pentest-mcp and mcp-for-security
These are competitors offering overlapping pentesting tool integrations (nmap, directory busting, vulnerability scanning) through MCP servers, where users would typically choose one based on included tools and maturity rather than using both together.
About pentest-mcp
DMontgomery40/pentest-mcp
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
Implements bearer-token OIDC authentication with JWKS validation and token introspection, plus a structured engagement-record system that auto-captures invocation metadata to streamline report generation from tool outputs. Supports three network transports (stdio/HTTP/SSE) with HTTP as the modern default, and includes a bundled MCP Inspector launcher for immediate debugging without separate installation.
About mcp-for-security
cyproxio/mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
Each MCP server wraps a security tool with standardized input/output interfaces, enabling LLMs and AI agents to execute reconnaissance, scanning, and vulnerability testing tasks programmatically. The collection spans the full security testing lifecycle—from passive reconnaissance (Amass, certificate enumeration) through active scanning (Nmap, Masscan, FFUF) to vulnerability assessment (Nuclei, SQLmap, WPScan)—all deployable via Docker or standalone. Designed for integration with the Cyprox agentic-AI platform and any MCP-compatible client, it enables orchestrated security workflows where AI systems chain multiple tools together for automated threat detection and remediation.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work