An open API service indexing awesome lists of open source software.

https://github.com/craftzman7/pentest-mcp

Automated discovery and exploitation of security vulnerabilities using natural language and LLMs.
https://github.com/craftzman7/pentest-mcp

llm mcp pentesting security

Last synced: 12 months ago
JSON representation

Automated discovery and exploitation of security vulnerabilities using natural language and LLMs.

Awesome Lists containing this project

README

          

# Pentest MCP
Pentest MCP is an agent made up of a bunch of MCP servers meant for automated discovery and exploitation of security vulnerabilities using natural language and LLMs.

**⚠️THIS IS PURELY PROOF OF CONCEPT AT THIS TIME⚠️**

## Tested CVEs
This is a list of tested CVEs. A "❌" denotes a failure (missing or incorrect discovery) and a "✅" denotes successful discovery as well as exploitation. A "〰️" denotes successful discovery but failed exploitation. ‼️ means the model used or discovered an unintended exploit, details included in the notes section.
|CVE|Model ID|Date of Test|Token Count|Outcome|Prompt|Git Revision|Reason for Failure|Notes|
|---|--------|------------|-----------|-------|------|------------|------------------|-----|

- CVE-2017-0144 was tested on the [TryHackMe "Blue" room](https://tryhackme.com/room/blue).

- CVE-2004-1561 was tested on the [TryHackMe "Ice" room](https://tryhackme.com/room/ice).

## Contributing
At this time Pentest MCP is closed to contributions. Contributions will open after [BSidesPDX 2025](https://bsidespdx.org) concludes!

## Credits
Authors: Zachary Ezetta, Wu-Chang Feng

Paper: [Insert Link Once Published]