MCP.so
ログイン
P

Pentestmcp

@RamKansal

Pentestmcp について

pentestMCP: AI-Powered Penetration Testing via MCP

基本情報

カテゴリ

その他

トランスポート

stdio

公開者

RamKansal

投稿者

hacker hacker

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "pentestMCP": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "ramgameer/pentest-mcp"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Pentestmcp?

Pentestmcp is an MCP server that bridges Large Language Models (LLMs) with over 20 practical penetration testing tools (Nmap, Nuclei, ZAP, SQLMap, etc.) via the Model Context Protocol. It enables AI agents within MCP-compatible clients (like Claude Desktop or VS Code) to perform automated security assessment tasks through natural language control.

How to use Pentestmcp?

Install Docker, then pull the pre-built image (docker pull ramgameer/pentest-mcp:latest) or build locally. Configure your MCP client host (e.g., Claude Desktop or VS Code Copilot Chat) to launch the server using docker run -i --rm ramgameer/pentest-mcp:latest. Once connected, issue natural language prompts to invoke the exposed tools.

Key features of Pentestmcp?

  • Integrates over 20 essential penetration testing tools via MCP
  • Standardized access for any MCP client supporting stdio server launching
  • Non‑blocking asynchronous scans for long‑running tasks
  • Resource management with concurrency limiting for scans
  • Portable, reproducible Dockerized environment across platforms
  • Direct control over OWASP ZAP Active Scan and AJAX Spider

Use cases of Pentestmcp?

  • Perform reconnaissance and enumeration (subdomains, DNS, WHOIS) via natural language
  • Run vulnerability scans using Nuclei templates or Nmap service detection
  • Execute web application analysis (hidden parameters, SQL injection) interactively
  • Conduct Active Directory enumeration and attack simulations (AS‑REP roasting, Kerberoasting)
  • Integrate automated security testing into AI‑driven development or SOC workflows

FAQ from Pentestmcp

What are the runtime requirements for Pentestmcp?

Docker Desktop (Windows/macOS) or Docker Engine (Linux) must be installed and running. For building locally, Git is needed. Optionally, an external OWASP ZAP instance is required for ZAP‑related tools.

How does Pentestmcp handle long‑running scans?

It uses an asynchronous pattern: launch_* methods start the scan and return a PID, while fetch_* or check_* methods retrieve results later, preventing blocking of the MCP connection.

What tools are included in Pentestmcp?

Over 20 tools are exposed, including Nmap, Nuclei, Subfinder, Gobuster, gofang, theHarvester, Arjun, Searchsploit, SQLMap, Dig, cURL, WHOIS, and a full set of Active Directory enumeration/attack tools (e.g., BloodHound, Certipy, Kerberoast).

Does Pentestmcp support ZAP scanning?

Yes. The server provides tools like run_zap_*, run_active_scan_*, and run_ajax_*. You must have a separate, network‑accessible OWASP ZAP instance running for these tools to function.

Where is the security disclaimer?

The README includes a Security Considerations section (truncated in this version) and a Disclaimer that advises responsible, authorized use only.

コメント

「その他」の他のコンテンツ