NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, wordlist building, and more.
Multi-transport MCP server for penetration testing - works locally via stdio, over the network via HTTP streaming, or with legacy SSE clients. Run it in Docker, deploy it remotely, or use it locally - your choice.
npm install -g pentest-mcp
npx -y @smithery/cli install @DMontgomery40/pentest-mcp --client claude
# Local subprocess mode (default)
pentest-mcp
# Network mode with HTTP streaming
MCP_TRANSPORT=http pentest-mcp
# Legacy SSE mode
MCP_TRANSPORT=sse pentest-mcp
Perfect for Claude Desktop and local development:
{
"servers": [{
"name": "pentest-mcp",
"command": "pentest-mcp"
}]
}
Deploy anywhere, access from anywhere:
# Start server
MCP_TRANSPORT=http pentest-mcp
# Or with Docker
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest
Configure your client:
{
"servers": [{
"name": "pentest-mcp",
"url": "http://localhost:8000/mcp"
}]
}
For backward compatibility with older clients:
MCP_TRANSPORT=sse MCP_SERVER_PORT=8001 pentest-mcp
# STDIO mode (for local MCP clients)
docker run -it --rm --privileged pentest-mcp:latest
# HTTP mode (for network access)
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest
# Clone and build
git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
docker-compose build
# Run your preferred transport
docker-compose --profile stdio up
docker-compose --profile http up
docker-compose --profile sse up
MCP_TRANSPORT
: Choose transport (stdio, http, sse)MCP_SERVER_HOST
: Bind address (default: 0.0.0.0)MCP_SERVER_PORT
: Server port (default: 8000)Set mode to professional.
Scan 192.168.1.0/24 with SYN scan and service detection.
Scan 10.0.1.0/24 for web servers.
For each web server found, enumerate directories with gobuster using common.txt.
Run nikto against all discovered web servers.
Create a client report summarizing the findings.
Generate a wordlist for company "Acme Corp" founded in 1995 by John Smith.
Crack these hashes using the generated wordlist:
admin:$1$xyz$...
user:$1$abc$...
npm install -g pentest-mcp
git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
npm install
npm run build
# macOS
brew install nmap john-jumbo gobuster nikto
# Debian/Ubuntu
sudo apt update
sudo apt install nmap john gobuster nikto
# Kali Linux (pre-installed)
# All tools come pre-installed
Pentest MCP now supports OAuth 2.1 authentication for HTTP/SSE transports, enabling:
.env
:MCP_OAUTH_ENABLED=true
MCP_OAUTH_PROVIDER_URL=https://your-domain.auth0.com/oauth2
MCP_OAUTH_CLIENT_ID=your_client_id
MCP_OAUTH_CLIENT_SECRET=your_client_secret
MCP_OAUTH_SCOPES=read,write,scan
MCP_TRANSPORT=http npm start
const client = new McpClient();
await client.connect('http://localhost:8000/mcp', {
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
}
});
When OAuth is enabled, the following endpoints are available:
/.well-known/oauth-authorization-server
- Authorization server metadata/.well-known/oauth-protected-resource
- Protected resource metadata/oauth/authorize
- Authorization endpoint (if acting as auth server)/oauth/token
- Token endpoint (if acting as auth server)โ ๏ธ AUTHORIZED USE ONLY: This toolkit is for professional penetration testers operating under valid scope of work. Use only on systems and networks for which you have explicit written authorization.
๐ณ Docker Security Note: The --privileged
flag is required for certain scans (SYN, OS detection). Only use in trusted environments or VMs.
Ensure all required tools are in your PATH:
which nmap john gobuster nikto
For SYN scans and OS detection:
# Run with sudo locally
sudo pentest-mcp
# Or use Docker with --privileged
docker run --privileged pentest-mcp:latest
rm -rf node_modules dist
npm install
npm run build
Pull requests welcome at the GitHub repository. Built for professionals by professionals.
GPL-3.0-or-later - See LICENSE file for details.
{ "mcpServers": { "pentest-mcp": { "command": "pentest-mcp", "args": [] } } }
Related projects feature coming soon
Will recommend related projects based on sub-categories