MCP Pentest

The MCP penetration testing framework is an intelligent automated security assessment tool that integrates multiple security tools to achieve reconnaissance, vulnerability scanning, and controllable exploitation. It supports AI - driven intelligent workflows and report generation.

Security Developer tools #Penetration Testing #Security Assessment #Vulnerability Scanning #Intelligent Workflow .TypeScript

rating : 2 points

downloads : 4.4K

update time : 2025-10-09

Open Site

What is MCP Pentest?

MCP Pentest is an intelligent automated penetration testing server based on the Model Context Protocol. It can automatically execute all stages of security assessment, including information collection, vulnerability scanning, and controlled attack testing. This framework provides a comprehensive security risk assessment for security teams by integrating various security tools and an intelligent decision engine.

How to use MCP Pentest?

Using MCP Pentest is very simple. You only need to call the corresponding testing functions through the MCP client. The framework supports testing from basic information collection to complex vulnerability exploitation. Users can choose different testing intensities and scopes according to their needs. All operations are completed through standardized API interfaces, eliminating the need for manual configuration of complex toolchains.

Use Cases

MCP Pentest is suitable for various security testing scenarios, including regular security audits, security assessments before new system launches, red - team exercises, security research, and security education and training. It is particularly suitable for enterprise security teams and independent security researchers who need a fast and comprehensive security assessment.

Main Features

Intelligent Information Collection

Automatically perform port scanning, sub - domain enumeration, technology stack identification, and directory brute - force attacks to comprehensively collect information about the target system.

Automated Vulnerability Assessment

Integrate professional tools such as Nuclei, Nikto, and SQLMap to automatically detect security vulnerabilities in web applications, servers, and network services.

Controlled Attack Testing

Perform secure vulnerability exploitation tests within the authorized scope to verify the actual impact of vulnerabilities and provide evidence for remediation.

Intelligent Workflow Engine

An AI - based decision - making system automatically analyzes scan results and intelligently recommends the next testing strategy to optimize testing efficiency.

Comprehensive Report Generation

Automatically generate multi - format security assessment reports containing executive summaries, technical details, and remediation suggestions.

Technology - Aware Testing

Automatically identify the target technology stack and perform targeted security tests to improve the accuracy of vulnerability discovery.

Advantages

High degree of automation: Reduces manual operations and improves testing efficiency.

Integrates multiple tools: A one - stop security testing solution.

Intelligent decision - making: Automatically adjusts testing strategies based on scan results.

Easy to use: Simplifies operations through standardized API interfaces.

Comprehensive coverage: A complete testing process from information collection to vulnerability exploitation.

Professional reports: Automatically generates detailed security assessment reports.

Limitations

Requires professional tool support: Depends on external tools such as Nmap and Nuclei.

Learning curve: Requires basic knowledge of network security.

Possible false positives: Automated tools may produce false positives that require manual verification.

Resource consumption: Comprehensive scans may consume more system resources.

Legal restrictions: Must be used within the authorized scope.

How to Use

Environment Preparation

Ensure that the necessary security tools are installed in the system, including Nmap, Nuclei, Nikto, SQLMap, etc.

Installation and Configuration

Clone the project repository, install Node.js dependencies, build the project, and configure the MCP client.

Select Testing Mode

Choose the appropriate testing intensity and scope (passive/active/aggressive) according to testing requirements.

Execute Testing

Call the corresponding testing functions through the MCP client and monitor the testing progress and results.

Analyze Results

View the generated test reports and analyze the discovered security vulnerabilities and risk levels.

Usage Examples

Website Security Assessment

Conduct a comprehensive security assessment of public websites to identify web application vulnerabilities and configuration issues.

Internal Network Scanning

Perform a security scan of internal network assets to discover open ports, services, and potential risks.

Targeted Vulnerability Detection

Conduct specialized detection for specific technology stacks or known vulnerabilities.

Red - Team Exercise Support

Quickly collect target information and identify attack paths during red - team exercises.

