Pentest Mcp Server
Give your agent an offline penetration-testing methodology engine for authorized assessments, CTF practice, and structured security research.
Overview
io.github.cyanheads/pentest-mcp-server is a MCP server for the Ship phase that provides an offline methodology engine for authorized penetration testing, CTF, and security research.
What is this MCP server?
- Offline methodology engine for authorized penetration testing and CTF workflows
- Designed for security research contexts without bundling live attack execution in the README contract
- stdio and streamable-http including hosted pentest.caseyjhand.com remote
- npm @cyanheads/pentest-mcp-server v0.1.4 with Bun runtime hint for stdio
- MCP_LOG_LEVEL configuration for auditable agent-assisted test planning sessions
- Catalog version 0.1.4
- npm identifier @cyanheads/pentest-mcp-server
- Transports: stdio and streamable-http remote
Community signal: 1 GitHub stars.
What problem does it solve?
Ad-hoc security chats skip methodology and scope, which leaves solo builders unprepared for structured pre-launch testing or learning pentest discipline.
Who is it for?
Authorized pre-launch security assessments, CTF study, and research where you need methodology guidance inside the agent—not unsanctioned targets.
Skip if: Unauthorized scanning, replacing professional pentesters for regulated compliance sign-off, or teams that only need dependency CVE checks.
What do I get? / Deliverables
Your agent follows an offline pentest methodology framework so authorized tests and CTF work stay scoped, documented, and repeatable.
- Structured pentest phase guidance aligned to an offline methodology engine
- CTF-oriented research steps suitable for practice environments
- Documentable test approach outputs for Ship-phase security reviews
Recommended MCP Servers
Journey fit
How it compares
Offline pentest methodology MCP, not OSV dependency auditing or automated cloud breach tools.
Common Questions / FAQ
Who is io.github.cyanheads/pentest-mcp-server for?
Security-curious solo builders and authorized testers who want structured pentest methodology available to Claude Code, Cursor, or similar MCP clients.
When should I use io.github.cyanheads/pentest-mcp-server?
Use it during Ship security planning for engagements you are explicitly authorized to perform, or for offline CTF and security research practice.
How do I add io.github.cyanheads/pentest-mcp-server to my agent?
Install @cyanheads/pentest-mcp-server from npm, launch stdio with bun start:stdio, configure MCP_LOG_LEVEL if needed, add the server to your MCP config, or connect to the streamable-http remote URL.