PenTest MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | Logging verbosity. | INFO |
| GROQ_MODEL | No | LLM model for analysis. | llama-3.1-70b-versatile |
| SESSION_DIR | No | Session storage path. | ~/.pentest-mcp/sessions |
| GROQ_API_KEY | Yes | Your Groq API key (required for LLM analysis). | |
| GROQ_MAX_TOKENS | No | Max response tokens for the LLM. | 8192 |
| GROQ_TEMPERATURE | No | LLM temperature setting. | 0.2 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| init_sessionC | Initialize new security assessment session |
| get_reportC | Generate final security assessment report |
| quick_scanB | Fast triage scan (10-15 min): WAF detection, subdomain enum, top-port scan, header analysis, TLS audit, tech fingerprinting, sensitive file discovery, SSRF probe, CSRF check |
| extensive_scanA | Comprehensive scan (20-45 min): WAF detection, full recon, top-1000 port scan, tech fingerprinting, TLS audit, directory discovery, XSS, SQLi, CSRF, sensitive file discovery |
| subfinderC | Passive subdomain enumeration |
| wafw00fD | Web Application Firewall detection |
| nmapC | Port scanning and service detection |
| nucleiC | Fast vulnerability scanner with templates |
| sqlmapC | SQL injection detection and exploitation |
| dalfoxD | XSS vulnerability scanner |
| ffufC | Fast web fuzzer for directory/file discovery |
| sslyzeC | TLS/SSL configuration analyzer |
| whatwebC | Web technology fingerprinting |
| testsslC | TLS/SSL security testing |
| niktoC | Web server vulnerability scanner |
| gobusterC | Directory/file brute forcing |
| wfuzzC | Web application fuzzer |
| arjunD | HTTP parameter discovery |
| masscanC | Fast port scanner |
| amassD | Advanced subdomain enumeration |
| dnsreconC | DNS enumeration and reconnaissance |
| theharvesterD | OSINT gathering from public sources |
| retireC | JavaScript library vulnerability scanner |
| trufflehogC | Secret and credential scanner |
| git_dumperC | Exposed .git directory dumper |
| commixC | Command injection vulnerability scanner |
| corscannerC | CORS misconfiguration scanner |
| jwt_toolC | JWT security testing |
| graphql_copC | GraphQL security scanner |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/MohitSahoo/MCPToolForWebVulnerabilities-'
If you have feedback or need assistance with the MCP directory API, please join our Discord server