Cracken
Provides Docker-based sandbox execution for penetration testing tools, ensuring isolation and reproducibility; includes pre-built Ubuntu and Kali Linux images.
Integrates with Google Gemini models via API for AI-powered security assessments, supporting multi-agent and autonomous modes.
Allows n8n to act as an MCP client, enabling integration of Cracken's penetration testing capabilities into automated workflows.
Supports Ollama for running local LLMs, enabling offline AI capabilities for penetration testing without external API dependencies.
Connects to OpenAI's API to use GPT models for AI-assisted penetration testing, including task planning and tool orchestration.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Crackenscan example.com for open ports and services"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Cracken π¦
AI-Powered Penetration Testing Framework
Cracken β automated penetration testing powered by AI.
Built on LiteLLM, supporting any provider. Run locally, inside Docker, or as an MCP server for Claude Desktop, Cursor, n8n, and more.
Features
Feature | Details |
π€ Multi-Agent Modes | 4 modes: Assist (single-shot), Agent (autonomous loop), Crew (orchestrator + workers), Interact (guided chat) |
π MCP Server | Expose as MCP server (STDIO / SSE) β integrate with Claude Desktop, Cursor, n8n, custom clients |
π§ Report Generator | Auto-generate penetration test reports in Markdown or HTML from findings and session logs |
π³ Docker Ready | Pre-built Ubuntu and Kali Linux images β |
π Security First | Scope validation, command injection guards, API key leak prevention built-in |
𧩠Extensible Tools | Self-registering tool system β drop a new tool in |
π Playbooks | THP3 methodology playbooks for recon, network, and web application testing |
π RAG Engine | Optional FAISS + sentence-transformers for semantic knowledge retrieval from local docs |
β‘ Async Architecture | Full async/await β concurrent tool execution, non-blocking agent loops |
Related MCP server: pentestMCP
Quick Start
# Clone
git clone https://github.com/keyreyla/cracken.git
cd cracken
# Auto setup
./scripts/setup.sh # Linux/macOS
.\scripts\setup.ps1 # Windows
# Or manual
python -m venv venv
source venv/bin/activate
pip install -e ".[all]"
playwright install chromiumConfiguration
Create a .env file (or use cracken login for interactive setup):
ANTHROPIC_API_KEY=sk-ant-...
CRACKEN_MODEL=claude-sonnet-4-20250514
# Optional
OPENAI_API_KEY=sk-... # OpenAI provider
GEMINI_API_KEY=... # Google Gemini
TAVILY_API_KEY=... # Web search toolConfig is loaded from ~/.cracken/env (global) > CWD/.env (project) > package root .env.
# Interactive setup β configures provider, model, API keys
cracken loginUsage
cracken # Launch TUI
cracken -t 192.168.1.1 # TUI with target pre-set
cracken tui --docker # Run inside Docker sandbox
cracken run -t target.com --playbook thp3_web # Headless modeTUI Commands
Command | Description |
| Single instruction + tool execution, returns immediately |
| Autonomous agent loop: think β tool β observe β repeat |
| Multi-agent orchestration with specialist workers |
| Guided interactive chat β you stay in control |
| Generate narrative LLM report |
| Fast Markdown report |
| Fast HTML report with dark theme |
| View saved findings |
| Set assessment target |
| List available tools |
| Spawn a child MCP agent |
| Manage workspaces |
| Add, list, or manage MCP servers |
Report Generator
Reports are generated from:
Notes β findings saved during assessment (
loot/notes.json)Session logs β all tool calls, outputs, and agent reasoning
Structured metadata β targets, ports, CVEs, credentials, services
# In TUI
/report md β Markdown
/report html β HTML with dark theme
# Headless
cracken run -t target.com --task "full scan" --report auto
# β loot/reports/<target>_<timestamp>.md
# Via MCP (from any client)
generate_report fmt="html"Docker
# Ubuntu base image
docker compose run --rm cracken
# Kali Linux (Metasploit, SQLMap, Hydra, etc.)
docker compose --profile kali run --rm cracken-kaliImages: ghcr.io/keyreyla/cracken:latest / :kali
MCP Server
Cracken can operate as an MCP server β integrate into any MCP-compatible client.
