{"id":"exjskdjsdfks-pentest-mcp-server","name":"pentest-mcp-server","homepage":null,"repo_url":"https://github.com/exjskdjsdfks/pentest-mcp-server","category":"security","subcategories":[],"tags":["mcp","model-context-protocol","ai-agents","penetration-testing","pentesting","kali","parrot","automation","asyncio"],"what_it_does":"Provides an MCP (Model Context Protocol) server intended to enable autonomous penetration testing workflows via a locally accessible server/UI (example localhost:8080) on Linux distributions such as Kali Linux and Parrot OS.","use_cases":["Integrating an AI agent with pentesting tooling via MCP for automated/assisted security testing","Running local penetration testing task workflows with progress monitoring and result management","Security experimentation in controlled environments (e.g., lab networks) using Kali/Parrot"],"not_for":["Untrusted networks or production systems without strict authorization and safeguards","Environments requiring strong governance/audit controls for automated offensive actions","Teams needing well-specified API contracts, SDKs, and operational guarantees"],"best_when":"You want a local, experimental MCP-based interface to orchestrate pentesting tasks in a controlled lab and you can manually review/secure the deployment.","avoid_when":"You need strong documentation, clear security/auth controls, or enterprise-grade reliability/operational safety assurances.","alternatives":["OpenAI/LLM agent frameworks with well-defined connectors to security tooling (custom integration)","Dedicated pentesting orchestration tools/CI pipelines (scripted/queued execution)","General-purpose MCP servers built on established, documented security integrations"],"af_score":22.8,"security_score":13.0,"reliability_score":16.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:42:50.735594+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"README does not describe authentication/authorization for the server UI or MCP endpoints."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":22.8,"security_score":13.0,"reliability_score":16.2,"mcp_server_quality":30.0,"documentation_accuracy":25.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":20.0,"rate_limit_clarity":0.0,"tls_enforcement":10.0,"auth_strength":10.0,"scope_granularity":0.0,"dependency_hygiene":30.0,"secret_handling":20.0,"security_notes":"Operates as a penetration-testing server intended for potentially offensive workflows. README does not mention TLS, authentication/authorization, audit logging, sandboxing, or secret-handling practices. Download/run instructions rely on a remote zip URL, which raises supply-chain review concerns; no verification/signature details are provided.","uptime_documented":0.0,"version_stability":20.0,"breaking_changes_history":20.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":"No details provided about whether MCP tools/actions are idempotent or how retries behave.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Penetration testing actions can be destructive; the README provides no safety/approval controls for autonomous execution.","Server launch instructions and download/run steps appear unsafe/odd (e.g., running a remote URL with python3), which may complicate automation or increase operational risk.","No information on tool availability, input/output schemas, rate limits, or failure modes for MCP methods."]}}