Pentester
БесплатноНе проверенEnables AI assistants to autonomously execute over 200 open-source penetration testing tools via MCP, including reconnaissance, web exploitation, and brute-forc
Описание
Enables AI assistants to autonomously execute over 200 open-source penetration testing tools via MCP, including reconnaissance, web exploitation, and brute-forcing, through a unified server architecture with Docker sandboxing for safe execution.
README
Pentester-MCP
Empower your AI assistants with the ultimate open-source penetration testing arsenal.
Overview
Pentester-MCP provides Model Context Protocol (MCP) integration for over 200+ of the most popular open-source cybersecurity and penetration testing tools.
By adding Pentester-MCP to an AI assistant (like Claude Desktop, Cursor, or specialized agents), the AI gains the autonomous ability to act as a penetration tester:
- It can run
nmapscans, analyze open ports, and automatically decide to runffufon discovered web servers. - It can execute
sqlmapagainst parameters it identifies as vulnerable. - It understands tool arguments, required flags, and syntaxes thanks to AI-optimized documentation strings injected into every MCP tool.
All 235 Python *_mcp.py tools were generated intelligently from cheat sheets to ensure safe execution (e.g., preventing shell injection, enforcing timeouts, and handling huge terminal outputs).
The Arsenal
The tools/ directory includes MCP servers for almost every category:
- Reconnaissance:
nmap,masscan,recon-ng,amass,subfinder,nuclei - Web Exploitation:
sqlmap,commix,ffuf,gobuster,dirsearch,nikto - Active Directory & Network:
impacket(full suite),bloodhound,responder,evil-winrm - Brute-Forcing & Password:
hydra,medusa,john,hashcat,nxc - And 200+ more covering WiFi, Cloud, Kubernetes, Android, and reversing.
Installation & Usage
Because of the massive amount of tools, installing everything on your host machine can be messy. Therefore, Pentester-MCP offers two primary ways to run: Local Execution and Docker Sandbox (Recommended).
Method A: Docker Sandbox (Recommended & Secure)
Running tools via Docker isolates the execution from your host operating system and avoids polluting your system with hundreds of dependencies.
Clone the repository:
git clone https://github.com/halilkirazkaya/pentester-mcp.git cd pentester-mcpSelect your Tools (
configs/*.yaml): Open your target configuration file in theconfigs/directory (e.g.,example-config.yaml) and settruefor any tool you wish to enable. By default, thedocker-compose.ymlpoints toexample-config.yaml.Build and Run the Sandbox:
docker compose up -d --buildYour container is now running silently in the background.
Add to your AI Client: Open your MCP client's configuration (e.g.,
claude_desktop_config.json) and route the commands directly to theserver.pyentrypoint. Seemcp-config.jsonfor a ready-to-use snippet.
Method B: Local Execution (Fastest Setup)
If you already have Kali Linux, Parrot OS, or you specifically only want to use the tools already installed on your host system:
Clone and Setup Virtual Environment:
git clone https://github.com/halilkirazkaya/pentester-mcp.git cd pentester-mcp python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txtAdd to your AI Client: Direct the AI client to execute the specific tool using your local python environment. You will need to extract the tool definitions from the
configs/directory and replace the"docker exec -i pentester-mcp /app/.venv/bin/python"arguments with your host machine's python path.Note: If the tool binary (e.g.,
nmaporgobuster) is not installed on your host system, the AI will gracefully receive aFileNotFoundErrorand inform you.
🔧 Configuring MCP Clients (Claude, Cursor, etc.)
Unlike legacy setups requiring you to register a server per tool out of 235 options, Pentester-MCP now uses a Unified Server Architecture.
- Define which tools you want available by editing a configuration file in
configs/(e.g.,example-config.yaml). - Add the single Unified Server to your Claude/Cursor configuration.
Claude Desktop Example
Simply copy the contents of mcp-config.json into your claude_desktop_config.json file. It will look exactly like this:
{
"mcpServers": {
"pentester_mcp": {
"command": "docker",
"args": [
"exec",
"-i",
"pentester-mcp",
"/app/.venv/bin/python",
"/app/server.py"
]
}
}
}
WARNING: The configs use
docker exec -i pentester-mcpwhich targets the running Docker container namedpentester-mcp. Ensure the container is running viadocker compose up -dbefore using the AI assistant.
Contributing & Architecture
The Python scripts in the tools/ directory are auto-generated from YAML cheat sheets to guarantee consistent API design (proper timeouts, truncating outputs to >8000 chars, no shell=True vulnerabilities).
If you have a request for a new tool to be added, please feel free to open an issue.
Disclaimer
Legal Disclaimer: This project is created strictly for educational purposes, authorized auditing, and ethical hacking. The developers of Pentester-MCP assume no liability and are not responsible for any misuse or damage caused by this software. Never use these tools against environments you do not own or do not have explicit, written permission to test.
Установка Pentester
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/halilkirazkaya/pentester-mcpFAQ
Pentester MCP бесплатный?
Да, Pentester MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Pentester?
Нет, Pentester работает без API-ключей и переменных окружения.
Pentester — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Pentester в Claude Desktop, Claude Code или Cursor?
Открой Pentester на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Pentester with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
