Pentest MCP: Professional Penetration Testing Toolkit

Multi-transport MCP server for penetration testing - works locally via stdio, over the network via HTTP streaming, or with legacy SSE clients. Run it in Docker, deploy it remotely, or use it locally - your choice.

🚀 Key Features

Multi-Transport Architecture

STDIO Transport: Traditional subprocess communication for local MCP clients
HTTP Streaming Transport: Modern network protocol with full bidirectional support
SSE Transport: Legacy compatibility for older MCP clients
OAuth 2.1 Support: Secure authentication for network transports
One Server, Multiple Security Options: Same tools, same interface, your choice of transport and auth

Professional Pentesting Tools

Network Reconnaissance with Nmap - full port scanning, service detection, OS fingerprinting
Web Directory Enumeration with Gobuster - find hidden paths and files
Web Vulnerability Scanning with Nikto - comprehensive security checks
Password Cracking with John the Ripper and Hashcat - including custom wordlist generation
GPU-Accelerated Cracking with Hashcat - support for WPA/WPA2, NTLM, bcrypt, and 300+ hash types

Intelligent Workflow Integration

Natural language interface for complex commands
Tool chaining for comprehensive assessments
Context-aware suggestions for next steps
Automated client-ready reporting
Voice control compatible (with speech-to-text)

🎯 Quick Start

Install via npm

npm install -g pentest-mcp

Install via Smithery

npx -y @smithery/cli install @DMontgomery40/pentest-mcp --client claude

Run with your preferred transport

# Local subprocess mode (default)
pentest-mcp

# Network mode with HTTP streaming
MCP_TRANSPORT=http pentest-mcp

# Legacy SSE mode
MCP_TRANSPORT=sse pentest-mcp

📡 Transport Options

STDIO (Default) - Local Subprocess

Perfect for Claude Desktop and local development:

{
  "servers": [{
    "name": "pentest-mcp",
    "command": "pentest-mcp"
  }]
}

HTTP Streaming - Network Mode

Deploy anywhere, access from anywhere:

# Start server
MCP_TRANSPORT=http pentest-mcp

# Or with Docker
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest

Configure your client:

{
  "servers": [{
    "name": "pentest-mcp",
    "url": "http://localhost:8000/mcp"
  }]
}

SSE - Legacy Support

For backward compatibility with older clients:

MCP_TRANSPORT=sse MCP_SERVER_PORT=8001 pentest-mcp

🐳 Docker Deployment

Simple Docker Run

# STDIO mode (for local MCP clients)
docker run -it --rm --privileged pentest-mcp:latest

# HTTP mode (for network access)
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest

Docker Compose with Profiles

# Clone and build
git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
docker-compose build

# Run your preferred transport
docker-compose --profile stdio up
docker-compose --profile http up
docker-compose --profile sse up

Environment Variables

MCP_TRANSPORT: Choose transport (stdio, http, sse)
MCP_SERVER_HOST: Bind address (default: 0.0.0.0)
MCP_SERVER_PORT: Server port (default: 8000)

💬 Usage Examples

Network Discovery

Set mode to professional.
Scan 192.168.1.0/24 with SYN scan and service detection.

Web Application Assessment

Scan 10.0.1.0/24 for web servers.
For each web server found, enumerate directories with gobuster using common.txt.
Run nikto against all discovered web servers.
Create a client report summarizing the findings.

Custom Password Attack

Generate a wordlist for company "Acme Corp" founded in 1995 by John Smith.
Crack these hashes using the generated wordlist:
admin:$1$xyz$...
user:$1$abc$...

🔧 System Requirements

Tools Required: nmap, john, gobuster, nikto (must be in PATH)
Node.js: v16+ for ESM support
Permissions: Root/admin for SYN scans and OS detection
Platform: Works on any OS, optimized for Kali Linux

📦 Installation Options

Global Install

npm install -g pentest-mcp

Local Development

git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
npm install
npm run build

Platform-Specific Tool Installation

# macOS
brew install nmap john-jumbo gobuster nikto

# Debian/Ubuntu
sudo apt update
sudo apt install nmap john gobuster nikto

# Kali Linux (pre-installed)
# All tools come pre-installed

🔐 OAuth Authentication (NEW)

Secure Your Network Deployments

Pentest MCP now supports OAuth 2.1 authentication for HTTP/SSE transports, enabling:

Enterprise SSO Integration: Connect to Auth0, Okta, Azure AD, or any OAuth provider
Token-Based Security: No more shared secrets or API keys
Scoped Access Control: Define granular permissions for different users
Dynamic Client Registration: Automatic client setup with compatible providers

Quick OAuth Setup

Enable OAuth in your .env:

MCP_OAUTH_ENABLED=true
MCP_OAUTH_PROVIDER_URL=https://your-domain.auth0.com/oauth2
MCP_OAUTH_CLIENT_ID=your_client_id
MCP_OAUTH_CLIENT_SECRET=your_client_secret
MCP_OAUTH_SCOPES=read,write,scan

Start with HTTP transport:

MCP_TRANSPORT=http npm start

Connect with OAuth token:

const client = new McpClient();
await client.connect('http://localhost:8000/mcp', {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  }
});

OAuth Providers Supported

Auth0: Full support with custom scopes
Google OAuth: Enterprise workspace integration
GitHub: Team-based access control
Azure AD: Microsoft enterprise SSO
Any OAuth 2.1 Provider: PKCE-compliant providers

OAuth Endpoints

When OAuth is enabled, the following endpoints are available:

/.well-known/oauth-authorization-server - Authorization server metadata
/.well-known/oauth-protected-resource - Protected resource metadata
/oauth/authorize - Authorization endpoint (if acting as auth server)
/oauth/token - Token endpoint (if acting as auth server)

🛡️ Security & Legal

⚠️ AUTHORIZED USE ONLY: This toolkit is for professional penetration testers operating under valid scope of work. Use only on systems and networks for which you have explicit written authorization.

🐳 Docker Security Note: The --privileged flag is required for certain scans (SYN, OS detection). Only use in trusted environments or VMs.

🔍 Troubleshooting

Tools Not Found

Ensure all required tools are in your PATH:

which nmap john gobuster nikto

Permission Denied

For SYN scans and OS detection:

# Run with sudo locally
sudo pentest-mcp

# Or use Docker with --privileged
docker run --privileged pentest-mcp:latest

Build Issues

rm -rf node_modules dist
npm install
npm run build

Transport-Specific Issues

HTTP not accessible: Check firewall rules and port bindings
SSE connection drops: Ensure keep-alive is enabled
STDIO hangs: Verify MCP client supports stdio transport

📚 Documentation

Migration Guide - Upgrading to v0.5.0
Usage Examples - Detailed transport examples
Changelog - Version history

🤝 Contributing

Pull requests welcome at the GitHub repository. Built for professionals by professionals.

📄 License

GPL-3.0-or-later - See LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 23 Commits
node_modules		node_modules
scan_logs		scan_logs
src		src
.DS_Store		.DS_Store
.dockerignore		.dockerignore
.env.example		.env.example
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
HASHCAT_USAGE.md		HASHCAT_USAGE.md
LICENSE		LICENSE
MIGRATION.md		MIGRATION.md
README.md		README.md
build-multi-transport.sh		build-multi-transport.sh
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json
smithery.yaml		smithery.yaml
test-multi-transport.js		test-multi-transport.js
tsconfig.json		tsconfig.json
usage-examples.sh		usage-examples.sh

License

DMontgomery40/pentest-mcp

Folders and files

Latest commit

History

Repository files navigation