pentest-mcp-server

Provides an MCP (Model Context Protocol) server intended to enable autonomous penetration testing workflows via a locally accessible server/UI (example localhost:8080) on Linux distributions such as Kali Linux and Parrot OS.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ Security mcp model-context-protocol ai-agents penetration-testing pentesting kali parrot automation asyncio
⚙ Agent Friendliness
23
/ 100
Can an agent use this?
🔒 Security
13
/ 100
Is it safe for agents?
⚡ Reliability
16
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
30
Documentation
25
Error Messages
0
Auth Simplicity
20
Rate Limits
0

🔒 Security

TLS Enforcement
10
Auth Strength
10
Scope Granularity
0
Dep. Hygiene
30
Secret Handling
20

Operates as a penetration-testing server intended for potentially offensive workflows. README does not mention TLS, authentication/authorization, audit logging, sandboxing, or secret-handling practices. Download/run instructions rely on a remote zip URL, which raises supply-chain review concerns; no verification/signature details are provided.

⚡ Reliability

Uptime/SLA
0
Version Stability
20
Breaking Changes
20
Error Recovery
25
AF Security Reliability

Best When

You want a local, experimental MCP-based interface to orchestrate pentesting tasks in a controlled lab and you can manually review/secure the deployment.

Avoid When

You need strong documentation, clear security/auth controls, or enterprise-grade reliability/operational safety assurances.

Use Cases

  • Integrating an AI agent with pentesting tooling via MCP for automated/assisted security testing
  • Running local penetration testing task workflows with progress monitoring and result management
  • Security experimentation in controlled environments (e.g., lab networks) using Kali/Parrot

Not For

  • Untrusted networks or production systems without strict authorization and safeguards
  • Environments requiring strong governance/audit controls for automated offensive actions
  • Teams needing well-specified API contracts, SDKs, and operational guarantees

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

OAuth: No Scopes: No

README does not describe authentication/authorization for the server UI or MCP endpoints.

Pricing

Free tier: No
Requires CC: No

No pricing information provided.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Penetration testing actions can be destructive; the README provides no safety/approval controls for autonomous execution.
  • Server launch instructions and download/run steps appear unsafe/odd (e.g., running a remote URL with python3), which may complicate automation or increase operational risk.
  • No information on tool availability, input/output schemas, rate limits, or failure modes for MCP methods.

Alternatives

OpenAI/LLM agent frameworks with well-defined connectors to security tooling (custom integration) Dedicated pentesting orchestration tools/CI pipelines (scripted/queued execution) General-purpose MCP servers built on established, documented security integrations

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for pentest-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered