PenTest Server

FreeNot checked

An AI-powered penetration testing server that integrates over 30 security tools with Groq LLM analysis for automated vulnerability scanning, triage, and reporti

by MohitSahoo

GitHub Embed

About

An AI-powered penetration testing server that integrates over 30 security tools with Groq LLM analysis for automated vulnerability scanning, triage, and reporting. It enables users to perform comprehensive security assessments through natural language natively within Claude Desktop.

README

AI-Powered Security Scanning via Model Context Protocol (MCP)

PenTest MCP is a specialized MCP server that exposes 25+ professional security tools to AI agents like Claude Desktop. It enables security researchers and developers to orchestrate penetration testing through natural language, automating complex tool chains and generating professional reports.

Python 3.11+ MCP License: MIT

🚀 Quick Start (Claude Desktop)

Install dependencies:
```
pip install -e .
```

Configure Claude Desktop: Add the following to your claude_desktop_config.json:

{
  "mcpServers": {
    "pentest": {
      "command": "python3",
      "args": [
        "-m",
        "pentest_mcp.mcp_server"
      ],
      "cwd": "/absolute/path/to/pentest-mcp"
    }
  }
}

Restart Claude Desktop and start scanning:
- "Initialize a security assessment for http://localhost:3001"
- "Run a quick scan on http://localhost:3001 with consent"
- "Check if the site has a WAF"
- "Generate the final security report"

Claude Desktop Integration - Full orchestration via the Model Context Protocol.
25+ Security Tools - Including nmap, sqlmap, nuclei, ffuf, nikto, testssl, and more.
Natural Language Orchestration - Ask security questions, Claude picks the right tools.
Preset Scan Modes - Quick Triage and Extensive Assessment modes.
AI-Generated Reports - Professional markdown reports powered by Gemini AI.
CVE Enrichment - Findings are automatically cross-referenced with CVE data.

🛠️ Supported Tools (25)

Category	Tools
Reconnaissance	`subfinder`, `wafw00f`, `nmap`, `whatweb`, `amass`, `dnsrecon`, `theharvester`
Vulnerability Scanning	`nuclei`, `sqlmap`, `dalfox`, `nikto`, `retire`, `commix`, `corscanner`, `graphql_cop`
Web Fuzzing	`ffuf`, `gobuster`, `wfuzz`, `arjun`
TLS/SSL	`sslyze`, `testssl`
Advanced/OSINT	`masscan`, `trufflehog`, `git_dumper`, `jwt_tool`

🔧 Installation & Setup

Prerequisites

Python 3.11+
Gemini API Key (for reports and analysis)
(Recommended) External tools installed: nmap, sqlmap, ffuf, nuclei, etc.

Configuration

Create a .env file in the project root:

GEMINI_API_KEY=your_api_key_here
GEMINI_MODEL=gemini-flash-lite-latest

📁 Project Structure

pentest-mcp/
├── pentest_mcp/
│   ├── mcp_server.py      # Main MCP server entry point
│   ├── scan_modes.py      # Quick & Extensive scan logic
│   ├── session.py         # Session & DB management
│   ├── report_engine.py   # AI report generation
│   ├── llm_providers.py   # Gemini API integration
│   ├── tools/             # Tool wrappers & logic
│   └── models.py          # Pydantic data models
├── vulnerable-app/        # Local test target (Node.js)
├── reports/               # Generated scan reports
└── pyproject.toml         # Project dependencies

🔒 Security Notice

This tool is for authorized security testing only.

Always obtain explicit written permission before scanning any target.
Unauthorized testing is illegal and unethical.
The consent flag is a mandatory requirement for all active scanning tools.

