pentestMCP
by ramkansal
Overview
Provides an AI-powered interface for ethical penetration testing by exposing a suite of security assessment tools as callable functions for LLM agents.
Installation
docker run --rm -i ramgameer/pentest-mcp:latestSecurity Notes
The `start_services.sh` script hardcodes a ZAP API key (`ZAP_API_KEY="v6r0iikqecitmhhj2kistk1iui"`). This is a critical security vulnerability as it grants full control over the ZAP instance to anyone who obtains this key, especially if ZAP's API is exposed (e.g., via Docker port mapping) or if any other process inside the container can read this file. While `shlex.split()` is used for argument parsing, the inherent nature of penetration testing tools means user-provided arguments can initiate destructive actions, requiring strict user authorization and ethical use. Paths to tools like Nuclei (`/root/go/bin/nuclei`) and Subfinder (`/root/go/bin/subfinder`) are hardcoded, relying on their specific installation within the Docker image.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
pentest-mcp
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.
Instability
An AI-powered local chatbot for network diagnostics and pentesting, leveraging Ollama to keep all analysis private and on-premise.