Skip to main content
Glama
yassserhabib

AI-Pentest-MCP

by yassserhabib

๐Ÿ›ก๏ธ AI-Powered Pentesting Automation Platform (MCP-Based)

AI Pentest Automation

An AI-driven security automation platform that integrates traditional penetration testing tools into a unified, natural-language-driven workflow using the Model Context Protocol (MCP).

The system orchestrates multiple security tools and transforms raw outputs into structured, actionable insights through an AI interface.


๐Ÿ–ผ๏ธ Example Output

AI Pentest Automation


Related MCP server: MCPPentestBOT

๐Ÿš€ Overview

Security assessments often require chaining multiple tools and manually interpreting outputs.

This platform streamlines that process by enabling natural-language execution of reconnaissance and vulnerability analysis tasks, while automatically handling tool orchestration, output aggregation, and result interpretation.


๐Ÿง  Engineering Approach

Designed and implemented a modular security automation system using MCP as an orchestration layer.

Developed Python-based adapters to integrate external security tools, handled execution and parsing logic, and ensured reliable cross-platform operation.

Focused on transforming fragmented tool outputs into a cohesive, AI-assisted analysis workflow.


๐Ÿง  Architecture

User (Natural Language)
        โ†“
Claude Desktop (AI Interface)
        โ†“
MCP Server (Python)
        โ†“
Security Tools (Nmap, Nikto, Gobuster, etc.)
        โ†“
Aggregated Results โ†’ AI Summary

๐Ÿ”ง Integrated Tools

  • Nmap โ€” network reconnaissance and port scanning

  • Nikto โ€” web server vulnerability analysis

  • Gobuster โ€” directory and file enumeration

  • testssl.sh โ€” SSL/TLS configuration analysis

  • HTTP Header Scanner โ€” security header misconfiguration detection

  • Ping Tool โ€” host availability checks


โš™๏ธ Features

  • Natural-language-driven security testing

  • Multi-tool orchestration through MCP

  • Automated scan execution and result aggregation

  • AI-assisted vulnerability summarization

  • Cross-platform support (macOS / Linux / Windows via WSL)

  • Modular architecture for adding new tools


๐ŸŽฏ Use Case

This platform is designed to accelerate reconnaissance and initial vulnerability assessment by reducing manual tool execution and simplifying result interpretation.

It can serve as a foundation for building automated security workflows, internal tooling, or AI-assisted penetration testing pipelines.


๐Ÿงช Example Usage

Inside Claude Desktop:

Ping scanme.nmap.org
Scan scanme.nmap.org with nmap
Run nikto against http://scanme.nmap.org
Run gobuster against http://scanme.nmap.org
Check security headers for https://example.com

๐Ÿ“ Project Structure

ai-pentest-mcp/
โ”œโ”€โ”€ server.py
โ”œโ”€โ”€ nmap_scanner.py
โ”œโ”€โ”€ nikto_scanner.py
โ”œโ”€โ”€ gobuster_scanner.py
โ”œโ”€โ”€ header_scanner.py
โ”œโ”€โ”€ testssl_scanner.py
โ”œโ”€โ”€ ping_tool.py
โ”œโ”€โ”€ requirements.txt
โ””โ”€โ”€ README.md

โšก Setup

1. Clone the repository

git clone https://github.com/yassserhabib/ai-pentest-mcp.git
cd ai-pentest-mcp

2. Create a virtual environment

macOS / Linux / WSL:

python3 -m venv venv
source venv/bin/activate

Windows (PowerShell):

python -m venv venv
venv\Scripts\Activate.ps1

3. Install Python dependencies

pip install -r requirements.txt

4. Install required tools

Ensure the following tools are installed and available in your system PATH:

  • nmap

  • gobuster

  • curl

  • nikto

  • testssl.sh

macOS (Homebrew)

brew install nmap gobuster curl

Nikto and testssl may require manual setup depending on your environment.

Linux (Debian/Ubuntu)

sudo apt update
sudo apt install -y nmap gobuster curl nikto
git clone --depth 1 https://github.com/drwetter/testssl.sh.git ~/testssl
chmod +x ~/testssl/testssl.sh

Windows

For Windows, the recommended setup is WSL (Windows Subsystem for Linux).

Install the tools inside WSL:

sudo apt update
sudo apt install -y nmap gobuster curl nikto
git clone --depth 1 https://github.com/drwetter/testssl.sh.git ~/testssl
chmod +x ~/testssl/testssl.sh

Running the full toolchain through WSL is more reliable than native Windows installations for this workflow.

5. Configure Claude Desktop (MCP)

macOS

Edit:

~/Library/Application Support/Claude/claude_desktop_config.json

Add:

{
  "mcpServers": {
    "pentest": {
      "command": "/path/to/venv/bin/python",
      "args": ["/path/to/server.py"]
    }
  }
}

Linux

Configure Claude Desktop to launch the server with your Python environment and project path:

{
  "mcpServers": {
    "pentest": {
      "command": "/path/to/venv/bin/python",
      "args": ["/path/to/server.py"]
    }
  }
}

Windows (WSL)

Edit the Claude Desktop config file and use WSL to launch the server:

{
  "mcpServers": {
    "pentest": {
      "command": "wsl",
      "args": ["python3", "/home/YOUR_WSL_USERNAME/ai-pentest-mcp/server.py"]
    }
  }
}

Replace YOUR_WSL_USERNAME with your actual WSL username.

Restart Claude Desktop after saving the configuration.


๐Ÿงฉ How It Works

Each tool is wrapped in a Python adapter that:

  1. Receives input arguments

  2. Executes the underlying CLI tool

  3. Captures output

  4. Returns results to the MCP server

The MCP server exposes these tools to the AI interface, enabling execution through natural-language commands.


๐Ÿ” Security Considerations

  • Input validation is implemented to reduce command injection risk

  • Tool execution is isolated through subprocess handling

  • Only authorized targets should be scanned


โš ๏ธ Disclaimer

This project is intended for educational and authorized security testing purposes only. Testing should only be performed on systems you own or have explicit permission to assess.


๐Ÿง  Project Background

Designed and implemented an AI-driven penetration testing automation system using the Model Context Protocol (MCP).

The system integrates multiple security tools through a custom orchestration layer, enabling natural-language execution of scans and automated analysis of results.

Built Python-based adapters, resolved tool integration challenges, and ensured reliable cross-platform execution of the workflow.

F
license - not found
-
quality - not tested
D
maintenance

Maintenance

โ€“Maintainers
โ€“Response time
โ€“Release cycle
โ€“Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yassserhabib/ai-pentest-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server