# PentestAgent — MCP-Ready AI Pentesting Agent > PentestAgent is an AI pentesting agent with a TUI and optional MCP server mode, built for authorized assessments and reproducible Docker-backed tool runs. ## Install Merge the JSON below into your `.mcp.json`: ## Quick Use ```bash python -m venv venv && source venv/bin/activate git clone https://github.com/GH05TCREW/pentestagent.git && cd pentestagent pip install -e '.[all]' pentestagent -t example.com # TUI (authorized targets only) pentestagent mcp_server --type stdio --target example.com ``` ## Intro PentestAgent is an AI pentesting agent with a TUI and optional MCP server mode, built for authorized assessments and reproducible Docker-backed tool runs. **Best for:** authorized pentesting teams wanting an MCP-controllable agent with reproducible tool runs **Works with:** Python 3.10+, Docker (optional), MCP clients (stdio/SSE), OpenAI/Anthropic via LiteLLM-style APIs **Setup time:** 10-20 minutes ### Key facts (verified) - GitHub: 2339 stars · 463 forks · pushed 2026-05-11. - License: MIT · owner avatar + repo URL verified via GitHub API. - README-verified entrypoint: `pip install -e ".[all]"`. ## Main - Use the TUI for interactive triage, then switch to MCP server mode when you need to remote-control runs from another agent or workflow runner. - Keep engagements safe and auditable: define scope explicitly, run tools in Docker for repeatability, and persist notes/results for review. - Treat it like an ops pipeline: start with passive recon tasks, then expand only when you have written authorization and a clear stop condition. ### Source-backed notes - README shows a TUI launch via `pentestagent` and a target flag (`-t`). - README documents MCP server mode over stdio and SSE transports via `pentestagent mcp_server ...`. - README includes Docker run examples for running tools in containerized environments. ### FAQ - **Is it for authorized testing only?**: Yes—only run it against systems you own or have explicit permission to test. - **Does it support MCP?**: Yes. README documents `mcp_server` with stdio and SSE transports. - **Do I need Docker?**: No, but Docker helps make tool runs reproducible across machines. ## Source & Thanks > Source: https://github.com/GH05TCREW/pentestagent > License: MIT > GitHub stars: 2339 · forks: 463 --- ## Quick Use ```bash python -m venv venv && source venv/bin/activate git clone https://github.com/GH05TCREW/pentestagent.git && cd pentestagent pip install -e '.[all]' pentestagent -t example.com # TUI (authorized targets only) pentestagent mcp_server --type stdio --target example.com ``` ## Intro PentestAgent 是面向授权安全评估的 AI 渗透测试 agent,提供 TUI 与 MCP server 两种运行方式,并支持用 Docker 复现工具执行、保存笔记与任务结果,便于审计复盘。 **Best for:** 做授权渗透测试、且希望通过 MCP 远程控制并可复现执行过程的团队 **Works with:** Python 3.10+、Docker(可选)、MCP 客户端(stdio/SSE)、OpenAI/Anthropic 等模型提供方 **Setup time:** 10-20 minutes ### Key facts (verified) - GitHub:2339 stars · 463 forks;最近更新 2026-05-11。 - 许可证:MIT;作者头像与仓库链接均已通过 GitHub API 复核。 - README 中核对过的入口命令:`pip install -e ".[all]"`。 ## Main - 交互式排查用 TUI;需要被其他 agent/工作流调度器远程控制时,切换到 MCP server 模式。 - 把安全与可审计放在首位:明确 scope,必要时用 Docker 复现实验环境,并保存笔记/结果用于复盘。 - 按运维流水线来跑:先做被动信息收集,再在有书面授权与止损条件的前提下逐步扩展动作。 ### Source-backed notes - README 展示了通过 `pentestagent` 启动 TUI,并可使用 `-t` 指定目标。 - README 说明可用 `pentestagent mcp_server ...` 以 stdio 或 SSE 方式运行 MCP server。 - README 给出了 Docker 运行示例,用于在容器环境中复现工具执行。 ### FAQ - **只能用于授权测试吗?**:是。仅在你拥有系统或获得明确授权的前提下使用。 - **它支持 MCP 吗?**:支持。README 提供了 `mcp_server` 的 stdio 与 SSE 用法。 - **必须用 Docker 吗?**:不必须,但 Docker 有助于跨机器复现工具运行环境。 ## Source & Thanks > Source: https://github.com/GH05TCREW/pentestagent > License: MIT > GitHub stars: 2339 · forks: 463 --- Source: https://tokrepo.com/en/workflows/pentestagent-mcp-ready-ai-pentesting-agent Author: MCP Hub