MCP.so
Sign In
P

Pentestmcp

@RamKansal

About Pentestmcp

pentestMCP: AI-Powered Penetration Testing via MCP

Basic information

Category

Other

Transports

stdio

Publisher

RamKansal

Submitted by

hacker hacker

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "pentestMCP": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "ramgameer/pentest-mcp"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Pentestmcp?

Pentestmcp is an MCP server that bridges Large Language Models (LLMs) with over 20 practical penetration testing tools (Nmap, Nuclei, ZAP, SQLMap, etc.) via the Model Context Protocol. It enables AI agents within MCP-compatible clients (like Claude Desktop or VS Code) to perform automated security assessment tasks through natural language control.

How to use Pentestmcp?

Install Docker, then pull the pre-built image (docker pull ramgameer/pentest-mcp:latest) or build locally. Configure your MCP client host (e.g., Claude Desktop or VS Code Copilot Chat) to launch the server using docker run -i --rm ramgameer/pentest-mcp:latest. Once connected, issue natural language prompts to invoke the exposed tools.

Key features of Pentestmcp?

  • Integrates over 20 essential penetration testing tools via MCP
  • Standardized access for any MCP client supporting stdio server launching
  • Non‑blocking asynchronous scans for long‑running tasks
  • Resource management with concurrency limiting for scans
  • Portable, reproducible Dockerized environment across platforms
  • Direct control over OWASP ZAP Active Scan and AJAX Spider

Use cases of Pentestmcp?

  • Perform reconnaissance and enumeration (subdomains, DNS, WHOIS) via natural language
  • Run vulnerability scans using Nuclei templates or Nmap service detection
  • Execute web application analysis (hidden parameters, SQL injection) interactively
  • Conduct Active Directory enumeration and attack simulations (AS‑REP roasting, Kerberoasting)
  • Integrate automated security testing into AI‑driven development or SOC workflows

FAQ from Pentestmcp

What are the runtime requirements for Pentestmcp?

Docker Desktop (Windows/macOS) or Docker Engine (Linux) must be installed and running. For building locally, Git is needed. Optionally, an external OWASP ZAP instance is required for ZAP‑related tools.

How does Pentestmcp handle long‑running scans?

It uses an asynchronous pattern: launch_* methods start the scan and return a PID, while fetch_* or check_* methods retrieve results later, preventing blocking of the MCP connection.

What tools are included in Pentestmcp?

Over 20 tools are exposed, including Nmap, Nuclei, Subfinder, Gobuster, gofang, theHarvester, Arjun, Searchsploit, SQLMap, Dig, cURL, WHOIS, and a full set of Active Directory enumeration/attack tools (e.g., BloodHound, Certipy, Kerberoast).

Does Pentestmcp support ZAP scanning?

Yes. The server provides tools like run_zap_*, run_active_scan_*, and run_ajax_*. You must have a separate, network‑accessible OWASP ZAP instance running for these tools to function.

Where is the security disclaimer?

The README includes a Security Considerations section (truncated in this version) and a Disclaimer that advises responsible, authorized use only.

Comments

More Other MCP servers