Built with 🐍 Python · 🧠 Gemini AI · 🛡️ MCP

from github.com/MohitSahoo/MCPToolForWebVulnerabilities-

How to install

Run in your terminal:

claude mcp add pentest-mcp-server -- npx

Related MCPs

Fetch

Web content fetching and conversion for efficient LLM usage.

by Community

AWS KB Retrieval

Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.

by modelcontextprotocol

Spring AI MCP Server

Provides auto-configuration for setting up an MCP server in Spring Boot applications.

by Community

llm-analysis-assistant

A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also

by xuzexin-hz

Compare PenTest Server with

PenTest ServervsFetch PenTest ServervsAWS KB Retrieval PenTest ServervsSpring AI MCP Server PenTest Servervsllm-analysis-assistant

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs

loading…

README

AI-Powered Security Scanning via Model Context Protocol (MCP)

Python 3.11+ MCP License: MIT

🚀 Quick Start (Claude Desktop)

Install dependencies:
```
pip install -e .
```

Configure Claude Desktop: Add the following to your claude_desktop_config.json:

{
  "mcpServers": {
    "pentest": {
      "command": "python3",
      "args": [
        "-m",
        "pentest_mcp.mcp_server"
      ],
      "cwd": "/absolute/path/to/pentest-mcp"
    }
  }
}

Restart Claude Desktop and start scanning:
- "Initialize a security assessment for http://localhost:3001"
- "Run a quick scan on http://localhost:3001 with consent"
- "Check if the site has a WAF"
- "Generate the final security report"

Claude Desktop Integration - Full orchestration via the Model Context Protocol.
25+ Security Tools - Including nmap, sqlmap, nuclei, ffuf, nikto, testssl, and more.
Natural Language Orchestration - Ask security questions, Claude picks the right tools.
Preset Scan Modes - Quick Triage and Extensive Assessment modes.
AI-Generated Reports - Professional markdown reports powered by Gemini AI.
CVE Enrichment - Findings are automatically cross-referenced with CVE data.

🛠️ Supported Tools (25)

Category	Tools
Reconnaissance	`subfinder`, `wafw00f`, `nmap`, `whatweb`, `amass`, `dnsrecon`, `theharvester`
Vulnerability Scanning	`nuclei`, `sqlmap`, `dalfox`, `nikto`, `retire`, `commix`, `corscanner`, `graphql_cop`
Web Fuzzing	`ffuf`, `gobuster`, `wfuzz`, `arjun`
TLS/SSL	`sslyze`, `testssl`
Advanced/OSINT	`masscan`, `trufflehog`, `git_dumper`, `jwt_tool`

🔧 Installation & Setup

Prerequisites

Python 3.11+
Gemini API Key (for reports and analysis)
(Recommended) External tools installed: nmap, sqlmap, ffuf, nuclei, etc.

Configuration

Create a .env file in the project root:

GEMINI_API_KEY=your_api_key_here
GEMINI_MODEL=gemini-flash-lite-latest

📁 Project Structure

pentest-mcp/
├── pentest_mcp/
│   ├── mcp_server.py      # Main MCP server entry point
│   ├── scan_modes.py      # Quick & Extensive scan logic
│   ├── session.py         # Session & DB management
│   ├── report_engine.py   # AI report generation
│   ├── llm_providers.py   # Gemini API integration
│   ├── tools/             # Tool wrappers & logic
│   └── models.py          # Pydantic data models
├── vulnerable-app/        # Local test target (Node.js)
├── reports/               # Generated scan reports
└── pyproject.toml         # Project dependencies

🔒 Security Notice

This tool is for authorized security testing only.

Always obtain explicit written permission before scanning any target.
Unauthorized testing is illegal and unethical.
The consent flag is a mandatory requirement for all active scanning tools.

Built with 🐍 Python · 🧠 Gemini AI · 🛡️ MCP

Command Palette

PenTest Server

About

README

🚀 Quick Start (Claude Desktop)

🛠️ Supported Tools (25)

🔧 Installation & Setup

Prerequisites

Configuration

📁 Project Structure

🔒 Security Notice

How to install

Related MCPs

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant

Compare PenTest Server with

PenTest Server

About

README

🚀 Quick Start (Claude Desktop)

🛠️ Supported Tools (25)

🔧 Installation & Setup

Prerequisites

Configuration

📁 Project Structure

🔒 Security Notice

How to install

Related MCPs

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant

Compare PenTest Server with