This is a simple MCP (Model Context Protocol) server that runs within a Docker container based on Kali Linux. The server provides tools to run security scans:
run_nmap: Run nmap scans on targetsrun_gobuster: Run directory brute force scans on web servers
It is an early POC and will be extended with more tools and features soon. To goal is to run pentests with just natural language without having to memorize long commands and lots of tools.
- Docker
- Docker Compose
-
Clone this repository:
-
Build and start the Docker container:
docker-compose up -d
-
Configure Claude Desktop to use this MCP server:
Edit your Claude Desktop configuration file located at:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Add the following configuration:
{ "mcpServers": { "pentest-mcp": { "command": "docker", "args": ["exec", "-i", "pentest-mcp", "python3", "/app/pentest_mcp.py"] } } } - macOS:
-
Restart Claude Desktop to load the new configuration.
Once connected to Claude Desktop, you can ask questions like:
- "Can you scan 192.168.1.1 with nmap to find open ports?"
- "What services run on 192.168.1.1?"
- "Use gobuster to find hidden directories on http://example.com"
This server includes very basic input validation, but you should only use it in trusted environments and on targets you have permission to scan.
To add custom wordlists, uncomment the volumes section in docker-compose.yml and add your wordlists to a local directory.