https://github.com/pentesttoolscom/pentesttools-pypi

Command-line interface for the Pentest-Tools.com API.
https://github.com/pentesttoolscom/pentesttools-pypi

cicd cybersecurity

Last synced: 16 days ago
JSON representation

Command-line interface for the Pentest-Tools.com API.

• Host: GitHub
• URL: https://github.com/pentesttoolscom/pentesttools-pypi
• Owner: pentesttoolscom
• License: gpl-3.0
• Created: 2023-05-23T14:37:08.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2026-05-05T14:01:03.000Z (about 2 months ago)
• Last Synced: 2026-05-05T16:06:36.411Z (about 2 months ago)
• Topics: cicd, cybersecurity
• Language: Python
• Homepage: https://pentest-tools.com
• Size: 418 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# Pentest-Tools.com CLI & MCP Server

Command-line interface, Python bindings, and MCP server for Pentest-Tools.com, a platform for scanning web applications and network infrastructure for vulnerabilities.

# MCP Server

Connect any MCP-compatible AI assistant to your [Pentest-Tools.com](https://pentest-tools.com) account to run scans, triage findings, and generate reports. You'll need an API key from a paid plan. Get one at My Account > API.

**Supported clients:** Claude, Cursor, VS Code, Gemini CLI, and any MCP-compatible tool.

**Full documentation:** [pentest-tools.com/docs/ai/mcp/overview](https://pentest-tools.com/docs/ai/mcp/overview)

## What you can do

- Run Website Scanner, Subdomain Finder, and Network Scanner scans

- Manage targets, workspaces, scans, and findings

- Generate and download reports, including translated reports for regional teams

- Chain tools into multi-phase workflows that include recon, vulnerability triage, and executive summaries, through plain language prompts

### Quick setup: remote server (recommended)

For terminal-based clients, use directly:

**Claude Code**

```bash

claude mcp add --transport http ptt-mcp https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

```

**Gemini CLI**

```bash

gemini mcp add ptt-mcp --transport http https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

```

**Cursor:** paste this URL in your browser for one-click install, then add your API key:

```

cursor://anysphere.cursor-deeplink/mcp/install?name=ptt-mcp&config=eyJ1cmwiOiJodHRwczovL21jcC5wZW50ZXN0LXRvb2xzLmNvbS9tY3AiLCJoZWFkZXJzIjp7IkF1dGhvcml6YXRpb24iOiJCZWFyZXIgeW91cl9hcGlfa2V5X2hlcmUifX0=

```

Or **manually** add according to your preferred agent and config file location:

```

{

  "servers": {

    "ptt-mcp": {

      "type": "http",

      "url": "https://mcp.pentest-tools.com/mcp",

      "headers": { "Authorization": "Bearer your_api_key_here" }

    }

  }

}

```

## Local server

Requires Python 3.10+.

```bash

pip install "pentesttools[mcp]"

PTT_API_KEY=your_api_key_here ptt mcp

```

You can also pass the key inline: `--key your_api_key_here`. For client-specific local setup, see the [full documentation](https://pentest-tools.com/docs/ai/mcp/overview).

# CLI

Run scans from the terminal or integrate PTT into your scripts and CI/CD pipelines.

> For AI assistant integration, see the [MCP Server](#mcp-server) section above.

## Installing

PentestTools Python module is delivered through PyPI, so it can be installed directly via pip:

```bash

pip install pentesttools

```

## Usage

The `pentesttools` package provides a command line interface through the `ptt` utility. Right

now it supports the Website Scanner service.

Example for the simplest scan:

```bash

ptt run website_scanner 

```

This runs a freemium Website Scanner scan on the ``. Unlike in the platform itself, you can omit the schema part from the url.

Global arguments, like a suitable key for a deep scan, have to be passed straight to `ptt`. Tool arguments have to be passed to the tool.

```bash

ptt --key  run website_scanner --scan_type deep 

```

If you want the command to fail if the report contains vulnerabilities with a higher risk than some value, you can use the `--fail argument`.

```bash

ptt --fail high run website_scanner 

```

You can also run `ptt` using docker. The docker image has `ptt` as an entrypoint, so you don't have to type it anymore. Note that the old `ptt-scan` name is still used on docker.

```bash

docker run pentesttoolscom/ptt-scan:latest run website_scanner 

```

## Development installation

If you want to easily modify the sources and your modifications:

```bash

pip install --edit .

```

## Uninstalling

```bash

pip uninstall pentesttools

```

## Testing and Coverage

You can run the tests and make coverage reports like this:

```bash

python3 -m pytest src/tests

```

```bash

coverage run -m pytest src/tests

coverage report -m

```