pentest-mcp-server

The server uses `subprocess.run(cmd, shell=True)` for executing commands. Many exposed tools (`sqlmap_test`, `wpscan_scan`, `dirb_scan`, `searchsploit_search`, `whatweb_scan`, `gobuster_dir`, `wafw00f_detect`) use user-supplied string inputs directly within f-strings without proper sanitization or escaping, leading to severe command injection vulnerabilities. The `sanitize_target` function used by other tools (`nmap_scan`, `nikto_scan`, `masscan_fast`) is insufficient to prevent injection in a `shell=True` context, and the `ALLOWED_TARGET_PATTERN` regex is defined but never used for validation. Furthermore, the installation explicitly requires running the Docker container with `--privileged` mode, which grants extensive capabilities to the container and critically reduces isolation, making a compromise of the vulnerable server a direct threat to the host system. There are no apparent authentication or authorization mechanisms, meaning anyone who can connect to the server's port can execute these powerful tools.