渗透工具MCP Server,旨在让AI-Agent或AI客户端能够无缝地调用 Windows 环境中的各种渗透测试工具。A lightweight MCP server tool designed to let AI agents or clients seamlessly invoke various penetration testing tools in a Windows environment.
Configuration
View docs{
"mcpServers": {
"arch3rpro-mcp-pst-server": {
"command": "python3",
"args": [
"/absolute/path/to/mcp_server.py",
"--server",
"http://WINDOWS_IP:5100/"
]
}
}
}You deploy a lightweight MCP server pair to let AI agents drive offensive security tooling on Windows or host systems. The PST MCP Server exposes an API bridge that executes terminal commands remotely, while the MCP Client encapsulates tools as MCP endpoints and forwards requests to the API server. This setup enables AI-assisted penetration testing workflows, automation of common tasks, and streamlined interaction with security tooling from your preferred MCP client.
Connect your MCP client to the PST API server to enable AI-driven command execution on a Windows machine. You can run a local MCP client that talks to the Windows host, or set up remote integrations so AI endpoints can issue commands like network scans, web vulnerability checks, and CTF-related tasks. Start by ensuring the API server is reachable, then configure your MCP client to point at the server URL. Once connected, you can issue tool invocations or general commands and receive structured outputs for analysis and decision making.
Prerequisites: Python 3.x installed on both the PST host and the MCP client machines. Ensure you have network access between the agents and the Windows host where the PST server will run.
On the Windows machine that will host the PST API server, perform the following steps to set up the server and expose its API endpoints.
git clone https://github.com/arch3rPro/MCP-PST-Server.git
cd MCP-PST-Server
pip install -r requirements.txt
python3 pst_server.pyConfigure your MCP client to connect to the PST API server. The following examples show the standard stdio configuration where you run the MCP server wrapper as a separate process and point it at the PST API server URL.
# Claude Desktop example
# Claimed path placeholders to illustrate the setup
{
"mcpServers": {
"pst_mcp": {
"command": "python3",
"args": [
"/absolute/path/to/mcp_server.py",
"--server",
"http://WINDOWS_IP:5100/"
]
}
}
}Use all tools only within legally authorized scopes. The system passes parameters directly to underlying tools, so validate inputs to minimize risk of injection or unintended actions. The default command execution timeout is 180 seconds and can be adjusted at startup.
Network scanner used to discover hosts and services on a computer network and to map out open ports.
Fingerprinting tool for web application analysis and HTTP server characteristics.
Command-line tool for transferring data with URLs, supporting a variety of protocols.
Directory and file brute-forcing tool to discover hidden paths and content.
Passive DNS and subdomain discovery tool for mapping an attack surface.
DNS enumeration tool to discover and resolve DNS records with additional options.
Fast port scanning tool designed to quickly identify open ports.
Portable vulnerability scanner that uses templates to detect issues.
Directory discovery and content enumeration tool for web applications.
Fuzzing and vulnerability discovery tool for web targets.
Web server scanner that tests for numerous vulnerabilities and misconfigurations.
Extremely fast port scanner suitable for large ranges and networks.
Password cracking tool used for offline analysis against password hashes.
Exploitation framework for developing and executing security tests.
Networking utility for reading from and writing to network connections.
Recursive internet scanner that aggregates multiple enumeration modules.
HTTP probing utility for fast and flexible URL checks.
Fuzzer for content discovery and URL enumeration.
Content discovery tool built on FFUF for directory enumeration.
Fuzzing and scanning tool to identify vulnerabilities across targets.
Parallelized password cracker for many protocols.
Extracts and enumerates browser data for testing contexts.