PentestThinking

A systematic, AI-powered penetration testing reasoning engine (MCP server) for attack path planning, CTF/HTB solving, and automated pentest workflows. Features Beam Search, MCTS, attack step scoring, and tool recommendations.
  • javascript

28

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "ibrahimsaleem-pentestthinkingmcp": {
      "command": "node",
      "args": [
        "path/to/pentestthinkingMCP/dist/index.js"
      ]
    }
  }
}

You use PentestThinkingMCP to guide automated and human-driven penetration testing with structured planning, stepwise reasoning, and tool recommendations. It orchestrates attack paths using Beam Search and Monte Carlo Tree Search, helping you explore multi-stage exploits while keeping track of evidence and potential outcomes.

How to use

Interact with the server by sending attack step updates to receive the next best action, the full attack chain, recommended tools, and a visualizable attack path tree. The server evaluates each step using two search strategies and returns prioritized next steps, enabling you to iterate through reconnaissance, enumeration, vulnerability analysis, exploitation, and post-exploitation planning.

How to install

git clone https://github.com/ibrahimsaleem/PentestThinkingMCP.git
cd PentestThinkingMCP
npm install
npm run build

Configuration and usage examples

Configure your MCP client to connect to this server as a local (stdio) provider. The following configuration shows how to register the server so your client can invoke it directly.

{
  "mcpServers": {
    "pentestthinkingMCP": {
      "command": "node",
      "args": ["path/to/pentestthinkingMCP/dist/index.js"]
    }
  }
}

Notes on security, troubleshooting, and best practices

  • Ensure your MCP client securely authenticates to the server if you expose it beyond a trusted network. Use environment-specific access controls and rotate any tokens if provided. - Start with non-destructive test steps to map the attack surface before attempting exploitation paths. - Maintain logs of decision points and outcomes to support reporting and collaboration with peers.

Tools and capabilities overview

The server provides structured guidance and tool recommendations for each stage of an engagement. Typical tools you may see suggested include network scanners, enumeration helpers, and exploit libraries to validate viability of exploitation steps.

Example workflow overview

  1. Recon: you provide an initial target; the system suggests scanning approaches and the initial probe tools. 2) Enumeration: it proposes deeper service discovery and protocol analysis. 3) Vulnerability Analysis: it recommends relevant public advisories and exploit references. 4) Exploitation: it highlights plausible exploit chains and corresponding tooling. 5) Privilege Escalation: it suggests checks and escalation utilities. 6) Root/Flag: it points to reliable post-exploitation validation steps.

License

MIT

Available tools

Beam Search

A method to explore a fixed-width set of the most promising attack paths, enabling systematic construction of multi-step exploits.

MCTS

Monte Carlo Tree Search to balance exploration of new vectors with exploitation of known weaknesses in dynamic scenarios.

nmap

Network scanning tool recommended for initial host discovery and port enumeration.

metasploit

Exploit framework recommended for validating and delivering exploits within approved test scopes.

linpeas

Privilege-escalation and local enumeration tool for post-access assessment.

enum4linux

Enumeration tool for SMB and Windows networking details on target hosts.

searchsploit

Exploit database search tool to locate known vulnerabilities and applicable exploits.

winPEAS

Post-exploitation enumeration tool for Windows privilege escalation checks.

AlwaysInstallElevated

Historical Windows misconfiguration check related to privilege elevation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational