UNPKG

pentest-mcp

Version:

NOT for educational use: An MCP server for Nmap and John the Ripper, for professional penetration testers. Supports stdio, HTTP, and SSE transports with OAuth 2.1 authentication.

github.com/dmontgomery40/pentest-mcp

dmontgomery40/pentest-mcp

120 lines (115 loc) 3.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
version: '3.8' services: # Default stdio service (for MCP clients that spawn subprocesses) pentest-mcp-stdio: build: context: . dockerfile: Dockerfile image: pentest-mcp:latest container_name: pentest-mcp-stdio stdin_open: true tty: true volumes: - ./scan_logs:/app/scan_logs - ./temp_wordlists:/app/temp_wordlists - ./custom-wordlists:/app/custom-wordlists:ro environment: - NODE_ENV=${NODE_ENV:-production} - DEBUG=${DEBUG:-} - MCP_TRANSPORT=stdio # OAuth not typically used with stdio transport privileged: true network_mode: host restart: unless-stopped profiles: - stdio # HTTP/Streamable service (modern network transport) pentest-mcp-http: build: context: . dockerfile: Dockerfile image: pentest-mcp:latest container_name: pentest-mcp-http ports: - "${MCP_SERVER_PORT:-8000}:8000" volumes: - ./scan_logs:/app/scan_logs - ./temp_wordlists:/app/temp_wordlists - ./custom-wordlists:/app/custom-wordlists:ro environment: - NODE_ENV=${NODE_ENV:-production} - DEBUG=${DEBUG:-} - MCP_TRANSPORT=http - MCP_SERVER_HOST=0.0.0.0 - MCP_SERVER_PORT=${MCP_SERVER_PORT:-8000} # OAuth configuration - MCP_OAUTH_ENABLED=${MCP_OAUTH_ENABLED:-false} - MCP_OAUTH_PROVIDER_URL=${MCP_OAUTH_PROVIDER_URL:-} - MCP_OAUTH_CLIENT_ID=${MCP_OAUTH_CLIENT_ID:-} - MCP_OAUTH_CLIENT_SECRET=${MCP_OAUTH_CLIENT_SECRET:-} - MCP_OAUTH_SCOPES=${MCP_OAUTH_SCOPES:-read,write} privileged: true restart: unless-stopped profiles: - http # SSE service (legacy/backward compatibility) pentest-mcp-sse: build: context: . dockerfile: Dockerfile image: pentest-mcp:latest container_name: pentest-mcp-sse ports: - "${MCP_SSE_PORT:-8001}:8001" volumes: - ./scan_logs:/app/scan_logs - ./temp_wordlists:/app/temp_wordlists - ./custom-wordlists:/app/custom-wordlists:ro environment: - NODE_ENV=${NODE_ENV:-production} - DEBUG=${DEBUG:-} - MCP_TRANSPORT=sse - MCP_SERVER_HOST=0.0.0.0 - MCP_SERVER_PORT=${MCP_SSE_PORT:-8001} # OAuth configuration - MCP_OAUTH_ENABLED=${MCP_OAUTH_ENABLED:-false} - MCP_OAUTH_PROVIDER_URL=${MCP_OAUTH_PROVIDER_URL:-} - MCP_OAUTH_CLIENT_ID=${MCP_OAUTH_CLIENT_ID:-} - MCP_OAUTH_CLIENT_SECRET=${MCP_OAUTH_CLIENT_SECRET:-} - MCP_OAUTH_SCOPES=${MCP_OAUTH_SCOPES:-read,write} privileged: true restart: unless-stopped profiles: - sse # All-in-one service (can be used with any transport via env var) pentest-mcp: build: context: . dockerfile: Dockerfile image: pentest-mcp:latest container_name: pentest-mcp stdin_open: true tty: true ports: - "${MCP_SERVER_PORT:-8000}:${MCP_SERVER_PORT:-8000}" volumes: - ./scan_logs:/app/scan_logs - ./temp_wordlists:/app/temp_wordlists - ./custom-wordlists:/app/custom-wordlists:ro environment: - NODE_ENV=${NODE_ENV:-production} - DEBUG=${DEBUG:-} - MCP_TRANSPORT=${MCP_TRANSPORT:-stdio} - MCP_SERVER_HOST=${MCP_SERVER_HOST:-0.0.0.0} - MCP_SERVER_PORT=${MCP_SERVER_PORT:-8000} # OAuth configuration (for HTTP/SSE transports) - MCP_OAUTH_ENABLED=${MCP_OAUTH_ENABLED:-false} - MCP_OAUTH_PROVIDER_URL=${MCP_OAUTH_PROVIDER_URL:-} - MCP_OAUTH_CLIENT_ID=${MCP_OAUTH_CLIENT_ID:-} - MCP_OAUTH_CLIENT_SECRET=${MCP_OAUTH_CLIENT_SECRET:-} - MCP_OAUTH_SCOPES=${MCP_OAUTH_SCOPES:-read,write} privileged: true network_mode: ${NETWORK_MODE:-bridge} restart: unless-stopped profiles: - default