pentest-ai — Offensive Security MCP for Claude Code

Practical Notes

• GitHub: 215 stars · 44 forks; pushed 2026-05-12 (verified via GitHub API).
• README introduces iterative MCP tools list_probes / run_probe / http_request for scoped, step-by-step driving.
• README claims 47 MCP tools and 200+ tool wrappers (nmap, nuclei, ffuf, sqlmap, gobuster, …) with auto-install on first run.

Main

A practical “agent-safe pentest” setup looks like this:

1. Declare scope explicitly (domains, auth method, rate limits) in the prompt you give Claude Code.
2. Use iterative driving: start with list_probes, run one probe at a time, and only escalate when evidence supports it.
3. Prefer proof over guesses: keep PoCs small, reproducible, and logged; treat every finding as “untrusted” until verified.
4. Keep a clean separation between:
   • tool execution (ptai running probes)
   • reasoning + coordination (your MCP client / assistant)
5. When you need CI-style runs, switch to the CLI path (ptai start …) and pin provider/model settings so results are comparable run-to-run.

The big win is control: you get a repeatable probe library, plus an MCP interface that lets an LLM coordinate without inventing results.

FAQ

Q: Is it for authorized testing only? A: Yes. The README includes responsible-use warnings; only scan targets you own or have permission to test.

Q: Do I need an API key? A: Not always. The README notes that when wired into Claude Code via MCP, your Claude subscription can run the engagement; otherwise you can run ptai with API keys (or via LiteLLM).

Q: What should I run first? A: Start with low-risk recon-style probes, then iterate: run one probe, inspect evidence, and only then escalate to exploit attempts.