FROM debian:stable-slim AS runtime
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND=noninteractive \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PATH=/usr/local/bin:$PATH \
MCP_HOST=0.0.0.0 \
MCP_PORT=8080
WORKDIR /opt/pentest-mcp
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 python3-pip \
nmap sqlmap \
curl wget whois dnsutils iputils-ping \
git procps ca-certificates tini \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY bin/ /usr/local/bin/
RUN chmod +x /usr/local/bin/*
RUN nuclei -update-templates -silent || true
COPY requirements.txt .
RUN pip3 install --break-system-packages -r requirements.txt
RUN git clone --depth 1 https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb \
&& ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit \
&& rm -rf /opt/exploitdb/.git
RUN pip3 install --break-system-packages \
git+https://github.com/laramies/theHarvester.git
COPY tools/ ./tools/
COPY utils/ ./utils/
COPY seclists/ ./seclists/
COPY pentestMCP.py pentestMCP-sse.py start_services.sh ./
RUN sed -i 's/\r$//' start_services.sh
RUN chmod +x start_services.sh
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
CMD curl -f http://localhost:${MCP_PORT}/health 2>/dev/null || exit 0
# Use tini as init to handle signals and reap zombies properly
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["./start_services.sh"]