Frequently Asked Questions

What authorization is required to use MCP Pentest?

Will the testing affect the target system?

How to reduce false positives?

Does it support custom test scripts?

What does the test report contain?

How to handle blocking issues during scanning?

Related Resources

Official Documentation

Complete installation guides, configuration instructions, and API reference documentation.

Tool Integration Guide

A detailed guide on how to integrate and use various security testing tools.

Best Practices

Best practices and compliance guidelines for penetration testing.

Community Forum

A community platform for user communication, problem discussion, and feature requests.

Security Tool Resources

A collection of GitHub resources for related security tools.

🚀 MCP Pentest - Automated Penetration Testing Framework

MCP (Model Context Protocol) server for intelligent automated penetration testing. This framework can automatically perform reconnaissance, vulnerability scanning, and controlled exploitation based on the detected target technologies.

🚀 Features

🔍 Reconnaissance Tools

Port Scanning - Comprehensive Nmap integration with various scan modes
Subdomain Enumeration - Certificate transparency logs + DNS bruteforcing
Technology Detection - Automatic web technology fingerprinting
Directory Bruteforcing - Intelligent directory and file discovery

🛡️ Vulnerability Assessment

Nuclei Integration - Automated vulnerability scanning with a template database
Nikto Scanning - Web server vulnerability detection
SQLMap Integration - SQL injection testing
Custom Web Vulnerability Checks - XSS, Directory Traversal, Command Injection, etc.

⚡ Exploitation Modules

Metasploit Integration - Automatic exploit search and execution
Custom Exploit Attempts - Framework-specific exploitation
Technology-Specific Exploits - Targeted attacks based on the tech stack
Proof-of-Concept Generation - Automated PoC creation

🤖 Intelligent Workflow Engine

Adaptive Decision Making - AI-driven next step recommendations
Risk-Based Prioritization - Smart vulnerability prioritization
Technology-Aware Testing - Customized testing based on detected technologies
Automated Workflow Management - Sequential phase execution with dependency handling

📊 Comprehensive Reporting

Multi-Format Reports - HTML, PDF, JSON, Markdown output
Executive Summaries - Business-friendly risk assessments
Technical Details - Detailed vulnerability descriptions and remediation
Evidence Collection - Automatic proof collection and documentation

📋 Prerequisites

Required Tools

Make sure the following tools are installed on your system:

# Network scanning
sudo apt install nmap

# Web vulnerability scanning
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

# Web server scanning
sudo apt install nikto

# SQL injection testing
sudo apt install sqlmap

# Optional: Metasploit (for advanced exploitation)
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
sudo ./msfinstall

Node.js Dependencies

npm install

📦 Installation

Clone the repository

git clone <repository-url>
cd mcp-pentest

Install dependencies

npm install

Build the project

npm run build

Configure the MCP client Add the following to your MCP client configuration file:

{
  "mcpServers": {
    "pentest": {
      "command": "node",
      "args": ["path/to/mcp-pentest/dist/index.js"],
      "env": {}
    }
  }
}

💻 Usage Examples

Basic Automated Pentest

// Full scope automated pentest
await mcp.call("auto_pentest", {
  target: "example.com",
  scope: "full",
  intensity: "active"
});

Reconnaissance Only

// Port scanning
await mcp.call("nmap_scan", {
  target: "192.168.1.1",
  scan_type: "aggressive"
});

// Technology detection
await mcp.call("tech_detection", {
  url: "https://example.com"
});

// Subdomain enumeration
await mcp.call("subdomain_enum", {
  domain: "example.com"
});

Vulnerability Scanning

// Nuclei scan with specific templates
await mcp.call("nuclei_scan", {
  target: "https://example.com",
  templates: ["cves", "vulnerabilities"],
  severity: "high"
});

// SQL injection testing
await mcp.call("sqlmap_scan", {
  url: "https://example.com/login.php",
  data: "username=admin&password=test"
});

Exploitation Attempts

// Search for Metasploit modules
await mcp.call("metasploit_search", {
  service: "Apache 2.4.41",
  platform: "linux"
});

// Attempt exploitation
await mcp.call("exploit_attempt", {
  target: "192.168.1.100",
  vulnerability: "SQL Injection",
  payload: "UNION SELECT"
});

Intelligent Next Steps

// Get AI-powered recommendations
await mcp.call("suggest_next_steps", {
  scan_results: JSON.stringify(previousResults)
});

Report Generation

// Generate a comprehensive report
await mcp.call("generate_report", {
  target: "example.com",
  format: "html"
});

🔧 Technical Details

Scan Intensity Levels

Passive

Certificate transparency logs
DNS enumeration
Header analysis
Public information gathering

Active

Port scanning
Directory bruteforcing
Vulnerability scanning
Service enumeration

Aggressive

Full port range scanning
Intensive directory bruteforcing
Active exploitation attempts
Comprehensive vulnerability testing

Scope Options

Network

Port scanning
Service enumeration
Network vulnerability assessment

Web

Web application testing
Technology fingerprinting
Web vulnerability scanning

Full

Comprehensive assessment
Network + Web testing
Complete attack surface analysis

🛡️ Security Considerations

Ethical Usage

⚠️ Important Note

This framework should only be used for:

Authorized penetration testing

Security research with permission

Testing on your own systems

Educational purposes

Safety Features

Rate limiting - Automatic request throttling
Timeout controls - Prevent long-running scans
Scope validation - Target validation and restriction
Safe exploitation - Controlled and reversible tests

Legal Compliance

Ensure you have written authorization before testing
Comply with local laws and regulations
Respect responsible disclosure practices
Document all testing activities

📊 Sample Output

Automated Pentest Results

{
  "workflow": {
    "target": "example.com",
    "scope": "full",
    "phases": [
      {
        "name": "reconnaissance",
        "status": "completed",
        "tools": ["nmap_scan", "subdomain_enum", "tech_detection"]
      }
    ],
    "results": {
      "reconnaissance": {
        "open_ports": [
          {"port": 80, "service": "http", "version": "Apache 2.4.41"},
          {"port": 443, "service": "https", "version": "Apache 2.4.41"}
        ],
        "technologies": [
          {"technology": "WordPress", "version": "5.8", "confidence": 95}
        ]
      },
      "vulnerabilities": [
        {
          "name": "Outdated WordPress",
          "severity": "medium",
          "description": "WordPress version 5.8 has known vulnerabilities"
        }
      ],
      "risk_score": 65,
      "threat_level": "medium"
    }
  }
}

🔄 Workflow Engine

The framework uses an intelligent workflow engine that can:

Analyze scan results - Automatically interpret findings
Make decisions - Determine next testing steps
Adapt strategy - Modify approach based on discoveries
Prioritize actions - Focus on high-impact vulnerabilities
Generate insights - Provide actionable recommendations

Decision Making Logic

Reconnaissance → Technology Detection → Vulnerability Assessment → Risk Analysis → Exploitation → Reporting
     ↓              ↓                    ↓                    ↓             ↓            ↓
 Port Discovery → CMS/Framework → Targeted Scanning → Priority Queue → Controlled → Evidence
 Subdomain Enum → Version Info → Custom Checks → Risk Scoring → Attempts → Collection

🏗️ Architecture

┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│   MCP Client    │    │  MCP Protocol    │    │  Pentest Server │
│  (Claude/etc)   │◄──►│   Transport      │◄──►│    (Node.js)    │
└─────────────────┘    └──────────────────┘    └─────────────────┘
                                                        │
                                               ┌─────────────────┐
                                               │ Tool Integration │
                                               │   - Nmap        │
                                               │   - Nuclei      │
                                               │   - Nikto       │
                                               │   - SQLMap      │
                                               │   - Metasploit  │
                                               └─────────────────┘

🤝 Contributing

Fork the repository
Create a feature branch
Implement changes with tests
Submit a pull request
Follow security best practices

📄 License

MIT License - See the LICENSE file for details

⚠️ Disclaimer

This tool is created for educational and authorized security testing purposes. The user is responsible for ensuring legal and ethical use. The developer is not responsible for misuse of this tool.

🆘 Support

📖 Documentation: Wiki
🐛 Bug Reports: Issues
💬 Discussions: Forum
📧 Contact: Email

nmap_scan

Perform a comprehensive port scan using Nmap.

Parameters

target : string*

Description

Target IP or Domain

Parameters

scan_type : string*

Description

The type of scan to perform

subdomain_enum

Enumerate sub - domains of the target domain using multiple methods.

Parameters

domain : string*

Description

Target Domain

Parameters

wordlist : string*

Description

The wordlist file to use (optional).

Parameters

use_subfinder : boolean*

Description

Also use subfinder for enumeration

Parameters

fuzz_tool : string*

Description

The fuzzing tool for sub - domain discovery

tech_detection

Detect the technologies used by the target website.

Parameters

url : string*

Description

Target URL

directory_bruteforce

Brute - force directories and files on the web server.

Parameters

url : string*

Description

Target URL

Parameters

wordlist : string*

Description

The wordlist file to use

Parameters

extensions : array*

Description

File extensions to check

Parameters

use_seclists : boolean*

Description

Use SecLists common lists if no wordlist file is provided

nuclei_scan

Run the Nuclei vulnerability scanner.

Parameters

target : string*

Description

Target URL or IP

Parameters

templates : array*

Description

Specific templates to run

Parameters

severity : string*

Description

Minimum severity level

nikto_scan

Run the Nikto Web vulnerability scanner.

Parameters

url : string*

Description

Target URL

Parameters

port : number*

Description

Target port (default: 80/443)

sqlmap_scan

Test for SQL injection vulnerabilities.

Parameters

url : string*

Description

Target URL

Parameters

data : string*

Description

POST data (optional)

Parameters

cookie : string*

Description

Session cookie (optional)

metasploit_search

Search for Metasploit modules based on the detected services.

Parameters

service : string*

Description

Service name or version

Parameters

platform : string*

Description

Target platform

exploit_attempt

Attempt to exploit detected vulnerabilities.

Parameters

target : string*

Description

Target IP/URL

Parameters

vulnerability : string*

Description

Vulnerability identifier

Parameters

payload : string*

Description

Payload type

auto_pentest

Perform a comprehensive automated penetration test.

Parameters

target : string*

Description

Target IP, Domain, or URL

Parameters

scope : string*

Description

Testing scope

Parameters

intensity : string*

Description

Testing intensity level

suggest_next_steps

Analyze current findings and suggest next steps.

Parameters

scan_results : string*

Description

Previous scan results in JSON format

generate_report

Generate a comprehensive penetration test report.

Parameters

target : string*

Description

Target identifier

Parameters

format : string*

Description

Report format

cve_discovery

Discover CVEs based on the detected technologies and versions.

Parameters

technologies : array*

Description

Array of detected technologies with version information

parameter_extraction

Extract parameters from web applications using Katana and manual methods.

Parameters

target : string*

Description

Target URL

Parameters

depth : number*

Description

Crawling depth (default: 2)

fuzzing_parameters

Perform fuzzing tests on the extracted parameters with various payloads using ffuf/wfuzz.

Parameters

parameters : array*

Description

Array of extracted parameters to fuzz

Parameters

tool : string*

Description

Fuzzing tool to use

fuzzing_directories

Perform fuzzing tests on directories and files using ffuf/wfuzz.

Parameters

target : string*

Description

Target base URL

Parameters

tool : string*

Description

Fuzzing tool to use

Parameters

extensions : array*

Description

File extensions to test

directory_scan

Perform advanced directory scanning using dirb/dirsearch/gobuster/feroxbuster.

Parameters

target : string*

Description

Target URL

Parameters

tool : string*

Description

Directory scanning tool to use

Parameters

recursive : boolean*

Description

Enable recursive scanning

adaptive_strategy

Generate an adaptive penetration testing strategy based on the detected services and operating systems.

Parameters

ports : array*

Description

Array of open ports and services

Parameters

technologies : array*

Description

Array of detected technologies

Parameters

existing_vulns : array*

Description

Array of existing vulnerabilities (optional)

test_active_directory

Comprehensive Active Directory penetration testing.

Parameters

target : string*

Description

Domain Controller IP Address

Parameters

domain : string*

Description

Domain Name (optional)

test_web_application

Penetration testing for web applications with specific technologies.

Parameters

target : string*

Description

Target Web Application URL

Parameters

technologies : array*

Description

Detected technologies (e.g., ['WordPress', 'Apache', 'PHP'])

test_smb_service

Comprehensive SMB/NetBIOS service testing.

Parameters

target : string*

Description

Target IP Address

Parameters

port : number*

Description

SMB port (default: 445)

burp_start

Start Burp Suite Professional with API enabled.

Parameters

jar_path : string*

Description

Path to burpsuite_pro.jar (optional, auto - detected)

Parameters

project_file : string*

Description

Burp project file path (optional)

Parameters

headless : boolean*

Description

Run in headless mode (default: true)

Parameters

memory : string*

Description

Java memory allocation (default: 2g)

burp_stop

Stop the Burp Suite instance.

burp_active_scan

Perform an active vulnerability scan using Burp Suite.

Parameters

target : string*

Description

Target URL to scan

Parameters

scope : array*

Description

Other URLs to include in the scope (optional)

burp_proxy_scan

Perform a passive scan through the Burp Suite proxy.

Parameters

target : string*

Description

Target URL to proxy through

Parameters

duration : number*

Description

Scan duration in seconds (default: 300)

burp_spider

Crawl the target using the Burp Suite spider.

Parameters

target : string*

Description

Target URL to crawl

burp_export

Export Burp Suite scan results.

Parameters

format : string*

Description

Export format (default: xml)

Parameters

output_path : string*

Description

Output file path (optional)

Gitlab MCP Server

Certified

The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.

TypeScript

17.0K

4.3 points

Duckduckgo MCP Server

Certified

The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.

A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.

Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.

Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.

UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.

20.6K

5 points

Gmail MCP Server

A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.

Context7 MCP is a service that provides real-time, version-specific documentation and code examples for AI programming assistants. It is directly integrated into prompts through the Model Context Protocol to solve the problem of LLMs using outdated information.

TypeScript

65.8K

4.7 points

Zhiqi Future, Your AI Solution Think Tank

English 简体中文繁體中文にほんご

MCP Pentest

Overview

Installation

Tools List

Content Details

Alternatives

What is MCP Pentest?

How to use MCP Pentest?

Use Cases

Main Features

How to Use

Usage Examples

Frequently Asked Questions

Related Resources

Installation

🚀 MCP Pentest - Automated Penetration Testing Framework

🚀 Features

🔍 Reconnaissance Tools

🛡️ Vulnerability Assessment

⚡ Exploitation Modules

🤖 Intelligent Workflow Engine

📊 Comprehensive Reporting

📋 Prerequisites

Required Tools

Node.js Dependencies

📦 Installation

💻 Usage Examples

Basic Automated Pentest

Reconnaissance Only

Vulnerability Scanning

Exploitation Attempts

Intelligent Next Steps

Report Generation

🔧 Technical Details

Scan Intensity Levels

Passive

Active

Aggressive

Scope Options

Network

Web

Full

🛡️ Security Considerations

Ethical Usage

Safety Features

Legal Compliance

📊 Sample Output

Automated Pentest Results

🔄 Workflow Engine

Decision Making Logic

🏗️ Architecture

🤝 Contributing

📄 License

⚠️ Disclaimer

🆘 Support

Alternatives