Pentestmcp
@RamKansal
About Pentestmcp
pentestMCP: AI-Powered Penetration Testing via MCP
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"pentestMCP": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"ramgameer/pentest-mcp"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Pentestmcp?
Pentestmcp is an MCP server that bridges Large Language Models (LLMs) with over 20 practical penetration testing tools (Nmap, Nuclei, ZAP, SQLMap, etc.) via the Model Context Protocol. It enables AI agents within MCP-compatible clients (like Claude Desktop or VS Code) to perform automated security assessment tasks through natural language control.
How to use Pentestmcp?
Install Docker, then pull the pre-built image (docker pull ramgameer/pentest-mcp:latest) or build locally. Configure your MCP client host (e.g., Claude Desktop or VS Code Copilot Chat) to launch the server using docker run -i --rm ramgameer/pentest-mcp:latest. Once connected, issue natural language prompts to invoke the exposed tools.
Key features of Pentestmcp?
- Integrates over 20 essential penetration testing tools via MCP
- Standardized access for any MCP client supporting
stdioserver launching - Non‑blocking asynchronous scans for long‑running tasks
- Resource management with concurrency limiting for scans
- Portable, reproducible Dockerized environment across platforms
- Direct control over OWASP ZAP Active Scan and AJAX Spider
Use cases of Pentestmcp?
- Perform reconnaissance and enumeration (subdomains, DNS, WHOIS) via natural language
- Run vulnerability scans using Nuclei templates or Nmap service detection
- Execute web application analysis (hidden parameters, SQL injection) interactively
- Conduct Active Directory enumeration and attack simulations (AS‑REP roasting, Kerberoasting)
- Integrate automated security testing into AI‑driven development or SOC workflows
FAQ from Pentestmcp
What are the runtime requirements for Pentestmcp?
Docker Desktop (Windows/macOS) or Docker Engine (Linux) must be installed and running. For building locally, Git is needed. Optionally, an external OWASP ZAP instance is required for ZAP‑related tools.
How does Pentestmcp handle long‑running scans?
It uses an asynchronous pattern: launch_* methods start the scan and return a PID, while fetch_* or check_* methods retrieve results later, preventing blocking of the MCP connection.
What tools are included in Pentestmcp?
Over 20 tools are exposed, including Nmap, Nuclei, Subfinder, Gobuster, gofang, theHarvester, Arjun, Searchsploit, SQLMap, Dig, cURL, WHOIS, and a full set of Active Directory enumeration/attack tools (e.g., BloodHound, Certipy, Kerberoast).
Does Pentestmcp support ZAP scanning?
Yes. The server provides tools like run_zap_*, run_active_scan_*, and run_ajax_*. You must have a separate, network‑accessible OWASP ZAP instance running for these tools to function.
Where is the security disclaimer?
The README includes a Security Considerations section (truncated in this version) and a Disclaimer that advises responsible, authorized use only.
More Other MCP servers
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
XcodeBuildMCP
cameroncookeA Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
Comments