform DNS lookup on a hostname or IP address |
telnet_tool | Test TCP connectivity to a host and port |
dig_tool | Perform DNS lookup with dig command |
tcpdump_tool | Capture network packets (limited time) |
ps_tool | List running processes |
cat_tool | Display content of a file |
top_tool | Display system processes (snapshot) |
grep_tool | Search for patterns in files |
head_tool | Display the beginning of a file |
tail_tool | Display the end of a file |
ITMCP implements enterprise-grade security features:
ITMCP uses Docker to create a secure sandbox for command execution:
To use ITMCP with Claude desktop, add the following to your config.json file:
{ "servers": [ { "name": "itmcp", "command": ["python", "-m", "itmcp.server"], "environment": { "USE_DOCKER": "true", "DOCKER_CONTAINER": "itmcp_container", "ALLOWED_HOSTS": "localhost,127.0.0.1,yahoo.com,firewall.local" } } ] }
For Cline AI, a more detailed configuration is provided in the mcp-config.json file included in this repository:
{ "servers": [ { "name": "itmcp", "command": [ "python", "-m", "itmcp.server" ], "environment": { "USE_DOCKER": "true", "DOCKER_CONTAINER": "itmcp_container", "ALLOWED_HOSTS": "localhost,127.0.0.1,yahoo.com,firewall.local", "ALLOWED_DIRECTORIES": "/tmp,/var/log", "ALLOWED_REMOTE_COMMANDS": "ls,cat,grep,ping,ssh,nslookup,dig,telnet,tcpdump,ps,top,head,tail" }, "description": "Secure network administration tools running in a Docker sandbox", "tools": [ { "name": "ssh_tool", "description": "Connect to a target via SSH" }, { "name": "ping_tool", "description": "Ping a host to check connectivity" }, { "name": "nslookup_tool", "description": "Perform DNS lookup on a hostname or IP address" }, { "name": "telnet_tool", "description": "Test TCP connectivity to a host and port" }, { "name": "dig_tool", "description": "Perform DNS lookup with dig command" }, { "name": "tcpdump_tool", "description": "Capture network packets (limited time)" }, { "name": "ps_tool", "description": "List running processes" }, { "name": "cat_tool", "description": "Display content of a file" }, { "name": "top_tool", "description": "Display system processes (snapshot)" }, { "name": "grep_tool", "description": "Search for patterns in files" }, { "name": "head_tool", "description": "Display the beginning of a file" }, { "name": "tail_tool", "description": "Display the end of a file" } ] } ] }
To use this configuration with Cline:
mcp-config.json file to your Cline configuration directory--mcp-config flag pointing to this file# Using the ping_tool to check connectivity to yahoo.com
itmcp
ping_tool
{
"target": "yahoo.com",
"count": 4
}
# Using the ssh_tool to connect to a firewall and run a command
itmcp
ssh_tool
{
"target": "firewall.local",
"user": "admin",
"command": "show interface status"
}
# Using the dig_tool to perform a DNS lookup
itmcp
dig_tool
{
"target": "yahoo.com",
"type": "MX"
}
Contributions are welcome! Please feel free to submit a Pull Request.
git checkout -b feature/amazing-feature)git commit -m 'Add some amazing feature')git push origin feature/amazing-feature)This project is licensed under the MIT License - see the LICENSE file for details.
Andrew Hopper
ITMCP is designed with security in mind, but proper configuration is essential:
Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!
Deploy a Model Context Protocol (MCP) server to seamlessly integrate AI models with diverse data sou...
Deploy a Model Context Protocol (MCP) server to seamlessly integrate AI models with diverse data sou...
Deploy and integrate a Model Context Protocol (MCP) server to standardize AI model context delivery,...
Enables AI assistants to interact with Kubernetes clusters via natural language using the Model Cont...
Node.js MCP server enabling secure, permission-controlled filesystem operations including file and d...