Built for authorized penetration testing workflows, offering six offline tools that span methodology lookup, response analysis, MITRE ATT&CK technique mapping, and payload template generation. The pentest_guide tool returns step-by-step playbooks for fifteen attack vectors (XSS, SQLi, SSRF, JWT attacks, etc.), each with detection indicators and mitigations. You can paste raw HTTP responses into pentest_analyze_response to extract version leaks, stack traces, and technology fingerprints, then feed those fingerprints to pentest_map_techniques to get ranked ATT&CK techniques scored against your target profile. The payload generator returns annotated templates with bypass rationale and encoding chains, not live exploits. Everything runs locally via stdio or against a public hosted endpoint at pentest.caseyjhand.com/mcp. Designed for red teams, CTF players, and blue teamers building detection coverage.
claude mcp add --transport stdio cyanheads-pentest-mcp-server uvx pentest-mcp-server