MCP ConfigsMay 13, 2026·2 min read

PentestAgent — MCP-Ready AI Pentesting Agent

PentestAgent is an AI pentesting agent with a TUI and optional MCP server mode, built for authorized assessments and reproducible Docker-backed tool runs.

MCP Hub
MCP Hub · Community
Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install cf2f4bfe-7f9c-5fcb-b801-c8f8ef64d83a --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

PentestAgent is an AI pentesting agent with a TUI and optional MCP server mode, built for authorized assessments and reproducible Docker-backed tool runs.

Best for: authorized pentesting teams wanting an MCP-controllable agent with reproducible tool runs

Works with: Python 3.10+, Docker (optional), MCP clients (stdio/SSE), OpenAI/Anthropic via LiteLLM-style APIs

Setup time: 10-20 minutes

Key facts (verified)

  • GitHub: 2339 stars · 463 forks · pushed 2026-05-11.
  • License: MIT · owner avatar + repo URL verified via GitHub API.
  • README-verified entrypoint: pip install -e ".[all]".

Main

  • Use the TUI for interactive triage, then switch to MCP server mode when you need to remote-control runs from another agent or workflow runner.

  • Keep engagements safe and auditable: define scope explicitly, run tools in Docker for repeatability, and persist notes/results for review.

  • Treat it like an ops pipeline: start with passive recon tasks, then expand only when you have written authorization and a clear stop condition.

Source-backed notes

  • README shows a TUI launch via pentestagent and a target flag (-t).
  • README documents MCP server mode over stdio and SSE transports via pentestagent mcp_server ....
  • README includes Docker run examples for running tools in containerized environments.

FAQ

  • Is it for authorized testing only?: Yes—only run it against systems you own or have explicit permission to test.
  • Does it support MCP?: Yes. README documents mcp_server with stdio and SSE transports.
  • Do I need Docker?: No, but Docker helps make tool runs reproducible across machines.
🙏

Source & Thanks

Source: https://github.com/GH05TCREW/pentestagent > License: MIT > GitHub stars: 2339 · forks: 463

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Hister — Self-Hosted Search Engine (MCP-ready)

Hister is a privacy-focused self-hosted search engine that full-text indexes visited sites locally, with optional semantic search and MCP agent access.

MCP Configs
MCP Hub

RESTHeart — MongoDB MCP + REST + GraphQL

RESTHeart is an agent-ready backend for MongoDB: it ships a native MCP server plus REST/GraphQL APIs so assistants can query and update data safely.

MCP Configs
MCP Hub

Google Workspace MCP — Gmail Drive Calendar for AI

Official Google CLI with built-in MCP server for all Workspace APIs. One command gives AI agents access to Gmail, Drive, Calendar, Docs, Sheets, and 10+ Google services.

MCP Configs
MCP Hub

iai-mcp — Open-Source Memory System for AI Coding

iai-mcp is an open-source local memory layer for AI coding assistants. It runs an MCP server plus capture/recall hooks and ships benchmarks.

MCP Configs
MCP Hub
Home🔍Search👤Me