home / mcp / pentest tools mcp server

Pentest Tools MCP Server

Pentest-Tools-MCP-Server

Installation

Add the following to your MCP client configuration file.

Configuration

{
  "mcpServers": {
    "ch1nhpd-pentest-tools-mcp-server": {
      "command": "docker-compose",
      "args": [
        "run",
        "--rm",
        "pentest-tools",
        "python3",
        "pentest-tools-mcp-server.py"
      ],
      "env": {
        "YOUR_PATH": "C:\\\\path\\\\to\\\\pentest-tools or /path/to/pentest-tools",
        "DOCKER_HOST": "tcp://192.168.1.100:2375"
      }
    }
  }
}

You run a Pentest Tools MCP Server to orchestrate a suite of penetration testing utilities through MCP clients. It exposes reconnaissance, directory and vulnerability scanning, API testing, and automated reporting, making it easy to trigger complex security assessments from familiar MCP interfaces.

How to use

You connect an MCP client, such as Claude Desktop or another compatible MCP client, to the Pentest Tools MCP Server. Use the client’s commands to perform targeted tests against your targets and to generate reports. The server supports practical workflows like starting a reconnaissance pass, running directory scans, executing vulnerability checks, testing APIs, and producing structured reports from templates.

How to install

Prerequisites you need before installation are Docker and Docker Compose for containerized setup, Python 3.10+ for local setup, and an MCP-compatible client (such as Claude Desktop). You may also install Python virtual environments and the uv or similar tooling if you prefer a local setup.

# Create a project directory
mkdir -p pentest-tools
cd pentest-tools

# Optional: initialize a Python virtual environment for local setup
uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install Python dependencies (local setup)
uv pip install -r requirements.txt

# Install and prepare Docker-based setup (recommended)
# Ensure Docker and Docker Compose are installed on your system

Additional setup notes

Directory structure you will use locally should include reports, templates, and wordlists for storing scan outputs and templates. The main MCP server file is pentest-tools-mcp-server.py and configuration is provided in config.json with Python dependencies listed in requirements.txt. If you choose to run the server in Docker, you will use docker-compose.yml to orchestrate the container.

If you prefer a Docker-based workflow, start the container in detached mode and verify it is running, then view logs for troubleshooting.

Security and best practices

Always have explicit permission to scan targets. Keep all tools and dependencies up to date, review scan results carefully, and follow responsible disclosure practices. Use pre-configured wordlists from SecLists and manage templates to generate consistent reports.

Available tools

Reconnaissance

Perform reconnaissance tasks to identify assets, collect metadata, and map the target surface area.

Directory scanning

Run directory discovery using tools like FFuf and Dirsearch to enumerate available resources.

Vulnerability scanning

Execute vulnerability checks with tools such as Nuclei and XSStrike to identify weaknesses.

API testing

Test APIs for security and reliability, including endpoint validation and input handling.

Automated report generation

Produce structured scan reports using predefined templates for quick review.

Claude Desktop integration

Integrate MCP server actions with Claude Desktop for command-based orchestration.