pentest-mcp

Name: pentest-mcp
Rating: 2.5 (137 reviews)
Author: DMontgomery40

by DMontgomery40·★ 137·Score 50

Professional penetration testing MCP server with nmap, JtR, hashcat, and reconnaissance tools.

securitydeveloper-toolsops-infra

Forks

Open issues

2 mo ago

Last commit

2d ago

Indexed

Overview

Pentest MCP is a specialized Model Context Protocol server for penetration testers, providing access to security tools like nmap, go/dirbuster, nikto, John the Ripper, and hashcat. The server supports multiple transport protocols including stdio, HTTP (primary), and deprecated SSE, with authentication options including bearer tokens and OIDC integration. It features workflow management tools for engagement tracking and client report generation with scope of work handling.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Professional penetration testing engagements with structured reporting

you:Network reconnaissance and vulnerability scanning automation

you:Password cracking and brute force attacks in authorized environments

you:What security tools are included in this MCP server?

you:How is authentication handled in this MCP server?

When to choose this

Choose Pentest MCP for professional penetration testing when you need a comprehensive security testing toolkit with proper authentication and transport options for enterprise environments.

When NOT to choose this

Avoid this if you need basic security scanning without authentication, if you're in a restricted environment without ability to install required tools, or if you need testing against environments without explicit written permission.

Comparable tools

metasploit-mcpnuclei-mcpsubfindernmapsqlmap

Installation

npm install -g pentest-mcp

Run locally (stdio):

pentest-mcp

Launch bundled MCP Inspector:

pentest-mcp inspector

Run over HTTP (recommended):

MCP_TRANSPORT=http MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 pentest-mcp

For Claude Desktop, add to claude_desktop_config.json:

{
  "mcpServers": {
    "pentest-mcp": {
      "command": "pentest-mcp",
      "args": ["stdio"]
    }
  }
}

FAQ

What security tools are included in this MCP server?: The server includes nmap, John the Ripper, hashcat, gobuster, nikto, subfinder, httpx, ffuf, nuclei, hydra, traffic capture, and more specialized tools for penetration testing.
How is authentication handled in this MCP server?: The server supports bearer token authentication with OIDC JWKS and introspection support. You can configure authentication through environment variables like MCP_AUTH_ENABLED, MCP_AUTH_MODE, and OIDC issuer URLs.

Compare pentest-mcp with

pentest-mcp vs mcp-server-chart pentest-mcp vs everything pentest-mcp vs filesystem pentest-mcp vs time pentest-mcp vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.