MCP.so
登录
P

Pentestmcp

@RamKansal

关于 Pentestmcp

pentestMCP: AI-Powered Penetration Testing via MCP

基本信息

分类

其他

传输方式

stdio

发布者

RamKansal

提交者

hacker hacker

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "pentestMCP": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "ramgameer/pentest-mcp"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Pentestmcp?

Pentestmcp is an MCP server that bridges Large Language Models (LLMs) with over 20 practical penetration testing tools (Nmap, Nuclei, ZAP, SQLMap, etc.) via the Model Context Protocol. It enables AI agents within MCP-compatible clients (like Claude Desktop or VS Code) to perform automated security assessment tasks through natural language control.

How to use Pentestmcp?

Install Docker, then pull the pre-built image (docker pull ramgameer/pentest-mcp:latest) or build locally. Configure your MCP client host (e.g., Claude Desktop or VS Code Copilot Chat) to launch the server using docker run -i --rm ramgameer/pentest-mcp:latest. Once connected, issue natural language prompts to invoke the exposed tools.

Key features of Pentestmcp?

  • Integrates over 20 essential penetration testing tools via MCP
  • Standardized access for any MCP client supporting stdio server launching
  • Non‑blocking asynchronous scans for long‑running tasks
  • Resource management with concurrency limiting for scans
  • Portable, reproducible Dockerized environment across platforms
  • Direct control over OWASP ZAP Active Scan and AJAX Spider

Use cases of Pentestmcp?

  • Perform reconnaissance and enumeration (subdomains, DNS, WHOIS) via natural language
  • Run vulnerability scans using Nuclei templates or Nmap service detection
  • Execute web application analysis (hidden parameters, SQL injection) interactively
  • Conduct Active Directory enumeration and attack simulations (AS‑REP roasting, Kerberoasting)
  • Integrate automated security testing into AI‑driven development or SOC workflows

FAQ from Pentestmcp

What are the runtime requirements for Pentestmcp?

Docker Desktop (Windows/macOS) or Docker Engine (Linux) must be installed and running. For building locally, Git is needed. Optionally, an external OWASP ZAP instance is required for ZAP‑related tools.

How does Pentestmcp handle long‑running scans?

It uses an asynchronous pattern: launch_* methods start the scan and return a PID, while fetch_* or check_* methods retrieve results later, preventing blocking of the MCP connection.

What tools are included in Pentestmcp?

Over 20 tools are exposed, including Nmap, Nuclei, Subfinder, Gobuster, gofang, theHarvester, Arjun, Searchsploit, SQLMap, Dig, cURL, WHOIS, and a full set of Active Directory enumeration/attack tools (e.g., BloodHound, Certipy, Kerberoast).

Does Pentestmcp support ZAP scanning?

Yes. The server provides tools like run_zap_*, run_active_scan_*, and run_ajax_*. You must have a separate, network‑accessible OWASP ZAP instance running for these tools to function.

Where is the security disclaimer?

The README includes a Security Considerations section (truncated in this version) and a Disclaimer that advises responsible, authorized use only.

评论

其他 分类下的更多 MCP 服务器