A comprehensive Model Context Protocol (MCP) server that provides access to essential network operations and infrastructure tools through a standardized interface.

• Ping: Test host connectivity with customizable packet count and timeout
• Traceroute: Trace network path with configurable max hops
• MTR: Monitor network path with real-time statistics
• Telnet: Test port connectivity using telnet
• Netcat: Test port connectivity using netcat

• cURL: Execute HTTP requests with full control over headers, methods, and data
• HTTPie: Alternative HTTP client with simplified syntax
• API Testing: Validate API endpoints with expected status codes

• nslookup: Query DNS records with various record types
• dig: Advanced DNS querying tool
• host: Simple DNS lookup utility

• Nmap: Network scanning and service enumeration
• Port Scanning: Targeted port scanning capabilities
• Service Discovery: Identify running services on targets

• SS: Socket statistics and connection monitoring
• Netstat: Network statistics and connection information
• ARP: Address Resolution Protocol table management
• ARPing: Test ARP connectivity

• System Status: CPU, memory, and disk usage monitoring
• Process List: Running process enumeration
• Required Tools Check: Verify system tool availability

The following tools must be installed on the system:

# Network tools
curl, ping, traceroute, mtr, telnet, nc (netcat)

# DNS tools
nslookup, dig, host

# Network discovery
nmap

# System tools
ss, netstat, arp, arping

# HTTP tools
httpie (optional, for enhanced HTTP testing)

• Python 3.8+
• uv package manager (recommended)

# Clone the repository
git clone https://github.com/alpadalar/NetOpsMCP.git
cd NetOpsMCP

# Install dependencies using uv
uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e .

# Clone the repository
git clone https://github.com/alpadalar/NetOpsMCP.git
cd NetOpsMCP

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -e .

# Build and run with Docker Compose
docker compose up -d

# Or build manually
docker build -t netopsmcp .
docker run -p 8815:8815 netopsmcp

# Using Python directly
python -m netops_mcp.server_http --host 0.0.0.0 --port 8815

# Using Docker
docker compose up -d

# Using the provided script
./start_http_server.sh

# Health check
curl http://localhost:8815/health

# Test system requirements
curl -X POST http://localhost:8815/netops-mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "check_required_tools", "params": {}}'

# Ping a host
result = ping_host("google.com", count=4, timeout=10)

# Test HTTP endpoint
result = curl_request("https://httpbin.org/get", method="GET")

# DNS lookup
result = nslookup_query("google.com", record_type="A")

# Network scan
result = nmap_scan("192.168.1.1", ports="1-1000", scan_type="basic")

Test connectivity to a host using ping.

Parameters:

• host: Target hostname or IP address
• count: Number of ping packets (default: 4)
• timeout: Timeout in seconds (default: 10)

Returns: Ping statistics and results

Trace network path to a target.

Parameters:

• target: Target hostname or IP address
• max_hops: Maximum number of hops (default: 30)
• timeout: Timeout in seconds (default: 30)

Returns: Network path information

Monitor network path using MTR.

Parameters:

• target: Target hostname or IP address
• count: Number of probes (default: 10)
• timeout: Timeout in seconds (default: 30)

Returns: MTR statistics and hop information

Execute HTTP request using curl.

Parameters:

• url: Target URL
• method: HTTP method (GET, POST, PUT, DELETE, PATCH)
• headers: HTTP headers dictionary
• data: Request data for POST/PUT requests
• timeout: Request timeout in seconds

Returns: HTTP response and timing information

Execute HTTP request using HTTPie.

Parameters: Same as curl_request

Returns: HTTP response and timing information

Query DNS records using nslookup.

Parameters:

• domain: Target domain name
• record_type: DNS record type (A, AAAA, MX, NS, TXT, CNAME)
• server: Custom DNS server (optional)

Returns: DNS query results

Query DNS records using dig.

Parameters: Same as nslookup_query

Returns: Detailed DNS query results

Scan network using nmap.

Parameters:

• target: Target hostname, IP, or network range
• ports: Port range (e.g., "1-1000", "80,443,8080")
• scan_type: Scan type (basic, full, stealth)
• timeout: Scan timeout in seconds

Returns: Network scan results

Perform targeted port scanning.

Parameters:

• target: Target hostname or IP address
• ports: Port range to scan
• timeout: Scan timeout in seconds

Returns: Port scan results

Get system status information.

Returns: CPU, memory, and disk usage statistics

Show network connections using ss.

Parameters:

• state: Filter by connection state
• protocol: Filter by protocol

Returns: Network connection information

Show network connections using netstat.

Parameters: Same as ss_connections

Returns: Network connection information

# Using pytest
pytest tests/ -v

# Using uv
uv run pytest tests/ -v

# With coverage
pytest tests/ --cov=src --cov-report=html --cov-report=term-missing

• Unit Tests: Individual tool functionality
• Integration Tests: End-to-end workflow testing
• Mock Tests: Command execution simulation
• Validation Tests: Input validation and error handling

The test suite covers:

• ✅ All tool methods and functionality
• ✅ Input validation and error handling
• ✅ Command execution and output parsing
• ✅ Edge cases and error scenarios
• ✅ Mock testing for external dependencies

To generate coverage reports:

