Featured

Launch your own OpenClaw agent in one click logoLaunch your own OpenClaw agent in one click

A live, always-on OpenClaw agent that handles your tasks around the clock. No servers, no setup — pick a model, connect Telegram, and it starts working.

Try it for free
SetupClaw: done-for-you OpenClaw for founders & exec teams logoSetupClaw: done-for-you OpenClaw for founders & exec teams

White-glove OpenClaw for founders and exec teams (4–50+ employees): we install, harden, integrate your tools, and maintain it — secured from day one.

Get it set up for you
One API to scrape, enrich, and extract the internet. logoOne API to scrape, enrich, and extract the internet.

Context.dev gives your agents a single API to scrape, enrich, and extract live web data — no proxies, no parsers, no maintenance.

Start building free
CLN.Work — Stop prompting, start hiring AI employees logoCLN.Work — Stop prompting, start hiring AI employees

Turn your Claude agents into a real team — onboard them, assign tasks, and manage them like staff.

Hire AI employees
Launch OpenClaw or Hermes on Hostinger in 60 seconds logoLaunch OpenClaw or Hermes on Hostinger in 60 seconds

Your OpenClaw or Hermes agent, live around the clock on a Hostinger VPS. Set up in about 60 seconds, from a few dollars a month, with 20% off through this link.

Launch on Hostinger
Launch your OpenClaw wrapper and start making money today logoLaunch your OpenClaw wrapper and start making money today

Auth, billing, and AI already wired in. Skip months of boilerplate and get paying customers now, not next quarter.

See the kit
PentestGPT MCP logo

PentestGPT MCP

yuhano/PentestGPT-MCP
17 starsSTDIOUpdated 2025-08-05Community

Works with

Claude CodeClaude DesktopCursorVS CodeClineCodex CLIOpenClaw+ any MCP client

Install to Claude Code

This server doesn't publish a one-line install command. Follow the setup in the source repository.

Summary

An automated penetration-testing agent extending the original PentestGPT paper (USENIX Security '24). For authorized security testing only.

Configuration

PentestGPT MCP reads the following environment variables:

VariableRequired
OPENAI_API_KEYOptional
GOOGLE_API_KEYOptional

README.md

PentestGPT-MCP

This project is an advanced penetration testing tool based on the original "PentestGPT" paper. It extends the core capabilities by integrating with Model Context Protocol servers (MCPs) to perform automated, LLM-driven security assessments.

It is based on the PentestGPT project.

  • Original GitHub Repository: https://github.com/GreyDGL/PentestGPT
  • Original Research Paper (USENIX Security '24): https://www.usenix.org/conference/usenixsecurity24/presentation/deng

🇰🇷 Read this in Korean

Features

  • Dynamic MCP Server Integration: Connects to various tool servers running locally or remotely via a flexible mcp_servers.json configuration file.
  • Automated Task Execution (auto mode): Automatically executes LLM-suggested tasks using tools provided by a connected MCP server.
  • Interactive "Human-in-the-Loop" Mode: Supports user confirmation before each tool execution, enhancing safety and control during automated scans.
  • Flexible Model Support: Works with a wide range of LLM providers, including OpenAI (GPT series) and Google (Gemini series).

Installation

1. Clone the Repository and Set Up a Virtual Environment

git clone https://github.com/your-username/PentestGPT-MCP.git
cd PentestGPT-MCP
python -m venv venv
source venv/bin/activate  # On Windows, use `venv\Scripts\activate`

2. Install Dependencies

Install the required Python packages from requirements.txt.

pip install -r requirements.txt

3. Configure API Keys

PentestGPT-MCP requires API keys to interact with Large Language Models. Set the appropriate environment variables for the model you wish to use.

For OpenAI (e.g., gpt-4o): ``bash export OPENAI_API_KEY="your-openai-api-key" ``

For Google (e.g., Gemini): ``bash export GOOGLE_API_KEY="your-google-api-key" ``

4. Set Up MCP Servers

The tool manages connections to MCP servers through a central JSON configuration file.

1. Copy the Example Configuration

Copy the example file from the config/ directory to the project root.

cp config/mcp_servers.json.example ./mcp_servers.json

2. Edit the Configuration File

Open mcp_servers.json and customize it to match your environment.

Configuration Example: ``json { "mcpServers": { "pentest-tools": { "command": "python", "args": [ "mcp_servers/pentest_tools_server.py" ] }, "kali_mcp": { "command": "python3", "args": [ "/absolute/path/to/mcp_server.py", "http://LINUX_IP:5000/" ] } } } ``

Configuration Structure:

  • mcpServers: The root object containing all server configurations.
  • "server-name": A unique, user-defined name for each server (e.g., "pentest-tools").
  • command: The command to execute the server (e.g., python, python3, node).
  • args: An array of arguments to pass to the command. The first argument is typically the path to the server script.

Important: The default mcp_servers/pentest_tools_server.py assumes that tools like nmap and dirb are installed and available in the system's PATH. It is highly recommended to run this in an environment where these tools are present, such as Kali Linux.

Usage

1. Running PentestGPT-MCP

Start the application from the project root directory.

python main.py

You can use several command-line arguments to customize the session:

  • Change Models:
  python main.py --reasoning gpt-4o --parsing gpt-4o
  • List Available Models:
  python main.py --models
  • Specify a Custom MCP Config Path:
  python main.py --mcp-config /path/to/your/mcp_servers.json

2. Basic Workflow

  1. Provide Initial Information: When prompted, briefly describe the penetration testing target and objective.
    Please describe the penetration testing task in one line...
    > Penetration test on the web server at http://10.0.2.15
  1. Get Task Suggestions (next or todo):
  • next: Input the results from a manual scan or any text you want to analyze. PentestGPT will process the input and suggest the next steps in the Penetration Testing Tree (PTT).
  • todo: Ask PentestGPT to recommend the next task based on the current PTT.
  1. Execute Automated Tasks (auto):
  • Type auto at the prompt to execute the most recently suggested task via an MCP server.
  • You will be asked to select which configured MCP server to use for the task.
  • Choose the interactive mode (y) to review and confirm each tool command before execution, ensuring a safe and controlled process.

Command Reference

  • next: Submit test results for analysis and receive suggestions for the next task.
  • todo: Ask for a recommendation on what to do next.
  • more: Request a more detailed explanation of the current task.
  • auto: Automatically execute the latest suggested task using a connected MCP server.
  • discuss: Engage in a free-form conversation with PentestGPT.
  • quit: End the current session (you will be prompted to save the session before exiting).

See related servers & alternatives →

Related guides

Hand-picked reading to help you choose and use Other servers.