- Home
- MCP servers
- Pentest
Pentest
- typescript
5
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"adriyansyah-mf-mcp-pentest": {
"command": "node",
"args": [
"path/to/mcp-pentest/dist/index.js"
],
"env": {
"ENV": "{}"
}
}
}
}You can run an automated penetration testing workflow with an MCP Pentest Server that automatically performs reconnaissance, vulnerability assessment, and controlled exploitation based on detected technologies. This server-oriented setup helps you orchestrate multiple testing tools and generate actionable reports with AI-assisted guidance and risk-based prioritization.
How to use
Use the MCP Pentest Server from your MCP client to initiate automated penetration testing workflows. You can run a full-spectrum automated pentest, trigger reconnaissance only, or perform targeted scans and exploitation attempts. The server accepts commands to coordinate multiple tools, adjust scope, and produce comprehensive reports with executive summaries and evidence.
How to install
Follow these steps to install and configure the MCP Pentest Server alongside your MCP client.
{
"mcpServers": {
"pentest": {
"command": "node",
"args": ["path/to/mcp-pentest/dist/index.js"],
"env": {}
}
}
}
Additional sections
Prerequisites include Node.js and npm for running the MCP Pentest Server locally. The installation flow shown here builds the project and wires it into your MCP client configuration, enabling you to start automated testing with a single call from your client.
Configuration and usage notes
To start using the MCP Pentest Server, ensure your client is configured with the provided MCP server entry. The pentest server runs as a local process and is started via the node runtime, pointing to the built distribution index. If you adjust the server path or build output location, update the args accordingly in the configuration.
Security considerations
Always obtain explicit authorization before running automated pentests. Use the built-in safety features such as rate limiting and timeout controls to prevent unintentional impact on live systems. Validate the testing scope, maintain detailed logs, and ensure results are disclosed responsibly.
Troubleshooting
If the MCP Pentest Server fails to start, verify that Node.js is installed and that the distribution path in the configuration points to a valid index.js file. Check for missing dependencies by running a fresh npm install in the project root, then rebuild with npm run build. Review logs from the MCP client for any connection or negotiation errors with the pentest server.
Notes
This guide focuses on practical steps to install, configure, and use the MCP Pentest Server in a local environment. It emphasizes concrete commands, configuration blocks, and actionable usage patterns to help you set up automated testing workflows efficiently.
Available tools
nmap_scan
Port scanning and host discovery using Nmap with configurable scan modes.
tech_detection
Automatic technology fingerprinting to identify web frameworks, servers, and tech stacks.
subdomain_enum
Subdomain enumeration using certificate transparency data and DNS brute-forcing.
nuclei_scan
Automated vulnerability scanning with Nuclei templates and severity filtering.
sqlmap_scan
SQL injection testing against target URLs with provided parameters.
metasploit_search
Search for Metasploit modules matching target services and platforms.
exploit_attempt
Attempt automated exploitation against identified vulnerabilities with controlled payloads.
suggest_next_steps
AI-powered recommendations for the next testing actions based on results.
generate_report
Produce comprehensive HTML/PDF/JSON/Markdown reports with evidence and remediation guidance.