PwnDoc MCP Server

MCP server for PwnDoc — the popular open-source penetration testing report writing tool. Enables AI agents to create, manage, and update pentest findings, vulnerabilities, and reports in PwnDoc. Automates the tedious report-writing phase of penetration testing by allowing agents to document findings programmatically.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Security pwndoc pentest report-writing security mcp-server vulnerability-management
⚙ Agent Friendliness
70
/ 100
Can an agent use this?
🔒 Security
78
/ 100
Is it safe for agents?
⚡ Reliability
64
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
65
Documentation
65
Error Messages
62
Auth Simplicity
82
Rate Limits
85

🔒 Security

TLS Enforcement
85
Auth Strength
80
Scope Granularity
72
Dep. Hygiene
70
Secret Handling
82

Highly sensitive pentest data. Self-hosted deployment. Strict access controls required. Authorized engagement data only.

⚡ Reliability

Uptime/SLA
65
Version Stability
65
Breaking Changes
62
Error Recovery
62
AF Security Reliability

Best When

A penetration tester using PwnDoc wants AI agents to assist with the documentation phase — automatically capturing and formatting findings while the tester focuses on active testing.

Avoid When

You use other pentest reporting tools (Dradis, Plextrac, etc.) or don't have PwnDoc deployed. Also: only use as part of authorized penetration testing engagements.

Use Cases

  • Automating pentest finding documentation from security testing agents
  • Creating and updating vulnerability entries in PwnDoc from assessment agents
  • Generating structured pentest reports from AI-assisted security assessment workflows
  • Managing pentest project data and findings from security team agents

Not For

  • Teams not using PwnDoc for pentest reporting
  • Automated vulnerability scanning (PwnDoc is for documentation, not scanning)
  • Unauthorized penetration testing activities

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: username_password api_key
OAuth: No Scopes: No

PwnDoc credentials required. Connect to self-hosted PwnDoc instance. Authentication via PwnDoc API.

Pricing

Model: free
Free tier: Yes
Requires CC: No

PwnDoc is free open source (MIT). MCP server is free open source from walidfaour.

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • AUTHORIZED ENGAGEMENTS ONLY: PwnDoc contains sensitive penetration testing data — strict access control required
  • Self-hosted PwnDoc required — this is not a cloud service
  • Finding data in PwnDoc includes vulnerabilities that should be protected as confidential client data
  • Community MCP — verify against your PwnDoc version's API

Alternatives

dradis-mcp-server plextrac-mcp-server defectdojo-mcp-server

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for PwnDoc MCP Server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6364
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered