MCP.so
Sign In
Servers

Pentest MCP: Professional Penetration Testing Toolkit

@DMontgomery40

NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.

Overview

What is Pentest MCP: Professional Penetration Testing Toolkit?

A professional penetration-testing MCP server that integrates with common security tools (nmap, John the Ripper, hashcat, gobuster, nikto, subfinder, httpx, ffuf, nuclei, hydra, sqlmap, tcpdump) and provides an agent-friendly interface for reconnaissance, exploitation, reporting, and engagement management. It targets penetration testers and red teams who want to automate tool orchestration via MCP.

How to use Pentest MCP: Professional Penetration Testing Toolkit?

Install globally with npm install -g pentest-mcp. Run locally over stdio with pentest-mcp, or over the network with MCP_TRANSPORT=http MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 pentest-mcp. Use pentest-mcp inspector to launch the bundled MCP Inspector. Tools are invoked via MCP tool calls (e.g., subfinderEnum, nucleiScan). Auth can be enabled with bearer tokens and OIDC when using HTTP transport.

Key features of Pentest MCP: Professional Penetration Testing Toolkit

  • 20+ penetration testing tools including nmap, John the Ripper, hashcat, gobuster, nikto, subfinder, httpx, ffuf, nuclei, hydra, sqlmap, tcpdump
  • Modern transport support: stdio (default), Streamable HTTP (recommended), and deprecated SSE
  • Bearer-token authentication with optional OIDC JWKS and introspection support
  • Engagement record tracking and automated report generation with scope-of-work (SoW) handling
  • Built-in MCP Inspector launcher – no separate install required
  • Docker deployment with all tools pre-installed
  • Supports interactive and template-based SoW capture for client reports

Use cases of Pentest MCP: Professional Penetration Testing Toolkit

  • Automate subdomain enumeration and live host probing for external network assessments
  • Fuzz web content paths, run template-based vulnerability scanning, and test for SQL injection
  • Perform brute-force checks on services (SSH, etc.) and capture network traffic for analysis
  • Generate post-engagement reports with structured engagement records and scope-of-work notes

FAQ from Pentest MCP: Professional Penetration Testing Toolkit

What transport modes are supported?

stdio is the default for local MCP clients; Streamable HTTP (set MCP_TRANSPORT=http) is the recommended network transport. SSE is available only as a deprecated compatibility mode and will be removed in a future major release.

How do I enable authentication?

Set MCP_AUTH_ENABLED=true and MCP_AUTH_MODE=bearer when using HTTP (or deprecated SSE) transport. Configure OIDC with MCP_OIDC_ISSUER, MCP_OIDC_JWKS_URL, and optionally MCP_OIDC_INTROSPECTION_URL. Legacy aliases (MCP_OAUTH_ENABLED, etc.) are temporarily accepted.

What tools must be installed locally for non-Docker runs?

Ensure these binaries are in PATH: nmap, john, hashcat, gobuster, nikto, subfinder, httpx-toolkit (or validated ProjectDiscovery httpx as fallback), ffuf, nuclei, hydra, sqlmap, tcpdump.

How do I provide a scope of work for a report?

Use createClientReport with scopeMode=ask (elicits from user interactively), scopeMode=provided (paste SoW text directly into scopeOfWork), or scopeMode=template (uses a built-in generic authorized-testing template). Elicitation is recommended; if unavailable, the template is used as fallback.

Is this server safe for unpermissioned use?

No. The README states "Authorized use only. Run against systems/networks where you have explicit written permission." Prompt injection risks are documented, and mitigations like least privilege, allowlists, and human confirmation for destructive actions are recommended.

Tags

More from Developer Tools