home / mcp / pentest mcp server
Orchestrates automated reconnaissance, vulnerability assessment, and exploitation using integrated tools with AI-guided workflow and reporting.
Configuration
View docs{
"mcpServers": {
"adriyansyah-mf-mcp-pentest": {
"command": "node",
"args": [
"path/to/mcp-pentest/dist/index.js"
],
"env": {
"ENV": "{}"
}
}
}
}You can run an automated penetration testing workflow with an MCP Pentest Server that automatically performs reconnaissance, vulnerability assessment, and controlled exploitation based on detected technologies. This server-oriented setup helps you orchestrate multiple testing tools and generate actionable reports with AI-assisted guidance and risk-based prioritization.
Use the MCP Pentest Server from your MCP client to initiate automated penetration testing workflows. You can run a full-spectrum automated pentest, trigger reconnaissance only, or perform targeted scans and exploitation attempts. The server accepts commands to coordinate multiple tools, adjust scope, and produce comprehensive reports with executive summaries and evidence.
Follow these steps to install and configure the MCP Pentest Server alongside your MCP client.
{
"mcpServers": {
"pentest": {
"command": "node",
"args": ["path/to/mcp-pentest/dist/index.js"],
"env": {}
}
}
}Prerequisites include Node.js and npm for running the MCP Pentest Server locally. The installation flow shown here builds the project and wires it into your MCP client configuration, enabling you to start automated testing with a single call from your client.
To start using the MCP Pentest Server, ensure your client is configured with the provided MCP server entry. The pentest server runs as a local process and is started via the node runtime, pointing to the built distribution index. If you adjust the server path or build output location, update the args accordingly in the configuration.
Always obtain explicit authorization before running automated pentests. Use the built-in safety features such as rate limiting and timeout controls to prevent unintentional impact on live systems. Validate the testing scope, maintain detailed logs, and ensure results are disclosed responsibly.
If the MCP Pentest Server fails to start, verify that Node.js is installed and that the distribution path in the configuration points to a valid index.js file. Check for missing dependencies by running a fresh npm install in the project root, then rebuild with npm run build. Review logs from the MCP client for any connection or negotiation errors with the pentest server.
This guide focuses on practical steps to install, configure, and use the MCP Pentest Server in a local environment. It emphasizes concrete commands, configuration blocks, and actionable usage patterns to help you set up automated testing workflows efficiently.
Port scanning and host discovery using Nmap with configurable scan modes.
Automatic technology fingerprinting to identify web frameworks, servers, and tech stacks.
Subdomain enumeration using certificate transparency data and DNS brute-forcing.
Automated vulnerability scanning with Nuclei templates and severity filtering.
SQL injection testing against target URLs with provided parameters.
Search for Metasploit modules matching target services and platforms.
Attempt automated exploitation against identified vulnerabilities with controlled payloads.
AI-powered recommendations for the next testing actions based on results.
Produce comprehensive HTML/PDF/JSON/Markdown reports with evidence and remediation guidance.