pentest-mcp
Verified Safeby Karthikathangarasu
Overview
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.
Installation
npm startSecurity Notes
The project is designed for professional penetration testing and executes powerful external tools. It uses `child_process.spawn` with an array of arguments, which is safer than `exec`. Crucially, it implements a `sanitizeOptions` function with `SAFE_OPTION_REGEX` to validate user-provided command-line arguments, significantly mitigating shell injection risks. Temporary files for John the Ripper are created and deleted. No direct `eval` or hardcoded secrets were found. The inherent risk lies in the powerful nature of the integrated tools, which requires professional judgment and a controlled environment, not in a lack of internal security practices.
Similar Servers
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
pentest-mcp-server
The Pentest MCP Server enables AI agents to perform autonomous penetration testing operations on remote Linux distributions by managing persistent tmux sessions via SSH.
OSINT-MCP-Server
A comprehensive Open Source Intelligence (OSINT) Model Context Protocol (MCP) server for gathering publicly available information while respecting privacy, legal boundaries, and ethical standards.