Is Pentester Mcp safe to use?

Pentester Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Pentester Mcp?

Pentester Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Pentester Mcp?

Pentester Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Pentester Mcp actively maintained?

Pentester Mcp is actively maintained — last commit was 22 days ago. It has 32 GitHub stars.

Pentester Mcp

Name: Pentester Mcp
Author: halilkirazkaya

by halilkirazkaya

Elevate your AI assistants (like Claude & Cursor) into autonomous cybersecurity experts. Pentester-MCP integrates 200+ pentesting tools via the Model Context Protocol (MCP) using a secure Docker sandbox.

32 0 tools GitHub

No known CVEs

MIT license

Actively maintained

Last commit 22d ago

Untested

Transport: stdio

0 tools

Grade F

Security AI / ML Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pentester-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pentester-mcp)](https://mcppedia.org/s/pentester-mcp)

Read me

What Pentester Mcp does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

29/100across 5 weighted dimensions

How we score →

0255075100

−71

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pentester Mcp safe to use?: Pentester Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Pentester Mcp?: Pentester Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Pentester Mcp?: Pentester Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is Pentester Mcp actively maintained?: Pentester Mcp is actively maintained — last commit was 22 days ago. It has 32 GitHub stars.

Similar servers

Others in security / ai-ml / developer-tools

View all →

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

84.3k 1

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.6k 4

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.3k 1

XcodeBuildMCP96

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.3k 2

MCP Security Weekly

Get CVE alerts and security updates for Pentester Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Security AI / ML Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pentester-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pentester-mcp)](https://mcppedia.org/s/pentester-mcp)

Read me

What Pentester Mcp does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Pentester-MCP

Empower your AI assistants with the ultimate open-source penetration testing arsenal.

Overview

Pentester-MCP provides Model Context Protocol (MCP) integration for over 200+ of the most popular open-source cybersecurity and penetration testing tools.

By adding Pentester-MCP to an AI assistant (like Claude Desktop, Cursor, or specialized agents), the AI gains the autonomous ability to act as a penetration tester:

It can run nmap scans, analyze open ports, and automatically decide to run ffuf on discovered web servers.
It can execute sqlmap against parameters it identifies as vulnerable.
It understands tool arguments, required flags, and syntaxes thanks to AI-optimized documentation strings injected into every MCP tool.

All 235 Python *_mcp.py tools were generated intelligently from cheat sheets to ensure safe execution (e.g., preventing shell injection, enforcing timeouts, and handling huge terminal outputs).

The Arsenal

The tools/ directory includes MCP servers for almost every category:

Reconnaissance: nmap, masscan, recon-ng, amass, subfinder, nuclei
Web Exploitation: sqlmap, commix, ffuf, gobuster, dirsearch, nikto
Active Directory & Network: impacket (full suite), bloodhound, responder, evil-winrm
Brute-Forcing & Password: hydra, medusa, john, hashcat, nxc
And 200+ more covering WiFi, Cloud, Kubernetes, Android, and reversing.

Installation & Usage

Because of the massive amount of tools, installing everything on your host machine can be messy. Therefore, Pentester-MCP offers two primary ways to run: Local Execution and Docker Sandbox (Recommended).

Method A: Docker Sandbox (Recommended & Secure)

Running tools via Docker isolates the execution from your host operating system and avoids polluting your system with hundreds of dependencies.

Clone the repository:

git clone https://github.com/halilkirazkaya/pentester-mcp.git
cd pentester-mcp

Select your Tools (configs/*.yaml): Open your target configuration file in the configs/ directory (e.g., example-config.yaml) and set true for any tool you wish to enable. By default, the docker-compose.yml points to example-config.yaml.
Build and Run the Sandbox:
```
docker compose up -d --build
```
Your container is now running silently in the background.
Add to your AI Client: Open your MCP client's configuration (e.g., claude_desktop_config.json) and route the commands directly to the server.py entrypoint. See mcp-config.json for a ready-to-use snippet.

Method B: Local Execution (Fastest Setup)

If you already have Kali Linux, Parrot OS, or you specifically only want to use the tools already installed on your host system:

Clone and Setup Virtual Environment:

git clone https://github.com/halilkirazkaya/pentester-mcp.git
cd pentester-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Add to your AI Client: Direct the AI client to execute the specific tool using your local python environment. You will need to extract the tool definitions from the configs/ directory and replace the "docker exec -i pentester-mcp /app/.venv/bin/python" arguments with your host machine's python path.

Note: If the tool binary (e.g., nmap or gobuster) is not installed on your host system, the AI will gracefully receive a FileNotFoundError and inform you.

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

29/100across 5 weighted dimensions

How we score →

0255075100

−71

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pentester Mcp safe to use?: Pentester Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Pentester Mcp?: Pentester Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Pentester Mcp?: Pentester Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is Pentester Mcp actively maintained?: Pentester Mcp is actively maintained — last commit was 22 days ago. It has 32 GitHub stars.