#pentest

pentestMCP: AI-Powered Penetration Testing via MCP pentestMCP provides a powerful bridge between Large Language Models (LLMs) and practical penetration testing tools through the Model Context Protocol (MCP). This project functions as an MCP Server, exposing a curated suite of over 20 standard security assessment utilities (Nmap, Nuclei, ZAP, SQLMap, etc.) as callable 'tools'. This allows AI agents within MCP-compatible clients (like Claude Desktop or specific VS Code setups) to leverage these utilities for automated and interactive security analysis tasks.

MCP server for interacting with the APVISO AI-powered penetration testing platform from Claude Code, Cursor, Windsurf, Codex, and other MCP-compatible tools.

WhoisJSON MCP Server exposes four domain intelligence tools directly inside Claude, Cursor, and Windsurf — no code required. whois_lookup: Full WHOIS registration record for any domain — registrar, creation and expiry dates, nameservers, registrant contacts, and DNSSEC status. dns_lookup: All DNS records in a single call — A, AAAA, MX, TXT, CNAME, NS, SOA, CAA, DMARC, and more. Useful for mail server audits, SPF/DKIM verification, and infrastructure mapping. ssl_check: TLS certificate details including issuer, expiry date, Subject Alternative Names, and full chain validity. Detect expired or misconfigured certificates instantly. domain_availability: Instant registration availability check for any TLD. Returns a clear registered/available status. Your WhoisJSON API key works identically for the REST API and the MCP server. 1,000 free requests/month, no credit card required. Get your API key at whoisjson.com.

Scan APIs for security vulnerabilities and get OWASP risk scores. Detects auth bypass, BOLA/IDOR, data exposure, prompt injection, and 12+ security categories.

A Python MCP Server that connects Large Language Models natively to a comprehensive suite of offensive security tools.

MCPwner is a Model Context Protocol (MCP) server that integrates security testing tools into LLM-driven workflows. It provides a unified interface for secret scanning, static analysis (SAST), software composition analysis (SCA), and vulnerability research including 0-day discovery. Instead of manually chaining tools and pasting outputs into your LLM, MCPwner standardizes and streams results directly into the model's working context. This enables continuous reasoning, correlation, and attack path discovery across the entire security research lifecycle - from identifying known vulnerabilities to uncovering novel attack vectors.

All-in-one offensive security toolbox with AI agent and MCP architecture. Integrates tools like Nmap, Metasploit, FFUF, SQLMap. Enables pentesting, bug bounty hunting, threat hunting, and reporting. RAG-based responses with local knowledge base support.

Repository for creating an automatic pentesting agent using MCP servers.

Mirror of

A Nuclei security scanning server based on MCP (Model Control Protocol), providing convenient vulnerability scanning services.一个基于 MCP (Model Control Protocol) 的 Nuclei 安全扫描服务器，提供便捷的漏洞扫描服务。

Plugin for JADX to integrate MCP server

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

MCP configuration to connect AI agent to a Linux machine.

NOT for educational purposes: An MCP server for professional penetration testers including nmap, go/dirbuster, nikto, JtR, wordlist building, and more.

NOT for educational purposes: An MCP server for professional penetration testers including nmap, go/dirbuster, nikto, JtR, wordlist building, and more.

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

The most powerful Android RPA agent framework, next generation of mobile automation robots.

A simple POC to expose Mythic as a MCP server

An MCP server for pentesting. Contributors wanted!