How do I install Pentest Agents MCP Server?

Follow the setup instructions on the Pentest Agents GitHub repository, then add the server configuration to your AI client.

What category is Pentest Agents MCP Server?

Pentest Agents is categorized under Security. Browse more servers in these categories on MCPgee.

Pentest Agents

Name: Pentest Agents MCP Server
Author: H-mmer

v1.0.0•Security•stable

Bug bounty agent framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw — 48 agents, 26 commands, 19 CLI tools, 2 MCP servers, autonomous hunt loops, exploit chain builder.

agentsbug-bountybugcrowdclaude-codehackerone

509

Stars

Downloads

Weekly

0/5

View on GitHub

What is Pentest Agents?

Pentest Agents is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to bug bounty agent framework for claude code, codex, gemini, cursor, windsurf, copilot, and openclaw — 48 agents, 26 commands, 19 cli tools, 2 mcp servers, autonomous hunt loops, exploit chain builder.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

Bug bounty agent framework for Claude Code, Codex, Gemini, C

Use Cases

Execute 48 bug bounty agents across HackerOne and Bugcrowd platforms.

Automate security testing with 26 commands and 19 CLI tools.

H-mmer

Maintainer

LicenseMIT

Languagepython

Versionv1.0.0

UpdatedMay 22, 2026

Statushealthy

Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

View Source Browse All Servers

Installation

Manual Installation

npx pentest-agents

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms

ThroughputMedium

Resource Usage

Memory UsageLow

CPU UsageLow

How to Set Up and Use Pentest Agents

Pentest Agents is a bug bounty agent framework with 48 agents, 26 commands, and 19 CLI tools for security testing across HackerOne, Bugcrowd, and other platforms. Connect it to Claude Code or similar tools to orchestrate automated security assessments with exploit chain building and autonomous hunt loops.

Prerequisites

Bug bounty account (HackerOne, Bugcrowd, or similar)
Python 3.9+ installed
An MCP client such as Claude Code or Cursor
Security testing tools installed (nmap, burp-suite, etc.)
API keys for bug bounty platforms

Install Pentest Agents framework

Install the pentest agents server using npx.

npx pentest-agents

Configure bug bounty credentials

Set up API keys for your bug bounty platforms and security tools.

{
  "mcpServers": {
    "pentest": {
      "command": "npx",
      "args": ["pentest-agents"],
      "env": {
        "HACKERONE_API_TOKEN": "your-token",
        "BUGCROWD_API_KEY": "your-key"
      }
    }
  }
}

Install security testing tools

Ensure required CLI tools (nmap, burp-suite, sqlmap, etc.) are installed on your system. Check repository for full tool list.

Add to your MCP client configuration

Restart your MCP client

Restart Claude Code or Cursor to load the Pentest Agents framework.

Start security testing

Use Claude to orchestrate agents for reconnaissance, vulnerability scanning, and exploit development.

Pentest Agents Examples

Client Configuration

How to configure Pentest Agents in claude_desktop_config.json

{
  "mcpServers": {
    "pentest": {
      "command": "npx",
      "args": ["pentest-agents"],
      "env": {
        "HACKERONE_API_TOKEN": "your-token",
        "BUGCROWD_API_KEY": "your-key"
      }
    }
  }
}

Prompts to try

Example prompts for security testing with Claude

1. "Run reconnaissance on this target domain and identify potential vulnerabilities"
2. "Execute a full penetration test workflow and generate a report"
3. "Search for matching programs on HackerOne and show their scope"
4. "Build an exploit chain for this vulnerability and document the attack path"

Troubleshooting Pentest Agents

Security tools fail to execute or are not found

Verify all required tools are installed and in your system PATH. Check the Pentest Agents repository for tool installation instructions.

Bug bounty platform authentication fails

Verify API tokens and keys are valid and have appropriate permissions for the operations you're attempting.

Frequently Asked Questions about Pentest Agents

What is Pentest Agents?

Pentest Agents is a Model Context Protocol (MCP) server that bug bounty agent framework for claude code, codex, gemini, cursor, windsurf, copilot, and openclaw — 48 agents, 26 commands, 19 cli tools, 2 mcp servers, autonomous hunt loops, exploit chain builder. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Pentest Agents?

Follow the installation instructions on the Pentest Agents GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Pentest Agents?

Pentest Agents works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Pentest Agents free to use?

Yes, Pentest Agents is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Learn More About MCP Servers

Getting Started with MCP

Set up your first MCP server in minutes

MCP Setup Guide

Configure MCP in Claude, Cursor & VS Code

All MCP Tutorials

18+ hands-on guides for developers

MCP FAQ

40+ answers about Model Context Protocol

Pentest Agents Alternatives — Similar Security Servers

Looking for alternatives to Pentest Agents? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor MCP Server

★ 13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

★ 9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

Hooker

★ 5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

UniDBG

★ 5.0k

Allows you to emulate an Android native library, and an experimental iOS emulation

Enscan

★ 4.4k

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入

Anything Analyzer

★ 2.6k

全能协议分析工具：浏览器抓包 + MITM 代理 + 指纹伪装 + AI 分析 + MCP Server 无缝对接 AI Agent/IDE | All-in-one protocol analysis toolkit — built-in browser capture, MITM proxy, JS hooks, fingerprint spoofing, AI analysis & MCP server for agent integration

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Security Browse All Servers

Set Up Pentest Agents in Your Editor

Choose your AI client for step-by-step setup instructions.

🖥️

Claude Desktop

macOS & Windows app

⌨️

Claude Code

CLI & terminal

📝

Cursor

AI-first code editor

💻

VS Code

GitHub Copilot MCP

🏄

Windsurf

Codeium AI editor

🔌

Cline

VS Code extension

Quick Config Preview

{
  "mcpServers": {
    "pentest-agents": {
      "command": "npx",
      "args": ["-y", "pentest-agents"]
    }
  }
}

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Pentest Agents?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides

Explore All Servers Read Our Guides