Pentest MCP

Overview Schema Related Servers Score Discussions

pentest-mcp

MIGRATION.md•2.42 KiB

# Migration Guide: 0.8.x -> 0.9.0 ## Summary Version `0.9.0` hardens tool resolution, expands full workflow coverage, and reduces report/admin overhead. ## Breaking / Notable Changes - Node.js baseline is now `>=22.7.5` (required for bundled latest MCP Inspector) - Streamable HTTP (`MCP_TRANSPORT=http`) is the recommended network mode - SSE remains supported but deprecated - Auth config moved to `MCP_AUTH_*` + `MCP_OIDC_*` variables - New tools added: `trafficCapture`, `hydraBruteforce`, `privEscAudit`, `extractionSweep` - New report-admin tools: `listEngagementRecords`, `getEngagementRecord` - `createClientReport` now supports SoW capture through MCP elicitation (`scopeMode=ask`) with automatic template fallback - `httpx` resolution is hardened: - prefers `httpx-toolkit` - validates fallback `httpx` is ProjectDiscovery-compatible - rejects Python HTTPX CLI collisions - Bundled inspector launcher added: `pentest-mcp inspector` ## Environment Variable Migration ### Preferred (new) - `MCP_AUTH_ENABLED` - `MCP_AUTH_MODE` (currently `bearer`) - `MCP_AUTH_SCOPES` - `MCP_AUTH_AUDIENCE` - `MCP_OIDC_ISSUER` - `MCP_OIDC_JWKS_URL` - `MCP_OIDC_INTROSPECTION_URL` ### Legacy aliases (temporary) - `MCP_OAUTH_ENABLED` -> `MCP_AUTH_ENABLED` - `MCP_OAUTH_PROVIDER_URL` -> `MCP_OIDC_ISSUER` - `MCP_OAUTH_SCOPES` -> `MCP_AUTH_SCOPES` ## Transport Migration ### Recommended ```bash MCP_TRANSPORT=http npm start ``` ### Legacy compatibility ```bash MCP_TRANSPORT=sse npm start ``` SSE mode now emits deprecation warnings and should be phased out. ## Docker Migration No compose profile names changed. Existing profiles still work: ```bash docker-compose --profile stdio up docker-compose --profile http up docker-compose --profile sse up ``` Docker image now includes `hydra`, `sqlmap`, `tcpdump`, and an `httpx-toolkit` alias to ProjectDiscovery `httpx`. ## Inspector Migration Instead of installing Inspector separately: ```bash pentest-mcp inspector ``` You can pass Inspector flags directly: ```bash pentest-mcp inspector --help ``` ## Validation Checklist 1. Confirm Node runtime is 22.7.5+. 2. Run `npm install` and `npm run build`. 3. Start in `http` mode and verify `/health`. 4. Test one recon tool (`httpxProbe`) and one workflow tool (`hydraBruteforce` or `extractionSweep`). 5. Run `pentest-mcp inspector` and confirm Inspector comes up without separate install. 6. If auth is enabled, verify both missing-token and valid-token paths.

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DMontgomery40/pentest-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

MIGRATION.md•2.42 KiB