pentest-mcp-server

Name: pentest-mcp-server
Rating: 2.0 (18 reviews)
Author: LayeSec006

by LayeSec006·★ 18·Score 40

A production-ready MCP server that enables AI agents to perform autonomous penetration testing on Linux systems via SSH with persistent tmux sessions.

securitydeveloper-toolsops-infra

Forks

Open issues

7 mo ago

Last commit

2d ago

Indexed

Overview

The pentest-mcp-server is a sophisticated MCP server built for penetration testing, offering persistent session management through tmux for complex, multi-step security assessments. Unlike other MCP servers that execute commands independently, this solution maintains state across disconnections and network failures, enabling long-running operations with tools like Metasploit, reverse shells, and custom exploits. The server includes intelligent automation features, auto-reconnection capabilities, and smart resource management to handle concurrent heavy operations efficiently.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Automated red team operations with multi-step reconnaissance and exploitation

you:CTF challenge solving with interactive tools and long-running operations

you:Security research with persistent vulnerability assessment workflows

you:What makes this MCP server different from others?

you:What Linux distributions are supported?

When to choose this

Choose this MCP server when you need persistent session management for complex penetration testing workflows with interactive tools like Metasploit, reverse shells, and long-running scans.

When NOT to choose this

Avoid if you need cross-platform support beyond Linux, have strict network policies preventing SSH connections, or require non-persistent isolated command execution.

Tools this server exposes

11 tools extracted from the README

create_session
Create a new persistent tmux session for isolated pentesting operations
list_sessions
List all active tmux sessions and their status
kill_session
Terminate a specific session and clean up resources
execute
Execute commands in persistent sessions
read_output
Get current output from a session
send_input
Send input to interactive tools
get_system_status
Get system resource usage and session status
recover_sessions
Recover orphaned sessions after reconnection
upload_file
Upload files to your system via SFTP
download_file
Download files from your system via SFTP
parse_tool_output
Parse common pentest tool outputs (nmap XML, JSON, etc.)

Comparable tools

shell-mcpnmap-mcpmetasploit-mcposint-mcp

Installation

Clone and install the package:

git clone https://github.com/LayeSec006/pentest-mcp-server.git
cd pentest-mcp-server
pip install -e .

Configure your target system:

cp .env.example .env
# Edit .env with your target system details

Install tmux on the target system:

ssh kali@<TARGET_HOST>
sudo apt update && sudo apt install tmux  # For Debian/Ubuntu/Kali
sudo pacman -S tmux  # For Arch/BlackArch
sudo dnf install tmux  # For Fedora
exit

Test the installation:

python -m pytest tests/ -v

Claude Desktop Integration

Add to your Claude Desktop configuration:

{
  "mcpServers": {
    "pentest-mcp": {
      "command": "python",
      "args": ["-m", "pentest_mcp_server"],
      "env": {
        "TARGET_HOST": "192.168.1.100",
        "TARGET_USER": "kali",
        "TARGET_PASSWORD": "your_password"
      }
    }
  }
}

FAQ

What makes this MCP server different from others?: This server provides persistent session management through tmux, enabling complex multi-step workflows and interactive tool support that survives disconnections and crashes.
What Linux distributions are supported?: It works with ANY Linux distribution including Kali Linux, Parrot Security, BackBox, Ubuntu, Debian, Arch, RHEL, CentOS, Fedora, and Alpine Linux.

Compare pentest-mcp-server with

pentest-mcp-server vs mcp-server-chart pentest-mcp-server vs everything pentest-mcp-server vs filesystem pentest-mcp-server vs time pentest-mcp-server vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.