pentest

Provides an MCP-powered bridge to 20+ security tools for automated and interactive pentesting workflows.
  • python

31

GitHub Stars

python

Language

5 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "ramkansal-pentestmcp": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "ramgameer/pentest-mcp:latest"
      ]
    }
  }
}

pentestMCP provides a secure bridge between conversational agents and practical security assessment tools through the Model Context Protocol (MCP). It exposes a curated suite of security utilities inside a Dockerized MCP Server, enabling AI-driven workflows to perform automated and interactive penetration testing tasks via MCP clients.

How to use

You will use an MCP client host (such as Claude Desktop or a VS Code-based agent) to interact with pentestMCP. The client connects to the MCP server inside a Docker container and presents you with a catalog of available tools. You ask for a scan or test, the client selects the appropriate tool, and the MCP server executes the underlying command while returning results to the client for you to review.

How to install

Prerequisites you need before starting are: Docker installed and running on your system. Optionally, you may have an OWASP ZAP instance running for certain ZAP-based tools.

# 1) Pull the pre-built MCP server image
# This is the recommended path for quickest setup
docker pull ramgameer/pentest-mcp:latest

# 2) Run the MCP server container. It will expose its MCP interface via stdio
# The client host communicates with the server through an interactive session
# Adjust the image tag if you built a custom variant
docker run --rm -i ramgameer/pentest-mcp:latest

Configuration and notes

The MCP server is designed to run inside Docker and speaks through stdio to a Client Host. You will configure your client to launch the server using a docker run command, and you will select tools to execute against target systems. If you use a local ZAP instance, ensure it is reachable from inside the pentestMCP container for ZAP-related tools to function.

Security and usage notes

Only run these tools against systems you are authorized to test. Tools execute with restricted file-system privileges inside Docker, but the host may still be affected by long-running scans. Keep sensitive targets protected behind proper access controls and network boundaries.

Tool reference overview

The server provides a broad toolkit for reconnaissance, vulnerability scanning, web application testing, and exploitation support. Each tool is invoked through a standardized MCP command exposed by the server.

Available tools

run_subfinder

Discovers subdomains using ProjectDiscovery's Subfinder to enumerate potential targets and related infrastructure.

run_nmap_scan

Executes Nmap network scans to identify open ports, services, and underlying versions.

fetch_nmap_results

Fetches results of an asynchronous Nmap scan and returns a structured report.

run_gobuster_scan

Performs directory, file, and DNS bruteforcing with Gobuster to reveal hidden resources.

check_gobuster_status

Checks the status of an ongoing Gobuster scan and retrieves progress or results.

run_dig_tool

Executes DNS dig queries to inspect zone data and name resolution behavior.

fetch_whois_data

Retrieves WHOIS information for a domain to reveal ownership and registration details.

run_curl

Executes HTTP requests to interact with web services and fetch responses.

launch_nuclei_scan

Runs template-based vulnerability scans using ProjectDiscovery's Nuclei.

fetch_nuclei_results

Fetches asynchronous results from a running nuclei scan.

run_wpscan

Performs WordPress vulnerability scanning to identify common weaknesses.

run_zap_tool

General ZAP command executor to interface with the OWASP ZAP toolset.

run_zap_active_scan

Starts an active scan in ZAP to identify exploitable web app weaknesses.

check_scan_status

Checks the status of an active ZAP scan and reports progress.

active_scan_results

Retrieves results from an completed or ongoing ZAP active scan.

run_ajax_spider

Manages ZAP's AJAX Spider to crawl dynamic web applications.

check_ajax_spider_status

Checks progress of ZAP's AJAX Spider.

get_ajax_spider_results

Fetches results from the AJAX Spider crawl.

run_searchsploit

Searches the local Exploit-DB database using Searchsploit for known exploits.

run_sqlmap_tool

Executes SQLMap for automated SQL injection testing against targets.

check_sqlmap_status

Monitors the progress and results of async SQLMap runs.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational