pentest-mcp
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
114stars
26forks
JavaScript
Added 12/27/2025
MCP Serverscybersecuritydirbustergobusterhashcathttp-streaming
Installation
# Add to your Claude Code skills
git clone https://github.com/DMontgomery40/pentest-mcpPentest MCP: Professional Penetration Testing Toolkit
Multi-transport MCP server for penetration testing - works locally via stdio, over the network via HTTP streaming, or with legacy SSE clients. Run it in Docker, deploy it remotely, or use it locally - your choice.
🚀 Key Features
Multi-Transport Architecture
- STDIO Transport: Traditional subprocess communication for local MCP clients
- HTTP Streaming Transport: Modern network protocol with full bidirectional support
- SSE Transport: Legacy compatibility for older MCP clients
- OAuth 2.1 Support: Secure authentication for network transports
- One Server, Multiple Security Options: Same tools, same interface, your choice of transport and auth
Professional Pentesting Tools
- Network Reconnaissance with Nmap - full port scanning, service detection, OS fingerprinting
- Web Directory Enumeration with Gobuster - find hidden paths and files
- Web Vulnerability Scanning with Nikto - comprehensive security checks
- Password Cracking with John the Ripper and Hashcat - including custom wordlist generation
- GPU-Accelerated Cracking with Hashcat - support for WPA/WPA2, NTLM, bcrypt, and 300+ hash types