PentestMCP Server

This is a simple MCP (Model Context Protocol) server that runs within a Docker container based on Kali Linux. The server provides tools to run security scans:

• run_nmap: Run nmap scans on targets
• run_gobuster: Run directory brute force scans on web servers

It is an early POC and will be extended with more tools and features soon. To goal is to run pentests with just natural language without having to memorize long commands and lots of tools.

Requirements

• Docker
• Docker Compose

Setup

1. Clone this repository:

2. Build and start the Docker container:

docker-compose up -d

3. Configure Claude Desktop to use this MCP server:

Edit your Claude Desktop configuration file located at:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the following configuration:

{
     "mcpServers": {
       "pentest-mcp": {
         "command": "docker",
         "args": ["exec", "-i", "pentest-mcp", "python3", "/app/pentest_mcp.py"]
       }
     }
   }

4. Restart Claude Desktop to load the new configuration.

Usage Examples

Once connected to Claude Desktop, you can ask questions like:

• "Can you scan 192.168.1.1 with nmap to find open ports?"
• "What services run on 192.168.1.1?"
• "Use gobuster to find hidden directories on http://example.com"

Note

This server includes very basic input validation, but you should only use it in trusted environments and on targets you have permission to scan.

Customization

To add custom wordlists, uncomment the volumes section in docker-compose.yml and add your wordlists to a local directory.