Cyntrisec

Provides read-only AWS analysis tools via an MCP server, enabling attack-path discovery, ROI-based remediation, and policy checks for automation clients.
  • python

2

GitHub Stars

python

Language

4 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cyntrisec-cyntrisec-cli": {
      "command": "python",
      "args": [
        "-m",
        "cyntrisec",
        "serve"
      ]
    }
  }
}

Cyntrisec MCP Server enables agents to interact with the Cyntrisec CLI as a dedicated, programmable server. It exposes read-only AWS analysis capabilities to AI agents and other tools, enabling automated discovery of attack paths, remediation suggestions, and compliance checks without directly modifying your AWS environment.

How to use

You can use the Cyntrisec MCP server to run analysis and remediation tooling from an AI agent or automation client. Start the local MCP server, then communicate with it using the MCP protocol tools integrated into your agent framework. The server exposes a set of tools for scanning, analyzing attack paths, evaluating findings, and generating remediation artifacts. You will typically start the server once and reuse it for multiple agent requests.

How to install

Prerequisites: ensure you have Python installed on your system. You will also want pip to install the package.

# Install the Cyntrisec MCP-enabled CLI
pip install cyntrisec

To run the MCP server, use the command specified for the built-in MCP server configuration: you start Cyntrisec in server mode using Python’s module runner.

python -m cyntrisec serve

Optional: list available tools supported by the MCP interface before integrating with an agent.

## MCP server configuration and usage notes

This server is designed to run locally and expose a set of tools for integration with AI agents. The server operates in read-only mode by default and provides remediation artifacts for your review rather than applying changes automatically.

To configure integration with Claude Desktop or other MCP-enabled clients, you can reference the following example configuration that registers Cyntrisec as an MCP server. This configuration shows how to run the server from Python.

## Tool access and endpoints

The server provides a set of tools that you can invoke from your MCP client. These tools include: listing tools, setting the active session snapshot, obtaining scan summaries, retrieving assets and relationships, fetching findings, extracting attack paths, explaining paths and findings, computing remediation options, generating Terraform snippets, checking access, identifying unused permissions, and verifying CIS AWS or SOC 2 compliance. These endpoints enable you to drive automated analyses and remediation planning.

## Security and safety notes

Operate with a read-only IAM role. The recommended policy includes Describe\*, Get\*, and List\* permissions only. All data remains on your local machine. No data is exfiltrated to external servers. By default, no AWS write operations are performed during scanning or analysis.

Remediation artifacts, such as Terraform snippets, are generated for your review and optional manual application. Executing Terraform or applying changes is not performed automatically unless you explicitly opt into an unsafe write mode with clear confirmation.

## Troubleshooting and notes

If you encounter issues starting the MCP server, verify Python is installed and the Cyntrisec package is accessible in your Python environment. Ensure you are using the correct module invocation: python -m cyntrisec serve. If the server appears to be unresponsive, check your local environment for firewall or port conflicts and confirm that your agent is issuing compatible MCP requests.

## Example MCP configuration (stdio)

The following snippet shows how to register the Cyntrisec MCP server as a stdio-based MCP endpoint. You can adapt this in your agent or tool that expects an MCP server descriptor.

{ "mcpServers": { "cyntrisec": { "command": "python", "args": ["-m", "cyntrisec", "serve"] } } }


## Available tools

### list\_tools

List all available MCP tools and capabilities exposed by Cyntrisec.

### set\_session\_snapshot

Set the active scan snapshot for the current MCP session.

### get\_scan\_summary

Retrieve a concise summary of the latest AWS scan.

### get\_assets

Fetch assets with optional filtering by type or name.

### get\_relationships

Retrieve relationships between assets to build the graph.

### get\_findings

Get security findings with optional severity filters.

### get\_attack\_paths

Obtain attack paths with associated risk scores.

### explain\_path

Get a detailed, hop-by-hop explanation of an attack path.

### explain\_finding

Provide a detailed explanation for a specific finding.

### get\_remediations

Identify optimal fixes for attack paths based on ROI.

### get\_terraform\_snippet

Generate Terraform code to implement remediation steps.

### check\_access

Test whether a principal can access a specific resource.

### get\_unused\_permissions

Identify unused IAM permissions to reduce blast radius.

### check\_compliance

Verify CIS AWS or SOC 2 compliance for the scanned environment.

### compare\_scans

Compare two scan snapshots to detect regressions.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational