Is Pentest Ai safe to use?

Pentest Ai has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Pentest Ai?

Pentest Ai can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Pentest Ai?

Pentest Ai is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Pentest Ai actively maintained?

Pentest Ai is actively maintained — last commit was 4 days ago. It has 8 GitHub stars.

pentest-ai

MCP server + 10 AI agents + 150+ security tools. One command.

Website · Quick Start · Agents · 150+ Tools · Claude Code Agents

pentest-ai connects AI to 150+ real security tools through the Model Context Protocol. It works with Claude Desktop, Cursor, VS Code Copilot, Windsurf, or any MCP-compatible client.

Point it at a target. It runs recon, finds vulnerabilities, chains them into full compromise paths, validates every finding with a working proof of concept, and generates professional reports with detection rules for your blue team.

No vendor lock-in. No cloud dependency. Runs locally.

How It Works

You: "Run a full assessment against staging.example.com"

pentest-ai:
  1. Recon       > nmap, subfinder, amass, DNS enum, OSINT
  2. Web scan    > nuclei, sqlmap, nikto, ffuf, dalfox
  3. Cloud audit > prowler, ScoutSuite, pacu
  4. AD attack   > BloodHound, Impacket, CrackMapExec
  5. Chaining    > Links 3 medium findings into domain admin
  6. Validation  > Generates safe PoC for each finding
  7. Detection   > Sigma + SPL + KQL rules for every attack
  8. Report      > Professional markdown/HTML/PDF with CVSS scores

Quick Start

pip install -e .
pentest-ai start target.example.com

That starts the MCP server. Connect from your AI client and start talking to it.

Connect to Claude Desktop

Add this to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "pentest-ai": {
      "command": "pentest-ai",
      "args": ["server", "start"]
    }
  }
}

Connect to Cursor / VS Code Copilot

Add the same MCP server config in your editor's settings. Any client that speaks MCP will work.

Agents

10 specialist agents, each focused on a specific attack surface.

| Agent | What It Does | |-------|-------------| | Recon | Port scanning, service fingerprinting, subdomain enum, OSINT | | Web | SQLi, XSS, SSRF, IDOR, auth bypass, API testing, business logic | | AD | BloodHound, Kerberoasting, AS-REP, delegation abuse, DCSync | | Cloud | AWS/Azure/GCP misconfigs, IAM escalation, exposed services | | Mobile | Android/iOS app analysis, API interception, SSL pinning bypass | | Wireless | WPA/WPA2/WPA3, evil twin, rogue AP, Bluetooth | | Social Engineer | Phishing campaign design, pretexting, vishing frameworks | | Exploit Chain | Correlates findings across agents into multi-step attack paths | | PoC Validator | Auto-generates safe, non-destructive proofs of concept | | Report + Detection | Professional reports with Sigma, SPL, and KQL rules |

Every agent stores findings in a local SQLite database. Findings persist across sessions and feed into the chaining engine.

Tools

158 security tools organized into 6 categories. pentest-ai wraps each tool with structured output parsing so findings flow directly into the database.

Network (30+ to
... View full README on GitHub

Pentest Ai

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

MCPpedia

io.github.xkumakichi/xaip-mcp-server

Ggmcp

Moltrust MCP Server

Discussion