pentest-mcp-server
by exjskdjsdfks
Overview
The Pentest MCP Server enables AI agents to perform autonomous penetration testing operations on remote Linux distributions by managing persistent tmux sessions via SSH.
Installation
python -m pentest_mcp_serverEnvironment Variables
- TARGET_HOST
- TARGET_USER
- TARGET_PASSWORD
- TARGET_SSH_KEY
Security Notes
The server's core functionality involves executing arbitrary commands on a remote system. It explicitly disables SSH host key checking (`known_hosts=None`), which is a critical security vulnerability for Man-in-the-Middle (MITM) attacks as it will connect to any server without verifying its authenticity. While it includes a blacklist for some dangerous commands (e.g., `rm -rf /`, fork bomb), this is not foolproof. Running this server requires careful deployment in isolated, controlled environments, and only on authorized target systems.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
pentest-mcp
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.