pentest-mcp

NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.

Stars
139
Last push
2026-03-23
License
MIT
Category
Security

Score breakdown — how scoring works

  • Maintenance

    18 / 30
    • Pushed within 4 months101 days ago+18
  • Adoption

    12.5 / 25
    • GitHub stars (no package published — stars weighted fully)139+12.5
  • Documentation

    25 / 25
    • Comprehensive README (6,000+ chars)12370 chars+10
    • Install / setup instructionsyes+6
    • Tools / capabilities documentedyes+5
    • Code or client-config exampleyes+4
  • Trust signals

    7 / 20
    • OSS license declaredMIT+7
    • First-party vendor implementationno+0
    • DNS-verified registry namespaceno+0
    • Listed in official MCP Registryno+0
    • Owned by an organizationno+0

Install

From sourcegit clone https://github.com/DMontgomery40/pentest-mcp

No package published to a registry — see the README for setup instructions.

Always review a server's code and required credentials before connecting it to your MCP client. MCP Vetted scores public metadata — it does not audit code for malicious behavior (yet). Methodology →

View on GitHub