Pentest-Tools

Pentest Tools MCP Server provides a modular set of penetration testing utilities exposed through the MCP protocol for compatibility with Claude Desktop, Roo Code, and other MCP clients. It bundles reconnaissance, directory and vulnerability scanning, API testing, and reporting capabilities, with pre-configured wordlists and templates to streamline repeatable assessments. You can invoke the server’s tools either via Claude Desktop commands or through a compatible MCP client by selecting the appropriate server alias (pentest-tools) and issuing subcommands like recon, scan, or api against target hosts. The server supports both targeted commands (e.g., /recon example.com or /scan example.com --type directory) and natural language prompts (e.g., “Run a full security scan on example.com”). The integration is designed to work in both Docker-based deployments and local Python environments using uv (uvx) as the runner.

Prerequisites

• Docker and Docker Compose (recommended for containerized setup)
• Claude Desktop or another MCP-compatible client
• Python 3.10+ (for local setup)

Install and run (Docker-based)

1. Ensure Docker and Docker Compose are installed on your system.
2. Follow the repository’s Docker setup: build and start the container with docker-compose.

Commands:

# From the project root
docker-compose up -d --build

3. Verify the container is running:

docker-compose ps

4. Check logs if needed:

docker-compose logs -f

Local (Python uv) setup

1. Create and activate a Python virtual environment (recommended):

python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

2. Install Python dependencies:

pip install -r requirements.txt

3. Run the MCP server locally:

python pentest-tools-mcp-server.py

System tools (example for Ubuntu/Debian) you may install for pentest utilities:

sudo apt-get install nmap whatweb dnsrecon theharvester ffuf dirsearch sqlmap

Note: The README mentions a standard directory layout (reports, templates, wordlists, etc.). Ensure you have created or mounted these paths if running in Docker, and configure Claude Desktop to point to the correct working directory (see Claude Desktop integration details in the README).

• The MCP server expects a working directory containing docker-compose.yml and pentest-tools-mcp-server.py when using the Docker-based integration. Ensure path references (cwd) are absolute when configuring Claude Desktop on Windows.
• If Claude Desktop cannot locate the correct working directory, use the alternative command configuration shown in the README, which runs docker-compose via a Windows CMD shell.
• Before running scans, ensure you have permission to assess the target and that you’re compliant with local laws and engagement rules.
• Keep tools and dependencies updated; consider mapping reports to the reports/ directory and using the templates under templates/ for consistent report generation.