Pentest AI
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
What is Pentest AI?
Pentest AI is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to offensive-security mcp server with 205 wrapped tools, 17 specialist agents, and 60 spa-aware probes for owasp top 10. cli + mcp, byo llm. no api key needed on mcp path.
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Offensive-security MCP server with 205 wrapped tools, 17 spe
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx pentest-aiConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Pentest AI
Pentest AI is an offensive-security MCP server that wraps over 200 security tools — including nmap, sqlmap, ffuf, gobuster, dalfox, wpscan, and bloodhound-python — behind an AI-driven interface with 17 specialist agents and 60 SPA-aware web probes covering the OWASP Top 10 and API Top 10. It can be used as an MCP server integrated directly into Claude Code (no API key required on that path) or as a standalone CLI for automated penetration testing engagements. Output supports Markdown, HTML, PDF, SARIF 2.1.0, and JUnit XML, making it suitable for both manual bug bounty work and CI/CD security gates.
Prerequisites
- Python 3.10+ and pip
- Written authorization to test any target — unauthorized use is illegal
- Security tools installed via 'ptai setup --tier recommended' or higher (nmap, sqlmap, ffuf, etc.)
- Claude Code or another MCP client for the MCP integration path (no LLM API key required when using MCP path)
- Optional: ANTHROPIC_API_KEY or OPENAI_API_KEY for standalone CLI path; or a local Ollama instance for air-gapped operation
Install the ptai Python package
Install pentest-ai from PyPI. Use the [api] extra if you plan to use the REST API server feature.
pip install ptai
# Or with REST API support:
pip install ptai[api]Accept the Acceptable Use Policy
On first run, ptai will prompt you to accept the AUP confirming you have authorization to test your targets. In CI environments, set the environment variable to accept non-interactively.
export PENTEST_AI_AUP_ACCEPTED=1Install security tools
Use the built-in setup wizard to install the underlying security tools. The 'recommended' tier installs the most commonly used tools including fuzzers and crawlers.
# Recommended tier (fuzzers, crawlers, core scanners)
ptai setup --tier recommended
# Full suite (200+ tools)
ptai setup --tier full
# Interactive selection
ptai setup --wizardAdd to Claude Code as an MCP server
Register pentest-ai as an MCP server in Claude Code. On this path, no LLM API key is required — Claude Code provides the model.
claude mcp add pentest-ai -- ptai mcpConfigure your MCP client (alternative clients)
For MCP clients other than Claude Code, use ptai setup to generate the configuration or add it manually.
{
"mcpServers": {
"pentest-ai": {
"command": "ptai",
"args": ["mcp"]
}
}
}Run a standalone scan via CLI
For standalone use without an MCP client, run ptai start directly against your authorized target. Set a spending limit to cap LLM API costs.
export ANTHROPIC_API_KEY=sk-ant-...
export PTAI_PRICE_LIMIT=10
ptai start https://your-authorized-target.comPentest AI Examples
Client configuration
Claude Desktop configuration to run pentest-ai as an MCP server using the ptai binary.
{
"mcpServers": {
"pentest-ai": {
"command": "ptai",
"args": ["mcp"]
}
}
}Prompts to try
Example prompts for penetration testing tasks via the MCP server (only use on authorized targets).
- "Start a recon engagement against https://staging.acme.com and identify open ports and services."
- "Run OWASP Top 10 web probes against https://testphp.vulnweb.com and report findings."
- "List all available security tools and their categories."
- "Scan https://authorized-target.com for SQL injection vulnerabilities using sqlmap."
- "Generate a SARIF report of the last engagement findings for import into my CI pipeline."Troubleshooting Pentest AI
ptai command not found after pip install
Ensure pip's script directory is on your PATH. Try running 'python -m ptai' as a fallback. On macOS/Linux, add ~/.local/bin to your PATH: 'export PATH=$HOME/.local/bin:$PATH'. On Windows, check the Scripts directory of your Python installation.
Security tools fail to run during a scan
Run 'ptai setup --tier recommended' to install the required underlying tools. Some tools like nmap may require sudo/admin privileges. On Linux, run 'sudo ptai setup --tier recommended' or grant nmap the necessary capabilities with 'sudo setcap cap_net_raw+ep $(which nmap)'.
Standalone CLI engagement exceeds expected cost
Set PTAI_PRICE_LIMIT to a dollar amount to cap spending per engagement (e.g., 'export PTAI_PRICE_LIMIT=5'). The default limit is $10 USD. Set PTAI_PRICE_LIMIT=0 only if you explicitly want unlimited spending. Use '--intensity safe' flag to reduce tool aggressiveness and LLM calls.
Frequently Asked Questions about Pentest AI
What is Pentest AI?
Pentest AI is a Model Context Protocol (MCP) server that offensive-security mcp server with 205 wrapped tools, 17 specialist agents, and 60 spa-aware probes for owasp top 10. cli + mcp, byo llm. no api key needed on mcp path. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Pentest AI?
Follow the installation instructions on the Pentest AI GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Pentest AI?
Pentest AI works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Pentest AI free to use?
Yes, Pentest AI is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Pentest AI Alternatives — Similar Security Servers
Looking for alternatives to Pentest AI? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Pentest AI in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Pentest AI?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.