🛡️ PentestMCP Server

PentestMCP Server is a modern, containerized penetration testing backend for MCP Servers. It exposes industry-standard security tools (Nmap, Nikto, SQLMap, WPScan, Dirb, Searchsploit) through a robust, scriptable API—enabling safe, automated, and repeatable security assessments from anywhere.

✨ Why PentestMCP?

• Unified API: Control multiple pentest tools from a single interface.
• Safe by Design: Input sanitization, timeouts, and non-root execution.
• Portable: Runs anywhere with Docker—no manual setup or dependencies.
• Automation Ready: Integrates seamlessly with FastMCP for scripting and orchestration.
• Kali Linux Power: Leverages the world’s most popular pentesting OS.

📁 Directory Structure

pentest-mcp-server/
├── build/
│   ├── dockerfile         # Docker instructions for building the Kali-based container
│   ├── requirements.txt   # Python dependencies for the server
│   └── server.py          # Main server logic exposing pentest tools via FastMCP
├── script/
│   ├── build.sh           # Script to build the Docker image
│   └── test.sh            # Script to test the Docker container
└── readme.md              # Project documentation

• All main build and server files are inside the build/ directory.
• The script/ directory contains build and test scripts.
• readme.md is at the project root.

🚀 Features

• 🔒 Safe Command Execution: Prevents command injection and enforces timeouts.
• 🧰 Bundled Tools: Nmap, Nikto, SQLMap, WPScan, Dirb, Searchsploit.
• 🐳 Dockerized: Secure, isolated, and reproducible environment.
• ⚡ FastMCP API: Exposes tools as callable MCP modules.
• 📜 Structured Logging: Easy monitoring and troubleshooting.

📦 Requirements

• Docker (recommended)
• Or: Python 3.8+ and Kali Linux with required tools installed

🏗️ Quickstart

1️⃣ Clone the Repository

git clone <your-repo-url>
cd pentest-mcp-server

2️⃣ Build the Docker Image

chmod +x script/build.sh
./script/build.sh

3️⃣ Test the Container (Optional)

chmod +x script/test.sh
./script/test.sh

4️⃣ Configure Your MCP Client

Add this to your client config file:

{
    "mcpServers": {
       "pentest-mcp": {
            "command": "docker",
            "args": [
                "run",
                "--rm",
                "-i",
                "--cap-add", "NET_RAW",
                "--cap-add", "NET_ADMIN",
                "--network", "host",
                "pentest-mcp:latest"
            ]
        }
    }
}

5️⃣ Restart Your MCP Client

Close and restart the client to make the PentestMCP server visible.

🧩 How It Works: Docker, Kali Linux, and Python

1. Docker
   Docker is used to containerize the entire penetration testing environment. This ensures consistent setup, isolation, and easy deployment across any system that supports Docker.

2. Kali Linux
   The Docker image is based on Kali Linux, a popular penetration testing distribution. Kali provides all the essential security tools (Nmap, Nikto, SQLMap, WPScan, Dirb, Searchsploit) pre-installed or easily installable, forming the foundation for the server.

3. Python
   Python is used to implement the server logic. The main server script (server.py) exposes the security tools via a FastMCP-compatible API, handles input validation, manages subprocess execution, and provides structured logging. Python acts as the bridge between the MCP client and the underlying Kali Linux tools.

Chronology:

• Docker builds a Kali Linux-based image.
• Kali Linux supplies the pentesting toolset.
• Python runs the server, exposing tools securely to the MCP ecosystem.

📚 Learn More

• MCP Servers on GitHub
• FastMCP Python Client
• Kali Linux

⚠️ Legal & Usage

For authorized and educational use only.
Always obtain permission before scanning or testing any system.

🤝 Contributing

Pull requests and issues are welcome! Help make pentesting safer and more accessible.