Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"com-pentest-tools-mcp-server": {
"args": [
"pentesttools"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Command-line interface, Python bindings, and MCP server for Pentest-Tools.com, a platform for scanning web applications and network infrastructure for vulnerabilities.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'pentesttools' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked pentesttools against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP Security Weekly
Get CVE alerts and security updates for com.pentest-tools/mcp-server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Command-line interface, Python bindings, and MCP server for Pentest-Tools.com, a platform for scanning web applications and network infrastructure for vulnerabilities.
Connect any MCP-compatible AI assistant to your Pentest-Tools.com account to run scans, triage findings, and generate reports. You'll need an API key from a paid plan. Get one at My Account > API.
Supported clients: Claude, Cursor, VS Code, Gemini CLI, and any MCP-compatible tool. Full documentation: pentest-tools.com/docs/ai/mcp/overview
For terminal-based clients, use directly:
Claude Code
claude mcp add --transport http ptt-mcp https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"
Gemini CLI
gemini mcp add ptt-mcp --transport http https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"
Cursor: paste this URL in your browser for one-click install, then add your API key:
cursor://anysphere.cursor-deeplink/mcp/install?name=ptt-mcp&config=eyJ1cmwiOiJodHRwczovL21jcC5wZW50ZXN0LXRvb2xzLmNvbS9tY3AiLCJoZWFkZXJzIjp7IkF1dGhvcml6YXRpb24iOiJCZWFyZXIgeW91cl9hcGlfa2V5X2hlcmUifX0=
Or manually add according to your preferred agent and config file location:
{
"servers": {
"ptt-mcp": {
"type": "http",
"url": "https://mcp.pentest-tools.com/mcp",
"headers": { "Authorization": "Bearer your_api_key_here" }
}
}
}
Requires Python 3.10+.
pip install "pentesttools[mcp]"
PTT_API_KEY=your_api_key_here ptt mcp
You can also pass the key inline: --key your_api_key_here. For client-specific local setup, see the full documentation.
Run scans from the terminal or integrate PTT into your scripts and CI/CD pipelines.
For AI assistant integration, see the MCP Server section above.
PentestTools Python module is delivered through PyPI, so it can be installed directly via pip:
pip install pentesttools
The pentesttools package provides a command line interface through the ptt utility. Right
now it supports the Website Scanner service.
Example for the simplest scan:
ptt run website_scanner <url>
This runs a freemium Website Scanner scan on the <url>. Unlike in the platform itself, you can omit the schema part from the url.
Global arguments, like a suitable key for a deep scan, have to be passed straight to ptt. Tool arguments have to be passed to the tool.
ptt --key <key> run website_scanner --scan_type deep <url>
If you want the command to fail if the report contains vulnerabilities with a higher risk than some value, you can use the --fail argument.
ptt --fail high run website_scanner <url>
You can also run ptt using docker. The docker image has ptt as an entrypoint, so you don't have to type it anymore. Note that the old ptt-scan name is still used on docker.
docker run pentesttoolscom/ptt-scan:latest run website_scanner <url>
If you want to easily modify the sources and your modifications:
pip install --edit .
pip uninstall pentesttools
You can run the tests and make coverage reports like this:
python3 -m pytest src/tests
coverage run -m pytest src/tests
coverage report -m
... [View full README on GitHub](https://github.com/pentesttoolscom/pentesttools-pypi#readme)