Pentest MCP

Currently this is being very finnicky about PATH issues, I have a working version stable on my end (npm prod version 0.2.7); if you are having any issues, please paste logs into Issues so I can tackle the problem ASAP

Pentest MCP: Professional Penetration Testing Toolkit

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface. It allows security professionals to execute, chain, and analyze multiple tools through conversational commands.

Comprehensive Toolkit for Professional Pentesters

This toolkit integrates four core penetration testing utilities under a single, intuitive interface:

• Network Reconnaissance with Nmap
• Web Directory Enumeration with Gobuster
• Web Vulnerability Scanning with Nikto
• Password Cracking with John the Ripper

Key Benefits

• Workflow Integration: Chain tools together for comprehensive assessments
• Natural Language Interface: Run complex commands with simple English descriptions
• Automated Reporting: Generate client-ready findings with proper categorization
• Time Efficiency: Execute common pentesting sequences with minimal typing
• Voice Control Compatible: When paired with speech-to-text, allows hands-free operation
• Context Awareness: Tools understand previous scan results and can suggest logical next steps

System Requirements

• Platform: Works on any OS, optimized for Kali Linux
• Tools: Requires Nmap, John the Ripper, Gobuster, and Nikto in your PATH
• Node.js: v16+ (for ESM support)
• MCP Support: A local MCP file server for handling log files (mcp-fileserver or equivalent)
• Permissions: Root/admin for privileged scans (SYN scan, OS detection)

Installation

Installing via Smithery

To install Pentest MCP for Claude Desktop automatically via Smithery:

Manual Installation

MCP Configuration

Add this to your MCP configuration file:

Workflow Examples

Network Discovery & Service Enumeration

Web Application Testing

Multi-Tool Assessment Chain

Custom Password Cracking

Analysis & Reporting

Tool Details

Nmap

The network mapper integration offers full support for:

• Port scanning (TCP SYN, TCP Connect, UDP) with custom port ranges
• Service and version detection with configurable intensity
• OS fingerprinting
• NSE script execution
• Custom timing templates and scan options

Gobuster

Directory and file enumeration for web applications with options for:

• Multiple wordlists and file extension scanning
• Authentication options (basic auth, cookies)
• Customizable threading and status code filtering
• TLS configuration and redirect following

Nikto

Web server vulnerability scanning with support for:

• Comprehensive vulnerability checks
• Authentication and proxy support
• Tunable scan options and timeout configuration
• Finding categorization by vulnerability type

John the Ripper

Password cracking utility with enhanced features:

• Direct hash cracking with wordlists
• Integrated custom wordlist generation
• Pattern-based password creation
• Leetspeak and case variations

Security Notice

AUTHORIZED USE ONLY: This toolkit is for professional penetration testers operating under a valid scope of work. Use only on systems and networks for which you have explicit, written authorization.

OPERATIONAL SECURITY:

• Use VPN for external scanning
• Run in isolated environments
• Monitor scan intensity on sensitive networks

LEGAL COMPLIANCE: Follow all applicable laws and client agreements

Troubleshooting

• Path Issues: Ensure all tools are installed and in your PATH
• Privilege Requirements: SYN scans and OS detection require root/admin
• Permission Errors: Check that the server can write to scan_logs and temp_wordlists
• MCP File Access: Verify that mcp-fileserver (or equivalent) is configured correctly

Contributing

This tool is built for professionals by professionals. Pull requests welcome at the GitHub repository.