pentest-mcp

Pentest MCP: Professional Penetration Testing Toolkit

Multi-transport MCP server for penetration testing - works locally via stdio, over the network via HTTP streaming, or with legacy SSE clients. Run it in Docker, deploy it remotely, or use it locally - your choice.

🚀 Key Features

Multi-Transport Architecture

• STDIO Transport: Traditional subprocess communication for local MCP clients
• HTTP Streaming Transport: Modern network protocol with full bidirectional support
• SSE Transport: Legacy compatibility for older MCP clients
• OAuth 2.1 Support: Secure authentication for network transports
• One Server, Multiple Security Options: Same tools, same interface, your choice of transport and auth

Professional Pentesting Tools

• Network Reconnaissance with Nmap - full port scanning, service detection, OS fingerprinting
• Web Directory Enumeration with Gobuster - find hidden paths and files
• Web Vulnerability Scanning with Nikto - comprehensive security checks
• Password Cracking with John the Ripper and Hashcat - including custom wordlist generation
• GPU-Accelerated Cracking with Hashcat - support for WPA/WPA2, NTLM, bcrypt, and 300+ hash types

Intelligent Workflow Integration

• Natural language interface for complex commands
• Tool chaining for comprehensive assessments
• Context-aware suggestions for next steps
• Automated client-ready reporting
• Voice control compatible (with speech-to-text)

🎯 Quick Start

Install via npm

npm install -g pentest-mcp

Install via Smithery

npx -y @smithery/cli install @DMontgomery40/pentest-mcp --client claude

Run with your preferred transport

# Local subprocess mode (default)
pentest-mcp

# Network mode with HTTP streaming
MCP_TRANSPORT=http pentest-mcp

# Legacy SSE mode
MCP_TRANSPORT=sse pentest-mcp

📡 Transport Options

STDIO (Default) - Local Subprocess

Perfect for Claude Desktop and local development:

{
  "servers": [{
    "name": "pentest-mcp",
    "command": "pentest-mcp"
  }]
}

HTTP Streaming - Network Mode

Deploy anywhere, access from anywhere:

# Start server
MCP_TRANSPORT=http pentest-mcp

# Or with Docker
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest

Configure your client:

{
  "servers": [{
    "name": "pentest-mcp",
    "url": "http://localhost:8000/mcp"
  }]
}

SSE - Legacy Support

For backward compatibility with older clients:

MCP_TRANSPORT=sse MCP_SERVER_PORT=8001 pentest-mcp

🐳 Docker Deployment

Simple Docker Run

# STDIO mode (for local MCP clients)
docker run -it --rm --privileged pentest-mcp:latest

# HTTP mode (for network access)
docker run -p 8000:8000 -e MCP_TRANSPORT=http --privileged pentest-mcp:latest

Docker Compose with Profiles

# Clone and build
git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
docker-compose build

# Run your preferred transport
docker-compose --profile stdio up
docker-compose --profile http up
docker-compose --profile sse up

Environment Variables

• MCP_TRANSPORT: Choose transport (stdio, http, sse)
• MCP_SERVER_HOST: Bind address (default: 0.0.0.0)
• MCP_SERVER_PORT: Server port (default: 8000)

💬 Usage Examples

Network Discovery

Set mode to professional.
Scan 192.168.1.0/24 with SYN scan and service detection.

Web Application Assessment

Scan 10.0.1.0/24 for web servers.
For each web server found, enumerate directories with gobuster using common.txt.
Run nikto against all discovered web servers.
Create a client report summarizing the findings.

Custom Password Attack

Generate a wordlist for company "Acme Corp" founded in 1995 by John Smith.
Crack these hashes using the generated wordlist:
admin:$1$xyz$...
user:$1$abc$...

🔧 System Requirements

• Tools Required: nmap, john, gobuster, nikto (must be in PATH)
• Node.js: v16+ for ESM support
• Permissions: Root/admin for SYN scans and OS detection
• Platform: Works on any OS, optimized for Kali Linux

📦 Installation Options

Global Install

npm install -g pentest-mcp

Local Development

git clone https://github.com/dmontgomery40/pentest-mcp.git
cd pentest-mcp
npm install
npm run build

Platform-Specific Tool Installation

# macOS
brew install nmap john-jumbo gobuster nikto

# Debian/Ubuntu
sudo apt update
sudo apt install nmap john gobuster nikto

# Kali Linux (pre-installed)
# All tools come pre-installed

🔐 OAuth Authentication (NEW)

Secure Your Network Deployments

Pentest MCP now supports OAuth 2.1 authentication for HTTP/SSE transports, enabling:

• Enterprise SSO Integration: Connect to Auth0, Okta, Azure AD, or any OAuth provider
• Token-Based Security: No more shared secrets or API keys
• Scoped Access Control: Define granular permissions for different users
• Dynamic Client Registration: Automatic client setup with compatible providers

Quick OAuth Setup

• Enable OAuth in your .env:

MCP_OAUTH_ENABLED=true
MCP_OAUTH_PROVIDER_URL=https://your-domain.auth0.com/oauth2
MCP_OAUTH_CLIENT_ID=your_client_id
MCP_OAUTH_CLIENT_SECRET=your_client_secret
MCP_OAUTH_SCOPES=read,write,scan

• Start with HTTP transport:

MCP_TRANSPORT=http npm start

• Connect with OAuth token:

const client = new McpClient();
await client.connect('http://localhost:8000/mcp', {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  }
});

OAuth Providers Supported

• Auth0: Full support with custom scopes
• Google OAuth: Enterprise workspace integration
• GitHub: Team-based access control
• Azure AD: Microsoft enterprise SSO
• Any OAuth 2.1 Provider: PKCE-compliant providers

OAuth Endpoints

When OAuth is enabled, the following endpoints are available:

• /.well-known/oauth-authorization-server - Authorization server metadata
• /.well-known/oauth-protected-resource - Protected resource metadata
• /oauth/authorize - Authorization endpoint (if acting as auth server)
• /oauth/token - Token endpoint (if acting as auth server)

🛡️ Security & Legal

⚠️ AUTHORIZED USE ONLY: This toolkit is for professional penetration testers operating under valid scope of work. Use only on systems and networks for which you have explicit written authorization.

🐳 Docker Security Note: The --privileged flag is required for certain scans (SYN, OS detection). Only use in trusted environments or VMs.

🔍 Troubleshooting

Tools Not Found

Ensure all required tools are in your PATH:

which nmap john gobuster nikto

Permission Denied

For SYN scans and OS detection:

# Run with sudo locally
sudo pentest-mcp

# Or use Docker with --privileged
docker run --privileged pentest-mcp:latest

Build Issues

rm -rf node_modules dist
npm install
npm run build

Transport-Specific Issues

• HTTP not accessible: Check firewall rules and port bindings
• SSE connection drops: Ensure keep-alive is enabled
• STDIO hangs: Verify MCP client supports stdio transport

📚 Documentation

• Migration Guide - Upgrading to v0.5.0
• Usage Examples - Detailed transport examples
• Changelog - Version history

🤝 Contributing

Pull requests welcome at the GitHub repository. Built for professionals by professionals.

📄 License

GPL-3.0-or-later - See LICENSE file for details.