Pentest MCP: Professional Penetration Testing Toolkit
@DMontgomery40
About Pentest MCP: Professional Penetration Testing Toolkit
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
Basic information
Config
No standard config provided
This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.
RepositoryTools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Pentest MCP: Professional Penetration Testing Toolkit?
A professional penetration-testing MCP server that integrates with common security tools (nmap, John the Ripper, hashcat, gobuster, nikto, subfinder, httpx, ffuf, nuclei, hydra, sqlmap, tcpdump) and provides an agent-friendly interface for reconnaissance, exploitation, reporting, and engagement management. It targets penetration testers and red teams who want to automate tool orchestration via MCP.
How to use Pentest MCP: Professional Penetration Testing Toolkit?
Install globally with npm install -g pentest-mcp. Run locally over stdio with pentest-mcp, or over the network with MCP_TRANSPORT=http MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 pentest-mcp. Use pentest-mcp inspector to launch the bundled MCP Inspector. Tools are invoked via MCP tool calls (e.g., subfinderEnum, nucleiScan). Auth can be enabled with bearer tokens and OIDC when using HTTP transport.
Key features of Pentest MCP: Professional Penetration Testing Toolkit
- 20+ penetration testing tools including nmap, John the Ripper, hashcat, gobuster, nikto, subfinder, httpx, ffuf, nuclei, hydra, sqlmap, tcpdump
- Modern transport support: stdio (default), Streamable HTTP (recommended), and deprecated SSE
- Bearer-token authentication with optional OIDC JWKS and introspection support
- Engagement record tracking and automated report generation with scope-of-work (SoW) handling
- Built-in MCP Inspector launcher – no separate install required
- Docker deployment with all tools pre-installed
- Supports interactive and template-based SoW capture for client reports
Use cases of Pentest MCP: Professional Penetration Testing Toolkit
- Automate subdomain enumeration and live host probing for external network assessments
- Fuzz web content paths, run template-based vulnerability scanning, and test for SQL injection
- Perform brute-force checks on services (SSH, etc.) and capture network traffic for analysis
- Generate post-engagement reports with structured engagement records and scope-of-work notes
FAQ from Pentest MCP: Professional Penetration Testing Toolkit
What transport modes are supported?
stdio is the default for local MCP clients; Streamable HTTP (set MCP_TRANSPORT=http) is the recommended network transport. SSE is available only as a deprecated compatibility mode and will be removed in a future major release.
How do I enable authentication?
Set MCP_AUTH_ENABLED=true and MCP_AUTH_MODE=bearer when using HTTP (or deprecated SSE) transport. Configure OIDC with MCP_OIDC_ISSUER, MCP_OIDC_JWKS_URL, and optionally MCP_OIDC_INTROSPECTION_URL. Legacy aliases (MCP_OAUTH_ENABLED, etc.) are temporarily accepted.
What tools must be installed locally for non-Docker runs?
Ensure these binaries are in PATH: nmap, john, hashcat, gobuster, nikto, subfinder, httpx-toolkit (or validated ProjectDiscovery httpx as fallback), ffuf, nuclei, hydra, sqlmap, tcpdump.
How do I provide a scope of work for a report?
Use createClientReport with scopeMode=ask (elicits from user interactively), scopeMode=provided (paste SoW text directly into scopeOfWork), or scopeMode=template (uses a built-in generic authorized-testing template). Elicitation is recommended; if unavailable, the template is used as fallback.
Is this server safe for unpermissioned use?
No. The README states "Authorized use only. Run against systems/networks where you have explicit written permission." Prompt injection risks are documented, and mitigations like least privilege, allowlists, and human confirmation for destructive actions are recommended.
More Developer Tools MCP servers
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
MCP Framework
QuantGeekDevThe Typescript MCP Framework
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Comments