Pentest AI MCP Server
Offensive-security MCP server from pentest-ai that lets Claude list and run wrapped security tools, plan and install missing tools, launch authorized engagements, run web, recon, API, cloud, AD, credential, vulnerability, mobile, wireless, and LLM-red-team assessments, and retrieve findings, attack chains, reports, and process status.
Open the source and read safety notes before installing.
Safety notes
- Pentest AI is offensive security tooling that performs real network and host operations and can run wrapped scanners, fuzzers, password tools, exploit-adjacent probes, and custom HTTP requests.
- Use only on targets where you have written permission, and keep rules of engagement, exclusions, rate limits, credentials, and scope boundaries in the prompt and engagement record.
- Prefer intensity=safe, strict_scope=true, and respect_rate_limits=true for real targets; the upstream README notes these safety flags are not all default behavior.
- Do not call ensure_tools_installed with auto_install=true until the exact tool list and install impact have been reviewed by a human.
- Authenticated scans should use credential references or approved secret resolvers, not raw passwords, tokens, or session cookies pasted into model context.
- External tools may create traffic, files, subprocesses, reports, findings databases, caches, and evidence artifacts that require cleanup and retention controls.
Privacy notes
- Targets, URLs, IPs, domains, credentials references, findings, proofs of concept, screenshots, payloads, request/response data, reports, detection rules, process lists, and tool output can be sent to the MCP client and model.
- Findings databases, generated reports, SARIF/JUnit/HTML/PDF exports, logs, subprocess output, tool caches, auth profiles, and cloud-sync settings can contain sensitive vulnerabilities and customer data.
- Prompts and transcripts can disclose live vulnerabilities, exploitable paths, credentials handling, customer infrastructure, or engagement scope.
- Keep cloud workspace sync, API tokens, LLM provider keys, and generated reports disabled or controlled unless the engagement explicitly allows them.
Prerequisites
- Python 3.10 or newer and pip, uv, or another supported Python package installer.
- Written authorization and explicit scope for every target, host, account, user, API, network, or application being tested.
- A dedicated test environment or engagement workspace for findings, tool output, reports, and installed security tools.
- Human approval before auto-installing external tools, running active probes, credential tests, authenticated scans, or exploit-chain validation.
- Legal, compliance, customer, and rate-limit review before running against production, bug-bounty, third-party, or internet-facing targets.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 20 minutes
- Difficulty
- advanced
- Website
- https://pentestai.xyz
Full copyable content
{
"mcpServers": {
"pentest-ai": {
"command": "ptai",
"args": ["mcp"]
}
}
}About this resource
Content
Pentest AI MCP Server exposes pentest-ai's offensive-security workflows to
Claude and other MCP clients through the ptai mcp command. It can start and
track engagements, list findings, retrieve attack chains, list and run wrapped
security tools, plan and install missing tools, run probes, launch specialist
assessments, inspect running subprocesses, and generate engagement outputs.
The project is intended for authorized security testing. Its MCP path lets an existing MCP client subscription drive pentest-ai without a separate LLM API key, while the standalone CLI can use configured LLM providers for non-MCP operation.
Source Review
- https://github.com/0xSteph/pentest-ai
- https://github.com/0xSteph/pentest-ai/blob/main/README.md
- https://pypi.org/pypi/ptai/json
- https://github.com/0xSteph/pentest-ai/blob/main/pyproject.toml
- https://github.com/0xSteph/pentest-ai/blob/main/mcp_server/server.py
- https://github.com/0xSteph/pentest-ai/blob/main/mcp_server/security_tools.py
- https://github.com/0xSteph/pentest-ai/blob/main/tools/registry.py
- https://github.com/0xSteph/pentest-ai/blob/main/SECURITY.md
- https://github.com/0xSteph/pentest-ai/blob/main/LICENSE
These sources were reviewed on 2026-06-06. Prefer the live repository, README, PyPI metadata, Python package metadata, MCP server implementation, MCP-side tool install helpers, security-tool registry, security policy, and license file for current install commands, MCP tools, target guardrails, external tool behavior, auth handling, and licensing.
Features
- Python package
ptaiwithptaiandpentest-aiconsole commands. - MCP server launched with
ptai mcp. - Engagement tools for starting authorized assessments, checking status, retrieving findings, and inspecting attack chains.
- Tool catalog workflows for listing wrapped tools, running individual tools, planning expected tools, and installing missing tools after approval.
- Probe and assessment workflows for web apps, recon, API security, cloud, Active Directory, credentials, vulnerabilities, privilege escalation, mobile, wireless, social engineering, LLM red-team, and multi-target campaigns.
- Findings database and report-oriented output workflows.
- MIT license.
Installation
Install the package:
pip install ptai
Configure an MCP client:
{
"mcpServers": {
"pentest-ai": {
"command": "ptai",
"args": ["mcp"]
}
}
}
Start with an intentionally vulnerable local target or written-authorized test
environment. For real targets, pass safe engagement options such as
intensity=safe, strict_scope=true, and respect_rate_limits=true when
starting an engagement.
Use Cases
- Run a scoped assessment against a deliberately vulnerable lab app.
- Ask Claude to list available security tools and identify which are installed.
- Plan missing tools for a web, recon, API, cloud, or AD engagement before a human approves installation.
- Launch an authorized web assessment and poll engagement status.
- Retrieve findings, attack chains, reports, and process status for review.
- Use strict scope and rate-limit settings to keep a bug-bounty or staging test inside written rules of engagement.
Safety and Privacy
Pentest AI MCP Server is high-risk offensive security tooling. Do not use it without written authorization, explicit target scope, and clear rules of engagement. Its tools can generate traffic, run scanners, install external security tools, authenticate to applications, test credentials, discover vulnerabilities, validate proofs of concept, and create detailed exploitability evidence.
Use safe intensity, strict scope, and rate-limit-respecting options for real targets. Review every auto-install, active probe, credential test, authenticated scan, and exploit-chain validation step before running it. Keep third-party tools, subprocesses, findings databases, reports, and evidence artifacts in an approved workspace with retention and cleanup controls.
Findings, payloads, screenshots, HTTP data, credentials references, report exports, detection rules, logs, and transcripts can expose serious vulnerabilities or customer data. Protect LLM provider keys, cloud workspace API keys, auth profiles, reports, and generated evidence. Disable cloud sync unless the engagement explicitly allows it.
Duplicate Check
Existing content includes other offensive or security-intelligence MCP entries
such as HexStrike AI and CVE MCP Server. Pentest AI MCP Server is distinct
because it covers 0xSteph/pentest-ai and the ptai MCP interface for
authorized engagements, wrapped external tool execution, tool install planning,
security probes, findings databases, attack chains, process controls, and
reporting workflows. No dedicated Pentest AI, ptai, or 0xSteph/pentest-ai
MCP entry was found in content/mcp.
Source citations
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.