pentestMCP
by ramkansal
Overview
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
Installation
docker run --rm -i ramgameer/pentest-mcp:latestEnvironment Variables
- NUCLEI_SIGNATURE_PRIVATE_KEY
Security Notes
This project is an MCP server for penetration testing tools, which inherently carry significant security risks if misused. It uses 'subprocess' to execute external offensive security binaries (Nmap, Nuclei, SQLMap, NetExec, Impacket tools, Certipy, Responder, mitm6, etc.) which can be highly disruptive or illegal if run without explicit authorization against target systems. A hardcoded ZAP API key ('ZAP_API_KEY="v6r0iikqecitmhhj2kistk1iui"') is present in 'start_services.sh', which is a critical security vulnerability as it could allow unauthorized control over the ZAP instance if the container's network is compromised or the key is leaked. Many Active Directory tools are explicitly warned as 'EXTREMELY DISRUPTIVE'.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.