playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

Pentest Tools MCP server

Enables AI to perform comprehensive penetration testing and security assessments on web applications and networks using tools like Nmap, SQLMap, and XSStrike for vulnerability detection and exploitation.
Back to servers
Provider
ch1nhpd
Release date
Apr 23, 2025
Language
Python
Stats
1 star
View on GitHub

The MCP server for penetration testing tools integrates with Claude Desktop and other MCP-compatible clients, providing a comprehensive suite of pentesting capabilities including directory scanning, vulnerability assessment, API testing, and reconnaissance tools - all accessible through a simple command interface.

Prerequisites

  • Docker and Docker Compose (for containerized setup)
  • Claude Desktop application or other MCP-compatible client
  • Python 3.10+ and uv (for local setup)

Installation

Directory Setup

Create the required directories:

mkdir -p reports templates wordlists

Your directory structure should look like this:

pentest-tools/
├── reports/          # For storing scan reports
├── templates/        # For report templates
├── wordlists/        # For custom wordlists
├── pentest-tools-mcp-server.py
├── config.json
├── requirements.txt
├── docker-compose.yml
└── Dockerfile

Docker Setup (Recommended)

Build and start the container:

docker-compose up -d --build

Verify the container is running:

docker-compose ps

Check logs if needed:

docker-compose logs -f

Local Setup

Install dependencies:

uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -r requirements.txt

Install required system tools (example for Ubuntu/Debian):

sudo apt-get install nmap whatweb dnsrecon theharvester ffuf dirsearch sqlmap

Claude Desktop Integration

Configure Claude Desktop

Find the configuration file in:

Windows:

%APPDATA%\Claude\claude_desktop_config.json

MacOS/Linux:

~/Library/Application Support/Claude/claude_desktop_config.json

Add Server Configuration

For Docker setup:

{
    "mcpServers": {
        "pentest-tools": {
            "command": "docker-compose",
            "args": [
                "run",
                "--rm",
                "pentest-tools",
                "python3",
                "pentest-tools-mcp-server.py"
            ],
            "cwd": "\\Path\\to\\pentest-tools"
        }
    }
}

If the above configuration doesn't work on Windows, try this alternative:

{
    "mcpServers": {
        "pentest-tools": {
            "command": "cmd",
            "args": [
                "/c",
                "cd /d \\path\\to\\pentest-tools && docker-compose run --rm pentest-tools python3 pentest-tools-mcp-server.py"
            ]
        }
    }
}

Note about cwd (Current Working Directory):

  • It must be the absolute path to the directory containing docker-compose.yml
  • On Windows, use double backslashes (\) in paths
  • On Linux/MacOS, use forward slashes (/)

After configuration, restart Claude Desktop.

Usage

Available Commands

Reconnaissance:

/recon example.com

Directory scanning:

/scan example.com --type directory

Vulnerability scanning:

/scan example.com --type full
/scan example.com --type xss
/scan example.com --type sqli
/scan example.com --type ssrf

API testing:

/scan api.example.com --type api

Natural Language Commands

You can also use natural language, such as:

  • "Run a full security scan on example.com"
  • "Check for XSS vulnerabilities on example.com"
  • "Perform reconnaissance on example.com"

Security Notes

  • Always ensure you have permission to scan targets
  • Keep tools and dependencies updated
  • Review scan results carefully
  • Follow responsible disclosure practices

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later