home / mcp / pentest mcp server
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
Configuration
View docs{
"mcpServers": {
"dmontgomery40-pentest-mcp": {
"command": "pentest-mcp",
"args": [],
"env": {
"MCP_AUTH_MODE": "bearer",
"MCP_TRANSPORT": "http or sse as applicable",
"MCP_AUTH_SCOPES": "read,write",
"MCP_OIDC_ISSUER": "https://issuer.example.com",
"MCP_SERVER_HOST": "0.0.0.0 or your host",
"MCP_SERVER_PORT": "8000",
"MCP_AUTH_ENABLED": "true",
"MCP_OIDC_JWKS_URL": "https://issuer.example.com/.well-known/jwks.json",
"MCP_OAUTH_CLIENT_ID": "YOUR_CLIENT_ID",
"MCP_OAUTH_CLIENT_SECRET": "YOUR_CLIENT_SECRET",
"MCP_OIDC_INTROSPECTION_URL": "https://issuer.example.com/oauth/introspect"
}
}
}
}You can run and orchestrate a professional penetration-testing MCP server that supports modern transport options, bearer-based authentication, and a suite of integrated reconnaissance and exploitation tools. This MCP server streamlines running tests, collecting engagement data, and generating client reports while providing flexible deployment options for local or networked use.
You use a client that connects to an MCP server to run security tests, enumerate targets, probe services, capture traffic, and generate structured engagement records. Start with a local, stdio-based setup for quick testing, or run over the network by enabling the HTTP transport. You can also launch the bundled Inspector to assist with debugging and targeted probing, all from the same MCP instance.
Prerequisites: You need Node.js installed on your machine. Use a modern, supported version of Node as required by the MCP server. You may also want a containerized setup via Docker for isolation.
npm install -g pentest-mcp
# Run locally with stdio transport
pentest-mcp
# Launch bundled Inspector (no separate install)
pentest-mcp inspector
# Run over the network using HTTP transport
MCP_TRANSPORT=http MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 pentest-mcp
# Legacy SSE mode (deprecated)
MCP_TRANSPORT=sse MCP_SERVER_PORT=8001 pentest-mcpNetwork transport options are provided through environment variables. The HTTP transport is the modern choice, while SSE remains for compatibility and is deprecated. If you enable HTTP, you can also configure OIDC-based bearer authentication for secured access.
Inspector integration is built in. To use it, run the inspector alongside the MCP server and the inspector will target your MCP server over stdio.
Enable bearer authentication with OIDC to control access. Configure issuer URLs, JWKS endpoints, introspection, and client credentials as shown in the environment variable examples.
If you encounter connectivity issues, verify that MCP_TRANSPORT is set correctly for the desired transport, and ensure the server port is not blocked by a firewall. Check logs for any authentication or network transport errors.
Scan target networks for open ports and discover services using nmap.
Perform password cracking against captured hashes or targeted credentials.
Accelerated password cracking using Hashcat on captured data.
Content discovery and directory brute-forcing against web targets.
Web server vulnerability scanner to identify common issues.
Passive subdomain enumeration to discover assets.
Probe live hosts to determine status, title, and other metadata.
Fuzz web content and paths to discover hidden resources.
Template-based vulnerability scanning against targets.
Capture and analyze network traffic for inspection.
Brute-force authentication against targeted services.
Privilege escalation audit for target systems.
SQL/parameter extraction sweep to identify data leakage.
Create targeted wordlists for testing scopes.
List stored engagement records for quick access.
Retrieve a specific engagement record by ID.
Generate client reports with scope-of-work and templates.
Cancel an ongoing or scheduled test.