pentestMCP is an MCP Server that exposes penetration testing tools (Nmap, Nuclei, ZAP, etc.) as callable tools for AI agents to use in security analysis.

pentestMCP

Name: pentestMCP
Rating: 2.3 (65 reviews)
Author: RamKansal

by RamKansal·★ 65·Score 46

MCP server exposing 20+ penetration testing tools for AI-assisted security testing via Docker.

securitydeveloper-toolsops-infra

Forks

Open issues

this month

Last commit

2d ago

Indexed

Overview

pentestMCP bridges Large Language Models with practical penetration testing tools through the Model Context Protocol. It functions as an MCP Server, exposing over 20 security assessment utilities (Nmap, Nuclei, ZAP, SQLMap, etc.) as callable tools within MCP-compatible clients. The server runs in a Docker container, communicating via stdio with client hosts like Claude Desktop or VS Code, enabling natural language control over complex security workflows. It implements asynchronous patterns for long-running scans and includes resource management features.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:AI-assisted penetration testing with natural language control

you:Automated vulnerability scanning through LLM agents

you:Security workflow integration with Claude Desktop or VS Code

you:What is pentestMCP?

you:How do I integrate pentestMCP with Claude Desktop?

When to choose this

Choose pentestMCP when you need AI-powered integration with comprehensive security assessment tools and are already using MCP-compatible environments like Claude Desktop.

When NOT to choose this

Don't choose pentestMCP if you need a GUI-based pentesting interface, have strict containerization requirements that conflict with its Docker setup, or need support for non-MCP AI platforms.

Tools this server exposes

12 tools extracted from the README

run_subfinder
Discovers subdomains using ProjectDiscovery's Subfinder.
launch_nmap_scan
Executes Nmap network scans asynchronously.
fetch_nmap_results
Retrieves results from an asynchronous Nmap scan.
run_gobuster_scan
Performs directory/file/DNS bruteforcing with Gobuster asynchronously.
launch_nuclei_scan
Runs template-based vulnerability scans with ProjectDiscovery's Nuclei asynchronously.
run_sqlmap_tool
Executes SQLmap for SQL injection testing asynchronously.
run_searchsploit
Searches the local Exploit-DB database using Searchsploit.
ad_user_enum
Enumerates users in Active Directory.
ad_bloodhound_collect
Collects data for Active Directory analysis with BloodHound.
run_zap_active_scan
Performs an active scan with OWASP ZAP.
run_curl_tool
Executes cURL commands for HTTP interaction.
fetch_whois_data
Retrieves WHOIS information for a domain.

Comparable tools

security-mcpmcp-nmaphacktanium-mcpnmap-mcp

Installation

Using Pre-built Docker Image (Recommended):

docker pull ramgameer/pentest-mcp:latest

Claude Desktop Integration

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "pentestMCP": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "ramgameer/pentest-mcp:latest"
      ]
    }
  }
}

Restart Claude Desktop after configuration.

FAQ

What is pentestMCP?: pentestMCP is an MCP Server that exposes penetration testing tools (Nmap, Nuclei, ZAP, etc.) as callable tools for AI agents to use in security analysis.
How do I integrate pentestMCP with Claude Desktop?: Add the MCP server configuration to your claude_desktop_config.json file using the Docker run command provided in the README, then restart Claude Desktop.

Compare pentestMCP with

pentestMCP vs mcp-server-chart pentestMCP vs everything pentestMCP vs filesystem pentestMCP vs time pentestMCP vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.