- Home
- MCP servers
- MCP Pentest Server
MCP Pentest Server
- python
23
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"allsmog-mcp-pentest": {
"command": "python",
"args": [
"/path/to/mcp-pentest/server.py"
]
}
}
}MCP (Model Context Provider) for Penetration Testing is an AI-assisted middleware that connects penetration testing tools, normalizes their outputs, and guides you through reconnaissance, scanning, exploitation, post-exploitation, and reporting. It aggregates real-time tool results into a unified engagement context and provides LLM-powered insights to help you make informed decisions during a legal, authorized security test.
How to use
You use MCP by running its local server (stdio-based) and connecting an MCP client or environment that can communicate with the MCP protocol. In practice, you start the server locally and then issue commands from your toolchain or editor to perform reconnaissance, scanning, exploitation, and reporting tasks. The system enforces a standard engagement flow: recon → scanning → exploitation → post-exploitation → reporting, and it surfaces results in a consistent, queryable format.
How to install
Prerequisites you need before installing MCP are Python 3.8 or newer and a suitable network tool set for your engagements (as applicable, Nmap for scanning and Gobuster for web enumeration). Ensure you have proper authorization and a clearly defined scope for any penetration testing activity.
# Step 1: Clone the MCP pentest server repository
git clone https://github.com/allsmog/mcp-pentest.git
cd mcp-pentest
# Step 2: Install the MCP server package in editable mode
pip install -e .
# Step 3: Install required runtime dependencies (the MCP package and peers)
pip install mcp
Configuration and running the local MCP server
To run the local MCP server, you execute the Python entry point that serves the MCP protocol via stdio. The example shows starting the server directly from the script path, allowing you to interact with counselors, clients, or editors that speak the MCP protocol.
# Start the MCP server directly
python server.py
# The server communicates over stdio and accepts MCP protocol messages
Testing with a client (Claude Desktop example)
If you use a desktop client to drive MCP, configure the client to launch the MCP server with the appropriate command and arguments. The configuration points to the Python interpreter and the server script, with an environment block for any needed variables.
{
"mcpServers": {
"mcp_pentest": {
"command": "python",
"args": ["/path/to/mcp-pentest/server.py"],
"env": {}
}
}
}
Available tools
Reconnaissance
Coordinate information gathering using integrated tools to build a baseline map of the target environment.
Scanning
Perform network and web enumeration with supported scanners to identify open ports, services, and potential vulnerabilities.
Exploitation
Coordinate exploit attempts through the integrated exploitation framework or compatible tooling.
Post-exploitation
Enumerate and gather additional context, credentials, and pivot opportunities after initial access.
Reporting
Structure findings and actions into a comprehensive report, preserving knowledge across the engagement.
LLM Insights
Provide AI-assisted guidance and interpretation of findings, helping prioritize next steps.
Context Aggregation
Aggregate tool outputs into a unified engagement context for real-time analysis.
Security & Access Control
Enforce role-based access and sanitize data interactions with the LLM for safe operation.