MCP Catalogs
Homepentest-ai screenshot

pentest-ai

by 0xSteph·251·Score 51

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for autonomous pentests.

securitydeveloper-toolsops-infra
52
Forks
1
Open issues
this month
Last commit
2d ago
Indexed

Overview

Pentest-AI is a comprehensive security testing platform that exposes 205+ wrapped security tools through the MCP protocol. It features 17 specialized agents covering reconnaissance, web, API, active directory, cloud, mobile, and wireless testing, along with 60 deterministic probes for OWASP Top 10 vulnerabilities. The server works seamlessly with MCP-compatible clients like Claude Code, Cursor, and VS Code Copilot without requiring an API key when used through MCP. Each finding includes a working proof of concept, and the system generates attack chains and detection rules.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Autonomous penetration testing via MCP-compatible clients like Claude Code
you:Security testing in CI/CD pipelines with SARIF output
you:Security audit reporting with proof of concepts for findings
you:Does this require an API key?
you:What tools are included?

When to choose this

Choose pentest-ai for automated offensive security testing through MCP clients when you need comprehensive OWASP Top 10 coverage with proof-of-concept generation.

When NOT to choose this

Avoid pentest-ai for production environments without proper authorization; its tools are designed for offensive security testing and require explicit permission.

Tools this server exposes

12 tools extracted from the README
  • list_tools

    List all available security tools in the pentest-ai server

  • run_tool

    Execute a specific security tool against the target

  • plan_tools

    Get the recommended tool list for a specific engagement

  • ensure_tools_installed

    Batch install the required tools for an engagement

  • list_probes

    List available SPA-aware probes for OWASP Top 10 vulnerabilities

  • run_probe

    Execute a specific probe against the target

  • http_request

    Make raw HTTP requests with scope guards for custom testing

  • start_engagement

    Begin a new pentest engagement against a target

  • get_findings

    Retrieve all findings from the current engagement

  • get_attack_chains

    Retrieve attack chains formed from correlated findings

  • test_web_app

    Run a comprehensive web application security test

  • test_api_security

    Test API security including endpoints, authentication, and data validation

Comparable tools

hexstrikeowasp-zapnucleiburp-suite

Installation

Installation

pip install ptai

Claude Desktop Configuration

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "pentest-ai": {
      "command": "ptai",
      "args": ["mcp"]
    }
  }
}

Other MCP Clients

ptai setup --mcp

FAQ

Does this require an API key?
When used through MCP with Claude Code/Cursor/Codex, no API key is required. The standalone CLI mode does require an LLM API key.
What tools are included?
205+ wrapped security tools including wpscan, dalfox, hydra, hashcat, paramspider, ffuf, gobuster, sqlmap, and many others.

Compare pentest-ai with

pentest-ai vs mcp-server-chartpentest-ai vs everythingpentest-ai vs filesystempentest-ai vs timepentest-ai vs sequentialthinking
GitHub →

Last updated · Auto-generated from public README + GitHub signals.