by DMontgomery40 · MCP Server · ★ 127
Last updated: · Indexed by AgentSkillsHub · Auto-synced every 8h
Pentest MCP Professional penetration-testing MCP server with modern transport/auth support and expanded recon tooling. What Changed in 0.9.0 Upgraded MCP SDK to Kept MCP Inspector at the latest release () with bundled launcher Streamable HTTP is now the primary network transport () SSE is still available only as a deprecated compatibility mode Added bearer-token auth with OIDC JWKS and introspection support Added first-class tools: , , , , , , , Added report-admin tools: , Added SoW capture flow for reports using MCP elicitation () with safe template fallback Hardened command resolution so web probing uses (preferred) or validated ProjectDiscovery , avoiding Python CLI collisions Integrated bundled MCP Inspector launcher () Runtime baseline is now Node.js 22.7.5+ Added invocation metadata in new tool outputs when auth/session context is available Included Tools runJohnT
| Stars | 127 |
| Forks | 27 |
| Language | JavaScript |
| Category | MCP Server |
| License | MIT |
| Quality Score | 74.0792867332492/100 |
| Open Issues | 1 |
| Last Updated | 2026-03-23 |
| Created | 2025-04-04 |
| Platforms | mcp, node |
| Est. Tokens | ~564k |
These tools work well together with pentest-mcp for enhanced workflows:
Looking for a pentest-mcp alternative? If you're comparing pentest-mcp with other mcp server tools, these 6 projects are the closest alternatives on Agent Skills Hub — ranked by topic overlap, star count, and community traction.
A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei,
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF,
TypeScript framework for building production MCP servers. Fluent tool API, FSM gating, presenters, semantic ro
MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, rel
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and CVE/CPE vulnera
Model Context Protocol (MCP) with Gemini 2.5 Pro. Convert conversational queries into flight searches using Ge
Explore other popular mcp server tools:
pentest-mcp is NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.. It is categorized as a MCP Server with 127 GitHub stars.
pentest-mcp is primarily written in JavaScript. It covers topics such as cybersecurity, dirbuster, gobuster.
You can find installation instructions and usage details in the pentest-mcp GitHub repository at github.com/DMontgomery40/pentest-mcp. The project has 127 stars and 27 forks, indicating an active community.
pentest-mcp is released under the MIT license, making it free to use and modify according to the license terms.
The top alternatives to pentest-mcp on Agent Skills Hub include mcp-security-hub, mcp-for-security, vurb.ts. Each offers a different approach to the same problem space — compare them side-by-side by stars, quality score, and community activity.