STDIO (local clients)
cracken mcp_server --type stdioSSE (network clients)
cracken mcp_server --type sse --host 0.0.0.0 --port 8080Claude Desktop Configuration
{
"mcpServers": {
"cracken": {
"command": "cracken",
"args": ["mcp_server", "--type", "stdio"]
}
}
}Exposed MCP Tools
Category | Tools |
Status / Config |
|
Task Execution |
|
Task Inspection |
|
Task Control |
|
Tool Management |
|
Conversation |
|
Memory |
|
Observability |
|
Async Task Pattern
run_task_async task="Enumerate subdomains of example.com"
run_task_async task="Run nmap SYN scan on example.com"
await_tasks task_ids=["<id1>", "<id2>"] timeout_seconds=300
get_task_result task_id="<id1>"CLI Reference
cracken [COMMAND] [OPTIONS]
Commands:
tui Launch TUI (interactive mode)
run Headless mode with task or playbook
login Interactive provider setup
mcp Manage MCP server connections
mcp_server Expose Cracken as an MCP server (stdio/sse)
tools List, call, or inspect tools
workspace Workspace lifecycle commands
target Add or list targets
Global Flags:
-t, --target Assessment target (IP/hostname/URL)
-m, --model LLM model override
-d, --docker Use Docker sandbox for tool execution
-v, --version Show versionDevelopment
pip install -e ".[dev]"
pytest # 625+ tests
pytest --cov=cracken # coverage report
black cracken && ruff check cracken # format & lintSee CONTRIBUTING.md for detailed guidelines.
Project Structure
cracken/
agents/ β Agent implementations (single, crew, shadow graph)
crew/ β Multi-agent orchestrator, worker pool
pa_agent/ β Single autonomous agent
prompts/ β Jinja2 prompt templates
config/ β Settings, constants, 9Router client
interface/ β TUI (Textual), CLI (Typer), login, reporter
knowledge/ β FAISS RAG engine, indexer, shadow knowledge graph
llm/ β LiteLLM wrapper, conversation memory
mcp/ β MCP client manager, server transports
playbooks/ β THP3 methodology playbooks
runtime/ β Local and Docker tool execution
tools/ β Built-in tools registry
workspaces/ β Workspace isolation and lifecycle
loot/ β Persisted findings (git-ignored)
mcp_examples/ β Example MCP configurations
tests/ β Pytest suite (625+ tests)Architecture Overview
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β User Interface β
β ββββββββββββ ββββββββββββ βββββββββββββββββββββ β
β β TUI β β CLI β β MCP Client (3rd) β β
β β (Textual)β β (Typer) β β Claude/Cursor/n8n β β
β ββββββ¬ββββββ ββββββ¬ββββββ ββββββββββ¬βββββββββββ β
β βββββββββββββββΌββββββββββββββββββ β
β βΌ β
β ββββββββββββββββ β
β β Agent Core β β
β β (Base/PaAgentβ β
β β /Crew) β β
β ββββββββ¬ββββββββ β
β βΌ β
β ββββββββββββ ββββββββββββ βββββββββββββββββββββ β
β β LLM β β Runtime β β Tool Registry β β
β β(LiteLLM) β β(Local/ β β (Self-registering)β β
β β β β Docker) β β β β
β ββββββββββββ ββββββββββββ βββββββββββββββββββββ β
β ββββββββββββ ββββββββββββ βββββββββββββββββββββ β
β β RAG β β MCP β β Workspace/Notes β β
β β (FAISS) β β Server β β Persistence β β
β ββββββββββββ ββββββββββββ βββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββFAQ
Q: Does Cracken require a GPU?
A: No. The RAG engine (optional) benefits from a GPU for embedding generation, but the core agent works on CPU.
Q: Can I use Cracken with Ollama/local models?
A: Yes β LiteLLM supports Ollama. Set OLLAMA_BASE_URL in .env and use model prefix ollama/.
Q: How is this different from other AI pentest tools?
A: Cracken combines multi-agent orchestration, MCP server capability, and full autonomy in a single package β it works both as a standalone TUI and as a drop-in agent for any MCP client.
Q: Can I use Cracken headless/CI?
A: Yes β cracken run accepts a task and produces reports. Use --report auto to save results without a TTY.
Legal
Only use against systems you have explicit written authorization to test.
Unauthorized access is illegal. See SECURITY.md for our disclosure policy.
License
MIT β Copyright (c) 2025 Masic, 2026 keyreyla.
See LICENSE.txt for full text.
This project is a fork of PentestAgent β the original AI penetration testing framework by Masic. Rebranded and enhanced by keyreyla.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/keyreyla/cracken'
If you have feedback or need assistance with the MCP directory API, please join our Discord server