Is Tengu safe to use?

Tengu has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Tengu?

Tengu can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Tengu?

Tengu is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Tengu actively maintained?

Tengu is recently maintained — last commit was 37 days ago. It has 42 GitHub stars.

Tengu

Name: Tengu
Author: rfunix

by rfunix

AI-powered penetration testing MCP server

42 0 tools GitHub

No known CVEs

MIT license

Maintained

Last commit 37d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tengu": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/tengu)](https://mcppedia.org/s/tengu)

Read me

What Tengu does

AI-powered penetration testing MCP server

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

33/100across 5 weighted dimensions

How we score →

0255075100

−67

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Tengu safe to use?: Tengu has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Tengu?: Tengu can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Tengu?: Tengu is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Tengu actively maintained?: Tengu is recently maintained — last commit was 37 days ago. It has 42 GitHub stars.

Similar servers

Others in security

View all →

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Evil Mcp Server91

An evil MCP server used for redteam testing

30 1

Atomic Red Team Mcp90

MCP server for Atomic Red Team

123 5

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for Tengu and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tengu": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/tengu)](https://mcppedia.org/s/tengu)

Read me

What Tengu does

AI-powered penetration testing MCP server

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Tengu — Pentesting MCP Server

"In Japanese mythology, the Tengu is a fierce mountain spirit — master strategist, warrior, and trainer of samurai. In cybersecurity, it guides you through every phase of the hunt."

From recon to report — AI-assisted pentesting in one command.

Tengu is an MCP server that turns Claude into a penetration testing copilot. It orchestrates 80 security tools — from Nmap to Metasploit — with built-in safety controls, audit logging, and professional reporting.

What is it? An MCP server that connects Claude to industry-standard pentest tools
Why use it? Automates recon and scanning while keeping the human in control of exploits
Who is it for? Pentesters, red teamers, security students, and consulting firms

Key Features

80 Tools — Nmap, Metasploit, SQLMap, Nuclei, Hydra, Burp-compatible ZAP, and more
AI-Orchestrated — Claude decides the next tool based on previous findings
Safety First — Allowlist, rate limiting, audit logs, and human-in-the-loop for destructive actions
Auto Reports — Correlate findings and generate professional pentest reports (MD/HTML/PDF)
35 Workflows — Pre-built prompts for full pentest, web app, AD, cloud, and more
20 Resources — Built-in OWASP Top 10, MITRE ATT&CK, PTES, and pentest checklists
Stealth Layer — Optional Tor/SOCKS5 proxy routing, UA rotation, and timing jitter

MCP Server Mode (Copilot)

Use Claude as an interactive pentest copilot — you direct the engagement, Claude picks the right tools and chains them together automatically.

Quick Start

git clone https://github.com/rfunix/tengu.git && cd tengu
make docker-build
make docker-up

Connect Claude Code to the running server:

claude mcp add --transport sse tengu http://localhost:8000/sse

Then ask Claude: Do a full pentest on http://192.168.1.100

Claude chains tools automatically: validate_target → whatweb → nmap → nikto → nuclei → sqlmap → correlate_findings → generate_report

Docker Profiles

Command	What it starts
`make docker-up`	Tengu MCP server (`:8000`)
`make docker-lab`	+ Juice Shop, DVWA (safe practice targets)
`make docker-pentest`	+ Metasploit, OWASP ZAP (real-world targets)
`make docker-full`	+ Metasploit, ZAP, and lab targets

Scan custom targets without editing files:

TENGU_ALLOWED_HOSTS="192.168.1.0/24,10.0.0.0/8" make docker-up

Image Tiers

Choose the right size for your use case:

Tier	Size	MCP Tools	Use case
`minimal`	~480MB	17	Lightweight analysis, CVE research, reporting
`core`	~7GB	47	Full pentest toolkit (default)
`full`	~8GB	80	Everything + AD, wireless, stealth/OPSEC

TENGU_TIER=minimal make docker-build   # lightweight
TENGU_TIER=core    make docker-build   # defa

... [View full README on GitHub](https://github.com/rfunix/tengu#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

33/100across 5 weighted dimensions

How we score →

0255075100

−67

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Tengu safe to use?: Tengu has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Tengu?: Tengu can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Tengu?: Tengu is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Tengu actively maintained?: Tengu is recently maintained — last commit was 37 days ago. It has 42 GitHub stars.