PwnDoc MCP Server exposes the PwnDoc API tools to the Model Context Protocol, allowing AI assistants to query audits, manage findings, generate reports, and interact with your pentest documentation through natural language. The server includes authentication support (username/password with automatic token refresh or pre-authenticated tokens), rate limiting, automatic retries, and comprehensive logging. You can run the server via the pwndoc-mcp command and expose it to Claude Desktop or other MCP clients through a configured entry like the pwndoc.mcp entry in Claude's mcp_servers.json, enabling tools such as auditing, finding management, and reporting endpoints to be called by the AI assistant. Tools are implemented to cover the PwnDoc API surface, including endpoints for querying documents, creating or updating findings, generating summaries, and exporting reports.

Prerequisites:

• Python 3.8+ (preferably 3.9+)
• pip (comes with Python)
• Optional: virtualenv

Installation steps (Python implementation):

1. Clone or install from PyPI

• Quick install (stable): python -m pip install pwndoc-mcp-server

• With CLI extras (if you need CLI enhancements): python -m pip install pwndoc-mcp-server[cli]

2. Verify installation pwndoc-mcp --version

3. Run the MCP server locally (default settings will prompt for auth setup) pwndoc-mcp serve

4. Configure environment variables for authentication (examples): export PWNDOC_URL="https://pwndoc.example.com" export PWNDOC_USERNAME="your-username" export PWNDOC_PASSWORD="your-password"

Or use a pre-authenticated token instead of username/password

export PWNDOC_TOKEN="your-jwt-token" export VERIFY_SSL=true export TIMEOUT=30

5. Optional: initialize interactive config pwndoc-mcp config init

Installation via Docker (alternative):

• Pull the official image and run a container, mounting configuration as needed: docker pull ghcr.io/walidfaour/pwndoc-mcp-server docker run -i ghcr.io/walidfaour/pwndoc-mcp-server serve

From source (advanced):

• Python: git clone https://github.com/walidfaour/pwndoc-mcp-server.git cd pwndoc-mcp-server/python python -m pip install -e .[dev]

• Native C++ (optional): follow provided build steps in the repository (not required for MCP usage).

Tips and common considerations:

• Use environment variables to securely supply credentials instead of hard-coding.
• If you switch between username/password and token, the server will prioritize username/password (automatic token refresh).
• For Claude Desktop integration, ensure the proper mcp_servers.json entry is configured on the target OS, and that the command (pwndoc-mcp) and its environment reflect your Pwndoc URL and credentials.
• Enable SSL verification (VERIFY_SSL=true) in production to prevent token interception; disable only in trusted test environments.
• If you run into installation issues on Kali or minimal environments, consider using a virtual environment (venv) to isolate dependencies.
• The MCP server supports 90 MCP tools endpoints; consult the Pwndoc MCP docs for the exact endpoints and data models, and enable verbose logging during initial integration to ease debugging.