AI-Pentest-MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AI-Pentest-MCPScan scanme.nmap.org with nmap"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
๐ก๏ธ AI-Powered Pentesting Automation Platform (MCP-Based)

An AI-driven security automation platform that integrates traditional penetration testing tools into a unified, natural-language-driven workflow using the Model Context Protocol (MCP).
The system orchestrates multiple security tools and transforms raw outputs into structured, actionable insights through an AI interface.
๐ผ๏ธ Example Output

Related MCP server: MCPPentestBOT
๐ Overview
Security assessments often require chaining multiple tools and manually interpreting outputs.
This platform streamlines that process by enabling natural-language execution of reconnaissance and vulnerability analysis tasks, while automatically handling tool orchestration, output aggregation, and result interpretation.
๐ง Engineering Approach
Designed and implemented a modular security automation system using MCP as an orchestration layer.
Developed Python-based adapters to integrate external security tools, handled execution and parsing logic, and ensured reliable cross-platform operation.
Focused on transforming fragmented tool outputs into a cohesive, AI-assisted analysis workflow.
๐ง Architecture
User (Natural Language)
โ
Claude Desktop (AI Interface)
โ
MCP Server (Python)
โ
Security Tools (Nmap, Nikto, Gobuster, etc.)
โ
Aggregated Results โ AI Summary๐ง Integrated Tools
Nmap โ network reconnaissance and port scanning
Nikto โ web server vulnerability analysis
Gobuster โ directory and file enumeration
testssl.sh โ SSL/TLS configuration analysis
HTTP Header Scanner โ security header misconfiguration detection
Ping Tool โ host availability checks
โ๏ธ Features
Natural-language-driven security testing
Multi-tool orchestration through MCP
Automated scan execution and result aggregation
AI-assisted vulnerability summarization
Cross-platform support (macOS / Linux / Windows via WSL)
Modular architecture for adding new tools
๐ฏ Use Case
This platform is designed to accelerate reconnaissance and initial vulnerability assessment by reducing manual tool execution and simplifying result interpretation.
It can serve as a foundation for building automated security workflows, internal tooling, or AI-assisted penetration testing pipelines.
๐งช Example Usage
Inside Claude Desktop:
Ping scanme.nmap.org
Scan scanme.nmap.org with nmap
Run nikto against http://scanme.nmap.org
Run gobuster against http://scanme.nmap.org
Check security headers for https://example.com๐ Project Structure
ai-pentest-mcp/
โโโ server.py
โโโ nmap_scanner.py
โโโ nikto_scanner.py
โโโ gobuster_scanner.py
โโโ header_scanner.py
โโโ testssl_scanner.py
โโโ ping_tool.py
โโโ requirements.txt
โโโ README.mdโก Setup
1. Clone the repository
git clone https://github.com/yassserhabib/ai-pentest-mcp.git
cd ai-pentest-mcp2. Create a virtual environment
macOS / Linux / WSL:
python3 -m venv venv
source venv/bin/activateWindows (PowerShell):
python -m venv venv
venv\Scripts\Activate.ps13. Install Python dependencies
pip install -r requirements.txt4. Install required tools
Ensure the following tools are installed and available in your system PATH:
nmap
gobuster
curl
nikto
testssl.sh
macOS (Homebrew)
brew install nmap gobuster curlNikto and testssl may require manual setup depending on your environment.
Linux (Debian/Ubuntu)
sudo apt update
sudo apt install -y nmap gobuster curl nikto
git clone --depth 1 https://github.com/drwetter/testssl.sh.git ~/testssl
chmod +x ~/testssl/testssl.shWindows
For Windows, the recommended setup is WSL (Windows Subsystem for Linux).
Install the tools inside WSL:
sudo apt update
sudo apt install -y nmap gobuster curl nikto
git clone --depth 1 https://github.com/drwetter/testssl.sh.git ~/testssl
chmod +x ~/testssl/testssl.shRunning the full toolchain through WSL is more reliable than native Windows installations for this workflow.
5. Configure Claude Desktop (MCP)
macOS
Edit:
~/Library/Application Support/Claude/claude_desktop_config.jsonAdd:
{
"mcpServers": {
"pentest": {
"command": "/path/to/venv/bin/python",
"args": ["/path/to/server.py"]
}
}
}Linux
Configure Claude Desktop to launch the server with your Python environment and project path:
{
"mcpServers": {
"pentest": {
"command": "/path/to/venv/bin/python",
"args": ["/path/to/server.py"]
}
}
}Windows (WSL)
Edit the Claude Desktop config file and use WSL to launch the server:
{
"mcpServers": {
"pentest": {
"command": "wsl",
"args": ["python3", "/home/YOUR_WSL_USERNAME/ai-pentest-mcp/server.py"]
}
}
}Replace YOUR_WSL_USERNAME with your actual WSL username.
Restart Claude Desktop after saving the configuration.
๐งฉ How It Works
Each tool is wrapped in a Python adapter that:
Receives input arguments
Executes the underlying CLI tool
Captures output
Returns results to the MCP server
The MCP server exposes these tools to the AI interface, enabling execution through natural-language commands.
๐ Security Considerations
Input validation is implemented to reduce command injection risk
Tool execution is isolated through subprocess handling
Only authorized targets should be scanned
โ ๏ธ Disclaimer
This project is intended for educational and authorized security testing purposes only. Testing should only be performed on systems you own or have explicit permission to assess.
๐ง Project Background
Designed and implemented an AI-driven penetration testing automation system using the Model Context Protocol (MCP).
The system integrates multiple security tools through a custom orchestration layer, enabling natural-language execution of scans and automated analysis of results.
Built Python-based adapters, resolved tool integration challenges, and ensured reliable cross-platform execution of the workflow.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/yassserhabib/ai-pentest-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server