NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
# Add to your Claude Code skills
git clone https://github.com/DMontgomery40/pentest-mcpGuides for using mcp servers skills like pentest-mcp.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "express-rate-limit: express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-nmap: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "serve-handler: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "xml2js: xml2js is vulnerable to prototype pollution",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T16:18:53.831Z",
"npmAuditRan": true,
"pipAuditRan": true
}pentest-mcp is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by DMontgomery40. NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more. It has 137 GitHub stars.
pentest-mcp returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/DMontgomery40/pentest-mcp" and add it to your Claude Code skills directory (see the Installation section above).
pentest-mcp is primarily written in JavaScript. It is open-source under DMontgomery40 on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh pentest-mcp against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Professional penetration-testing MCP server with modern transport/auth support and expanded recon tooling.
@modelcontextprotocol/sdk@^1.26.0@modelcontextprotocol/inspector@^0.20.0) with bundled launcherMCP_TRANSPORT=http)subfinderEnum, httpxProbe, ffufScan, nucleiScan, trafficCapture, hydraBruteforce, privEscAudit, extractionSweeplistEngagementRecords, getEngagementRecordscopeMode=ask) with safe template fallbackhttpx-toolkit (preferred) or validated ProjectDiscovery httpx, avoiding Python httpx CLI collisionspentest-mcp inspector)nmapScanrunJohnTheRipperrunHashcatgobusterniktosubfinderEnumhttpxProbeffufScannucleiScantrafficCapturehydraBruteforceprivEscAuditextractionSweepgenerateWordlistlistEngagementRecordsgetEngagementRecordcreateClientReportcancelScannpm install -g pentest-mcp
pentest-mcp
pentest-mcp inspector
You can forward Inspector flags directly:
pentest-mcp inspector --help
MCP_TRANSPORT=http MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 pentest-mcp
MCP_TRANSPORT=sse MCP_SERVER_PORT=8001 pentest-mcp
stdio: default for local MCP clients.http: modern network transport. Recommended.sse: compatibility only. Deprecated and will be removed in a future major release.pentest-mcp inspector launches the bundled @modelcontextprotocol/inspector CLI.node <this-package-entrypoint> stdioSet these env vars when using MCP_TRANSPORT=http (or sse if needed):
MCP_AUTH_ENABLED=true
MCP_AUTH_MODE=bearer
MCP_AUTH_SCOPES=read,write
MCP_AUTH_AUDIENCE=
MCP_OIDC_ISSUER=https://issuer.example.com
MCP_OIDC_JWKS_URL=https://issuer.example.com/.well-known/jwks.json
# optional alternative/backup validation mode:
MCP_OIDC_INTROSPECTION_URL=https://issuer.example.com/oauth/introspect
MCP_OAUTH_CLIENT_ID=...
MCP_OAUTH_CLIENT_SECRET=...
Legacy aliases are still accepted temporarily:
MCP_OAUTH_ENABLEDMCP_OAUTH_PROVIDER_URLMCP_OAUTH_SCOPEScreateClientReport now supports SoW handling modes:
scopeMode=ask: prompt user via MCP elicitation (recommended)scopeMode=provided: use scopeOfWork value directlyscopeMode=template: use built-in generic authorized-testing templateIf elicitation is declined/unavailable, the report automatically falls back to the template.
There is no separate file-upload API yet. Current options are:
{
"tool": "createClientReport",
"arguments": {
"title": "Q1 External Pentest",
"assessmentType": "external-network",
"scopeMode": "ask"
}
}
scopeOfWork{
"tool": "createClientReport",
"arguments": {
"title": "Q1 External Pentest",
"assessmentType": "external-network",
"scopeMode": "provided",
"scopeOfWork": "Authorized targets: ...\nOut-of-scope: ...\nTesting window: ...\nRules of engagement: ..."
}
}
{
"tool": "createClientReport",
"arguments": {
"title": "Q1 External Pentest",
"assessmentType": "external-network",
"scopeMode": "template"
}
}
recordId=...) with invocation context.listEngagementRecords to pull all work artifacts quickly.recordIds (or latest records by default) instead of manual copy/paste.ask)provided)template)These are planned specifically to reduce pentest admin overhead.
scopeFilePath ingestion (load SoW from a local file path on the MCP host)scopeDocument chunked upload flow (send SoW content directly through MCP for remote clients)recordId) to findings and report sectionsnuclei, nikto, etc.)Adoption note:
scopeFilePath and scopeDocument because most teams already maintain SoW in docs/PDF and want to avoid repeated paste-and-reformat steps.{
"tool": "subfinderEnum",
"arguments": {
"domain": "example.com",
"recursive": true,
"allSources": true
}
}
{
"tool": "httpxProbe",
"arguments": {
"targets": ["example.com", "api.example.com"],
"includeTitle": true,
"includeStatusCode": true
}
}
{
"tool": "ffufScan",
"arguments": {
"targetUrl": "https://example.com/FUZZ",
"wordlist": "/usr/share/seclists/Discovery/Web-Content/common.txt",
"threads": 40
}
}
{
"tool": "nucleiScan",
"arguments": {
"targets": ["https://example.com"],
"severities": ["medium", "high", "critical"]
}
}
{
"tool": "trafficCapture",
"arguments": {
"networkInterface": "eth0",
"packetCount": 200,
"bpfFilter": "tcp port 80"
}
}
{
"tool": "hydraBruteforce",
"arguments": {
"target": "10.10.10.20",
"service": "ssh",
"usernameList": "/usr/share/seclists/Usernames/top-usernames-shortlist.txt",
"passwordList": "/usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt"
}
}
{
"tool": "extractionSweep",
"arguments": {
"targetUrl": "https://target.local/item.php?id=1",
"risk": 2,
"level": 3
}
}
docker-compose --profile http up
docker-compose --profile stdio up
docker-compose --profile sse up
The Docker image installs:
nmap, john, hashcat, gobuster, nikto, ffuf, hydra, sqlmap, tcpdumpsubfinder, httpx + httpx-toolkit alias, nucleiEnsure the binaries are in PATH:
which nmap john hashcat gobuster nikto subfinder httpx-toolkit ffuf nuclei hydra sqlmap tcpdump
If httpx-toolkit is not installed, a validated ProjectDiscovery httpx binary is accepted as fallback.
Authorized use only. Run against systems/networks where you have explicit written permission.
Last updated: 2026-03-23
Model Context Protocol (MCP) is still one of the most useful interoperability layers for tools and agents. The tradeoff is that large MCP servers can expose many tools, and naive tool-calling can flood context windows with schemas, tool chatter, and irrelevant call traces.
In practice, "more tools" is not always "better outcomes." Tool surface area must be paired with execution patterns that keep token use bounded and behavior predictable.
Recent workflows increasingly move complex orchestration out of chat context and into code execution loops. This reduces repetitive schema tokens and makes tool usage auditable and testable.
Core reading:
For users who want reproducible and lower-noise MCP usage, start with a codemode-oriented setup:
Practical caveat: even with strong setup, model behavior can still be inconsistent across providers and versions. Keep retries, guardrails, and deterministic fallbacks in place.
A high-leverage pattern is wrapping MCP servers into callable code interfaces