MCP Pentest

# MCP Pentest - Automated Penetration Testing Framework MCP (Model Context Protocol) server untuk automated penetration testing yang cerdas. Framework ini dapat secara otomatis melakukan reconnaissance, vulnerability scanning, dan controlled exploitation berdasarkan teknologi target yang terdeteksi. ## 🚀 Features ### 🔍 Reconnaissance Tools - **Port Scanning** - Comprehensive Nmap integration dengan berbagai scan modes - **Subdomain Enumeration** - Certificate transparency logs + DNS bruteforcing - **Technology Detection** - Automatic web technology fingerprinting - **Directory Bruteforcing** - Intelligent directory and file discovery ### 🛡️ Vulnerability Assessment - **Nuclei Integration** - Automated vulnerability scanning dengan template database - **Nikto Scanning** - Web server vulnerability detection - **SQLMap Integration** - SQL injection testing - **Custom Web Vulnerability Checks** - XSS, Directory Traversal, Command Injection, dll ### ⚡ Exploitation Modules - **Metasploit Integration** - Automatic exploit search dan execution - **Custom Exploit Attempts** - Framework-specific exploitation - **Technology-Specific Exploits** - Targeted attacks berdasarkan tech stack - **Proof-of-Concept Generation** - Automated PoC creation ### 🤖 Intelligent Workflow Engine - **Adaptive Decision Making** - AI-driven next step recommendations - **Risk-Based Prioritization** - Smart vulnerability prioritization - **Technology-Aware Testing** - Customized testing berdasarkan detected technologies - **Automated Workflow Management** - Sequential phase execution dengan dependency handling ### 📊 Comprehensive Reporting - **Multi-Format Reports** - HTML, PDF, JSON, Markdown output - **Executive Summaries** - Business-friendly risk assessments - **Technical Details** - Detailed vulnerability descriptions dan remediation - **Evidence Collection** - Automatic proof collection dan documentation ## 📋 Prerequisites ### Required Tools Pastikan tools berikut sudah terinstall di sistem: ```bash # Network scanning sudo apt install nmap # Web vulnerability scanning go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest # Web server scanning sudo apt install nikto # SQL injection testing sudo apt install sqlmap # Optional: Metasploit (untuk advanced exploitation) curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall sudo ./msfinstall ``` ### Node.js Dependencies ```bash npm install ``` ## 🛠️ Installation 1. **Clone repository** ```bash git clone <repository-url> cd mcp-pentest ``` 2. **Install dependencies** ```bash npm install ``` 3. **Build project** ```bash npm run build ``` 4. **Configure MCP client** Tambahkan ke file konfigurasi MCP client Anda: ```json { "mcpServers": { "pentest": { "command": "node", "args": ["path/to/mcp-pentest/dist/index.js"], "env": {} } } } ``` ## 🎯 Usage Examples ### Basic Automated Pentest ```typescript // Full scope automated pentest await mcp.call("auto_pentest", { target: "example.com", scope: "full", intensity: "active" }); ``` ### Reconnaissance Only ```typescript // Port scanning await mcp.call("nmap_scan", { target: "192.168.1.1", scan_type: "aggressive" }); // Technology detection await mcp.call("tech_detection", { url: "https://example.com" }); // Subdomain enumeration await mcp.call("subdomain_enum", { domain: "example.com" }); ``` ### Vulnerability Scanning ```typescript // Nuclei scan with specific templates await mcp.call("nuclei_scan", { target: "https://example.com", templates: ["cves", "vulnerabilities"], severity: "high" }); // SQL injection testing await mcp.call("sqlmap_scan", { url: "https://example.com/login.php", data: "username=admin&password=test" }); ``` ### Exploitation Attempts ```typescript // Search for Metasploit modules await mcp.call("metasploit_search", { service: "Apache 2.4.41", platform: "linux" }); // Attempt exploitation await mcp.call("exploit_attempt", { target: "192.168.1.100", vulnerability: "SQL Injection", payload: "UNION SELECT" }); ``` ### Intelligent Next Steps ```typescript // Get AI-powered recommendations