jtr-mcp-server
Verified Safeby davidculver
Overview
An MCP server that wraps John the Ripper for password cracking, enabling agent interaction for security auditing and pentesting.
Installation
npx @modelcontextprotocol/inspector docker run -i jtr-mcp-server:latestSecurity Notes
The server correctly uses `subprocess.run` with a list of arguments for executing John the Ripper, mitigating most direct command injection risks from user input for binary execution. Input file contents are written to temporary files before John processes them. Session names are sanitized to prevent path traversal. The `unshadow` function is implemented in Python, avoiding an external binary call and its associated risks. No hardcoded secrets or 'eval' patterns were found. The primary security consideration is the inherent capability of John the Ripper itself, which is a powerful password cracking tool intended for authorized use only, as clearly stated in the README.
Similar Servers
atomic-red-team-mcp
An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.
Reversecore_MCP
Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
pentest-mcp
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.