playbooks

home / mcp / professional penetration testing mcp server

Professional Penetration Testing MCP Server

An MCP server delivering enterprise-grade pentesting tools inside a secure Docker/Kali environment for authorized assessments.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "angry-althaf-pentest-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--cap-add=NET_RAW",
        "--cap-add=NET_ADMIN",
        "--cap-add=NET_BIND_SERVICE",
        "pentest-mcp-pro",
        "python3",
        "pentest_server.py"
      ]
    }
  }
}

You have a secure MCP server that bundles 40+ professional penetration testing tools inside a controlled Docker environment. It enables AI-assisted security assessments for authorized engagements, providing isolated tool execution, strict input validation, and automatic results management to help you plan, run, and document professional pentests.

How to use

You connect to the professional MCP server from your MCP client (Claude Desktop) and run tool workflows in a secure, isolated container. Each workflow invokes a specific suite of pentest tools (network recon, web app testing, exploitation, password testing, post-exploitation, SSL/TLS checks, and wireless security) without exposing direct host access. Results are saved with timestamps and presented in a structured format for review and reporting.

How to install

Prerequisites you need before starting: Docker Desktop installed and running, Claude Desktop installed and up to date, Git available for cloning, and administrative privileges to run Docker commands.

git clone https://github.com/yourusername/pentest-mcp-server.git
cd pentest-mcp-server

docker build -t pentest-mcp-pro .
```

Note: Initial build may take 15โ€“30 minutes due to comprehensive tool installation.

Configuration for Claude Desktop

Configure Claude Desktop to load the professional MCP server. Add a connection named pentest_professional that runs the MCP server inside Docker and exposes the Python entry point pentest_server.py.

{
  "mcpServers": {
    "pentest_professional": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--cap-add=NET_RAW",
        "--cap-add=NET_ADMIN",
        "--cap-add=NET_BIND_SERVICE",
        "pentest-mcp-pro",
        "python3",
        "pentest_server.py"
      ]
    }
  }
}

Start and verify

Restart Claude Desktop to initialize the new MCP server connection. In Claude Desktop, confirm that the professional pentest server is connected and exposes the 40+ tools. You can then select workflows to run, review results, and manage reports.

Additional configuration notes

The MCP server runs tools inside a Kali-based container with input sanitization, non-root execution, and structured logging. Outputs are stored with timestamps to enable organized review and auditing.

Examples of workflows you can run

Perform a comprehensive nmap scan on 192.168.1.0/24 with version detection
Run a stealth SYN scan on 10.0.0.1 ports 1-1000
Execute aggressive nmap scan with OS detection on target.local
Use masscan to quickly scan 192.168.1.0/24 for common ports at rate 5000
Enumerate subdomains for example.com using amass in passive mode

Available tools

nmap_scan

Network reconnaissance tool with multiple scan types including stealth, version, aggressive, UDP, and vulnerability scripts.

masscan_scan

High-speed port scanner for large networks with configurable scan rate.

dnsenum_scan

DNS enumeration to test subdomains, nameservers, and zone configurations.

amass_enum

OWASP subdomain enumeration in passive or active modes.

traceroute

Network path analysis to identify routing topology.

whois

WHOIS lookup for domain registration data.

nikto

Web vulnerability scanner covering OWASP Top 10 with SSL/TLS support.

sqlmap_scan

SQL injection testing across multiple DBMS with customizable risk and level.

wpscan_scan

WordPress security scanner with plugin, theme, and user enumeration.

ffuf_scan

Fast web fuzzer for directory, file, parameter, and vhost discovery.

nuclei_scan

Template-driven CVE and misconfiguration vulnerability detection.

wafw00f

WAF fingerprinting to detect web application firewalls.

whatweb

Technology fingerprinting for CMS, frameworks, and server detection.

gobuster_scan

Directory, DNS, and VHost discovery with custom wordlists.

dirb_scan

Web content brute-forcing with multiple wordlists.

searchsploit

Local ExploitDB search with exact matching.

metasploit

Exploitation framework with module search and identification.

hydra_bruteforce

Network login brute-forcing across services with rate limiting.

john

Password hash cracking with multiple formats and custom wordlists.

hashcat_crack

GPU-accelerated cracking with advanced attack modes.

hashid

Automatic hash type detection.

enum4linux

SMB/Samba enumeration for users, shares, and policies.

smbmap

SMB share auditing with permissions checks.

sslscan

SSL/TLS cipher and protocol analysis.

testssl_scan

Advanced SSL vulnerability scanning for common weaknesses.

aircrack_scan

Wireless security testing for WPA/WPA2 passwords from captures.