await mcp.call("suggest_next_steps", { scan_results: JSON.stringify(previousResults) }); ``` ### Report Generation ```typescript // Generate comprehensive report await mcp.call("generate_report", { target: "example.com", format: "html" }); ``` ## 🔧 Configuration ### Scan Intensity Levels #### Passive - Certificate transparency logs - DNS enumeration - Header analysis - Public information gathering #### Active - Port scanning - Directory bruteforcing - Vulnerability scanning - Service enumeration #### Aggressive - Full port range scanning - Intensive directory bruteforcing - Active exploitation attempts - Comprehensive vulnerability testing ### Scope Options #### Network - Port scanning - Service enumeration - Network vulnerability assessment #### Web - Web application testing - Technology fingerprinting - Web vulnerability scanning #### Full - Comprehensive assessment - Network + Web testing - Complete attack surface analysis ## 🛡️ Security Considerations ### Ethical Usage ⚠️ **IMPORTANT**: Framework ini hanya boleh digunakan untuk: - Authorized penetration testing - Security research dengan permission - Testing terhadap sistem milik sendiri - Educational purposes ### Safety Features - **Rate limiting** - Automatic request throttling - **Timeout controls** - Prevent long-running scans - **Scope validation** - Target validation dan restriction - **Safe exploitation** - Controlled dan reversible tests ### Legal Compliance - Pastikan ada **written authorization** sebelum testing - Comply dengan **local laws dan regulations** - Respect **responsible disclosure** practices - Document semua testing activities ## 📊 Sample Output ### Automated Pentest Results ```json { "workflow": { "target": "example.com", "scope": "full", "phases": [ { "name": "reconnaissance", "status": "completed", "tools": ["nmap_scan", "subdomain_enum", "tech_detection"] } ], "results": { "reconnaissance": { "open_ports": [ {"port": 80, "service": "http", "version": "Apache 2.4.41"}, {"port": 443, "service": "https", "version": "Apache 2.4.41"} ], "technologies": [ {"technology": "WordPress", "version": "5.8", "confidence": 95} ] }, "vulnerabilities": [ { "name": "Outdated WordPress", "severity": "medium", "description": "WordPress version 5.8 has known vulnerabilities" } ], "risk_score": 65, "threat_level": "medium" } } } ``` ## 🔄 Workflow Engine Framework menggunakan intelligent workflow engine yang dapat: 1. **Analyze scan results** - Automatically interpret findings 2. **Make decisions** - Determine next testing steps 3. **Adapt strategy** - Modify approach based on discoveries 4. **Prioritize actions** - Focus on high-impact vulnerabilities 5. **Generate insights** - Provide actionable recommendations ### Decision Making Logic ``` Reconnaissance → Technology Detection → Vulnerability Assessment → Risk Analysis → Exploitation → Reporting ↓ ↓ ↓ ↓ ↓ ↓ Port Discovery → CMS/Framework → Targeted Scanning → Priority Queue → Controlled → Evidence Subdomain Enum → Version Info → Custom Checks → Risk Scoring → Attempts → Collection ``` ## 🏗️ Architecture ``` ┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐ │ MCP Client │ │ MCP Protocol │ │ Pentest Server │ │ (Claude/etc) │◄──►│ Transport │◄──►│ (Node.js) │ └─────────────────┘ └──────────────────┘ └─────────────────┘ │ ┌─────────────────┐ │ Tool Integration │ │ - Nmap │ │ - Nuclei │ │ - Nikto │ │ - SQLMap │ │ - Metasploit │ └─────────────────┘ ``` ## 🤝 Contributing 1. Fork repository 2. Create feature branch 3. Implement changes dengan tests 4. Submit pull request 5. Follow security best practices ## 📜 License MIT License - See LICENSE file for details ## ⚠️ Disclaimer Tool ini dibuat untuk tujuan educational dan authorized security testing. User bertanggung jawab untuk memastikan penggunaan yang legal dan ethical. Developer tidak bertanggung jawab atas penyalahgunaan tool ini. ## 🆘 Support - 📖 Documentation: [Wiki](link-to-wiki) - 🐛 Bug Reports: [Issues](link-to-issues) - 💬 Discussions: [Forum](link-to-forum) - 📧 Contact: [Email](mailto:security@example.com)