Pentestmcp
@RamKansal
Pentestmcp について
pentestMCP: AI-Powered Penetration Testing via MCP
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"pentestMCP": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"ramgameer/pentest-mcp"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Pentestmcp?
Pentestmcp is an MCP server that bridges Large Language Models (LLMs) with over 20 practical penetration testing tools (Nmap, Nuclei, ZAP, SQLMap, etc.) via the Model Context Protocol. It enables AI agents within MCP-compatible clients (like Claude Desktop or VS Code) to perform automated security assessment tasks through natural language control.
How to use Pentestmcp?
Install Docker, then pull the pre-built image (docker pull ramgameer/pentest-mcp:latest) or build locally. Configure your MCP client host (e.g., Claude Desktop or VS Code Copilot Chat) to launch the server using docker run -i --rm ramgameer/pentest-mcp:latest. Once connected, issue natural language prompts to invoke the exposed tools.
Key features of Pentestmcp?
- Integrates over 20 essential penetration testing tools via MCP
- Standardized access for any MCP client supporting
stdioserver launching - Non‑blocking asynchronous scans for long‑running tasks
- Resource management with concurrency limiting for scans
- Portable, reproducible Dockerized environment across platforms
- Direct control over OWASP ZAP Active Scan and AJAX Spider
Use cases of Pentestmcp?
- Perform reconnaissance and enumeration (subdomains, DNS, WHOIS) via natural language
- Run vulnerability scans using Nuclei templates or Nmap service detection
- Execute web application analysis (hidden parameters, SQL injection) interactively
- Conduct Active Directory enumeration and attack simulations (AS‑REP roasting, Kerberoasting)
- Integrate automated security testing into AI‑driven development or SOC workflows
FAQ from Pentestmcp
What are the runtime requirements for Pentestmcp?
Docker Desktop (Windows/macOS) or Docker Engine (Linux) must be installed and running. For building locally, Git is needed. Optionally, an external OWASP ZAP instance is required for ZAP‑related tools.
How does Pentestmcp handle long‑running scans?
It uses an asynchronous pattern: launch_* methods start the scan and return a PID, while fetch_* or check_* methods retrieve results later, preventing blocking of the MCP connection.
What tools are included in Pentestmcp?
Over 20 tools are exposed, including Nmap, Nuclei, Subfinder, Gobuster, gofang, theHarvester, Arjun, Searchsploit, SQLMap, Dig, cURL, WHOIS, and a full set of Active Directory enumeration/attack tools (e.g., BloodHound, Certipy, Kerberoast).
Does Pentestmcp support ZAP scanning?
Yes. The server provides tools like run_zap_*, run_active_scan_*, and run_ajax_*. You must have a separate, network‑accessible OWASP ZAP instance running for these tools to function.
Where is the security disclaimer?
The README includes a Security Considerations section (truncated in this version) and a Disclaimer that advises responsible, authorized use only.
「その他」の他のコンテンツ

Sequential Thinking
modelcontextprotocolModel Context Protocol Servers
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Awesome Mlops
visengerA curated list of references for MLOps
Blender
ahujasidOpen-source MCP to use Blender with any LLM
Codelf
unbugA search tool helps dev to solve the naming things problem.
コメント