npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mseep/pentest-mcp

v0.2.0

Published

NOT for educational use: An MCP server for Nmap and John the Ripper, for professional penetration testers.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

skydeckaiskydeckai

Keywords

mcpnmapjohn the rippermodel context protocolpentestingnetwork scanningpassword crackingcybersecuritymseepmcp-server

Readme

Currently this is being very finnicky about PATH issues, I have a working version stable on my end (npm prod version 0.2.7); if you are having any issues, please paste logs into Issues so I can tackle the problem ASAP

Pentest MCP: Professional Penetration Testing Toolkit

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface. It allows security professionals to execute, chain, and analyze multiple tools through conversational commands.

Comprehensive Toolkit for Professional Pentesters

This toolkit integrates four core penetration testing utilities under a single, intuitive interface:

  • Network Reconnaissance with Nmap
  • Web Directory Enumeration with Gobuster
  • Web Vulnerability Scanning with Nikto
  • Password Cracking with John the Ripper

Key Benefits

  • Workflow Integration: Chain tools together for comprehensive assessments
  • Natural Language Interface: Run complex commands with simple English descriptions
  • Automated Reporting: Generate client-ready findings with proper categorization
  • Time Efficiency: Execute common pentesting sequences with minimal typing
  • Voice Control Compatible: When paired with speech-to-text, allows hands-free operation
  • Context Awareness: Tools understand previous scan results and can suggest logical next steps

System Requirements

  • Platform: Works on any OS, optimized for Kali Linux
  • Tools: Requires Nmap, John the Ripper, Gobuster, and Nikto in your PATH
  • Node.js: v16+ (for ESM support)
  • MCP Support: A local MCP file server for handling log files (mcp-fileserver or equivalent)
  • Permissions: Root/admin for privileged scans (SYN scan, OS detection)

Installation

npm install -g pentest-mcp

MCP Configuration

Add this to your MCP configuration file:

{
  "servers": [
    {
      "name": "pentest-mcp",
      "command": "npx pentest-mcp -y"
    }
  ]
}

Workflow Examples

Network Discovery & Service Enumeration

Set the working mode to professional.
Scan the target 192.168.1.0/24 using a SYN scan technique with service detection.

Web Application Testing

Use Gobuster to search for hidden directories on http://192.168.1.10 with the common.txt wordlist.
Run Nikto against the target http://192.168.1.10 to check for security issues.

Multi-Tool Assessment Chain

Scan 10.0.1.0/24 for web servers.
For each web server found, use Gobuster to enumerate directories with the directory-list-2.3-medium.txt wordlist.
Then run Nikto against each web server to identify vulnerabilities.
Create a report for client "Acme Corp" summarizing all findings.

Custom Password Cracking

Generate a wordlist from the target's company name "Acme", founder "Smith", and founding date "1984-06-12".

Crack these password hashes using the wordlist I just created:
admin:$1$xyz$anotherFakeHash
user:$1$abc$definitelyNotARealHash

Analysis & Reporting

Create a report for client "Example Corp" titled "Q1 External Assessment" including all scans from today.
Summarize the findings from the scan of 10.0.0.5.
Suggest next steps for this assessment based on all tool results collected so far.

Tool Details

Nmap

The network mapper integration offers full support for:

  • Port scanning (TCP SYN, TCP Connect, UDP) with custom port ranges
  • Service and version detection with configurable intensity
  • OS fingerprinting
  • NSE script execution
  • Custom timing templates and scan options

Gobuster

Directory and file enumeration for web applications with options for:

  • Multiple wordlists and file extension scanning
  • Authentication options (basic auth, cookies)
  • Customizable threading and status code filtering
  • TLS configuration and redirect following

Nikto

Web server vulnerability scanning with support for:

  • Comprehensive vulnerability checks
  • Authentication and proxy support
  • Tunable scan options and timeout configuration
  • Finding categorization by vulnerability type

John the Ripper

Password cracking utility with enhanced features:

  • Direct hash cracking with wordlists
  • Integrated custom wordlist generation
  • Pattern-based password creation
  • Leetspeak and case variations

Security Notice

AUTHORIZED USE ONLY: This toolkit is for professional penetration testers operating under a valid scope of work. Use only on systems and networks for which you have explicit, written authorization.

OPERATIONAL SECURITY:

  • Use VPN for external scanning
  • Run in isolated environments
  • Monitor scan intensity on sensitive networks

LEGAL COMPLIANCE: Follow all applicable laws and client agreements

Troubleshooting

  • Path Issues: Ensure all tools are installed and in your PATH
  • Privilege Requirements: SYN scans and OS detection require root/admin
  • Permission Errors: Check that the server can write to scan_logs and temp_wordlists
  • MCP File Access: Verify that mcp-fileserver (or equivalent) is configured correctly

Contributing

This tool is built for professionals by professionals. Pull requests welcome at the GitHub repository.