# Generate HTML coverage report
pytest tests/ --cov=src --cov-report=html

# Generate terminal coverage report
pytest tests/ --cov=src --cov-report=term-missing

# Generate both reports
pytest tests/ --cov=src --cov-report=html --cov-report=term-missing

# Server configuration
NETOPS_MCP_HOST=0.0.0.0
NETOPS_MCP_PORT=8815
NETOPS_MCP_LOG_LEVEL=INFO

# Tool timeouts
PING_TIMEOUT=10
TRACEROUTE_TIMEOUT=30
MTR_TIMEOUT=30
CURL_TIMEOUT=30
NMAP_TIMEOUT=300

The server will automatically create a default configuration file from config/config.example.json on first run, or you can create config/config.json manually:

{
  "logging": {
    "level": "INFO",
    "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
    "file": "logs/netops-mcp.log"
  },
  "security": {
    "allow_privileged_commands": false,
    "allowed_hosts": [],
    "rate_limit_requests": 100,
    "rate_limit_window": 60
  },
  "network": {
    "default_timeout": 30,
    "max_scan_timeout": 300,
    "allowed_ports": "1-65535"
  },
  "server": {
    "host": "0.0.0.0",
    "port": 8815,
    "path": "/netops-mcp"
  }
}

version: '3.8'
services:
  netopsmcp:
    build: .
    ports:
      - "8815:8815"
    environment:
      - NETOPS_MCP_HOST=0.0.0.0
      - NETOPS_MCP_PORT=8815
    volumes:
      - ./logs:/app/logs
      - ./config:/app/config
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8815/health"]
      interval: 30s
      timeout: 10s
      retries: 3

# Build image
docker build -t netopsmcp .

# Run container
docker run -d \
  --name netopsmcp \
  -p 8815:8815 \
  -v $(pwd)/logs:/app/logs \
  -v $(pwd)/config:/app/config \
  netopsmcp

• DEBUG: Detailed debugging information
• INFO: General operational messages
• WARNING: Warning messages for potential issues
• ERROR: Error messages for failed operations

• logs/netops-mcp.log: Main application log
• logs/access.log: HTTP access log
• logs/error.log: Error log

# Check server health
curl http://localhost:8815/health

# Check system requirements
curl -X POST http://localhost:8815/netops-mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "check_required_tools", "params": {}}'

• Firewall Rules: Configure appropriate firewall rules for the server port
• Access Control: Implement authentication if needed
• Network Isolation: Run in isolated network environments when possible

• Privileged Operations: Some tools require elevated privileges
• Network Scanning: Be aware of legal implications of network scanning
• Rate Limiting: Implement rate limiting for resource-intensive operations

• Input Validation: All inputs are validated before processing
• Error Handling: Comprehensive error handling and logging
• Timeout Management: Configurable timeouts for all operations
• Resource Limits: Built-in resource usage limits

1. Generate API Keys:

   python scripts/generate_api_key.py -n 2 --config config/config.json

2. Configure Security (config/config.json):

   {
     "security": {
       "require_auth": true,
       "api_keys": ["your-generated-key-here"],
       "rate_limit_requests": 100,
       "rate_limit_window": 60
     }
   }

3. Deploy with Docker Compose:

   docker compose up -d

4. Verify Deployment:

   curl http://localhost:8815/health

The server supports API key authentication for secure access:

# Make authenticated request
curl -X POST http://localhost:8815/netops-mcp \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"method": "ping_host", "params": {"host": "google.com"}}'

Use a reverse proxy (nginx or Caddy) for HTTPS:

server {
    listen 443 ssl http2;
    server_name your-domain.com;
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    location / {
        proxy_pass http://localhost:8815;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

• ✅ API Key Authentication: Secure access control with Bearer tokens
• ✅ Rate Limiting: Built-in rate limiting (100 req/min default)
• ✅ Input Validation: Comprehensive input sanitization
• ✅ Structured Logging: JSON logging for production environments
• ✅ Health Checks: Built-in health check endpoints
• ✅ Docker Support: Production-ready Docker image with multi-stage build
• ✅ Non-Root User: Runs as unprivileged user in container
• ✅ Resource Limits: Configurable CPU and memory limits
• ✅ CORS Support: Configurable CORS for web applications
• ✅ Security Headers: Automatic security headers

GitHub Actions workflows included:

• Tests: Automated testing on Python 3.10, 3.11, 3.12
• Linting: Code quality checks (Black, Ruff, mypy)
• Security: Security scanning (Bandit, Safety, Trivy)
• Release: Automated Docker image publishing to GitHub Container Registry

• 📖 Production Deployment Guide
• 🔐 API Authentication Guide
• 🛡️ Security Policy

# Clone repository
git clone https://github.com/alpadalar/NetOpsMCP.git
cd NetOpsMCP

# Install development dependencies
uv pip install -e .

# Run tests
pytest tests/ -v

• Black: Code formatting
• Ruff: Linting and import sorting
• mypy: Type checking

• Write tests for all new functionality
• Maintain test coverage above 90%
• Use meaningful test names and descriptions
• Mock external dependencies

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Update documentation
6. Submit a pull request

This project is licensed under the MIT License - see the LICENSE file for details.

• API Reference: See the API Reference section above
• Configuration Guide: See the Configuration section above
• Troubleshooting: See the Support section above

• Bug Reports: Use GitHub Issues
• Feature Requests: Submit via GitHub Issues
• Security Issues: Contact maintainers directly

• Issues: GitHub Issues for discussions and questions
• Documentation: See the sections above for comprehensive guides

• MCP Protocol: Model Context Protocol specification
• Network Tools: Open source networking utilities
• Testing Framework: pytest and related tools
• Community: Contributors and users

NetOps MCP - Empowering network operations through standardized tool access.