Trust Engine/MCP Server

DMontgomery40/pentest-mcp

NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.

138 starsJavaScriptMITcybersecuritydirbustergobusterjohn-the-ripper
REVIEWED72/100

Scanned 2026-07-11 · deepseek v1

Dimension breakdown

Security

45/100

7 findings

Quality

85/100

No findings

License

70/100

No findings

Completeness

95/100

No findings

Findings (7)

CRITICAL: 1HIGH: 2MEDIUM: 2LOW: 1INFO: 1
  • CRITICALsecurityCommand Injection via User-Controlled Arguments
  • HIGHsecurityInsecure Deserialization or Unsafe Eval Not Explicitly Found but High Risk from Dynamic Execution
  • HIGHsecurityPath Traversal in Wordlist/File Arguments
  • MEDIUMsecurityNo Input Validation on Target Parameters
  • MEDIUMsecurityPotential SSRF via Target URLs

Detailed file:line citations + recommended fixes are visible to the maintainer of this repo after claiming the listing.

Maintainer of this repo?

Claim this listing in 30 seconds with GitHub OAuth. You'll see detailed findings, get notified about matched bounties, and can trigger re-scans on demand.

Claim listing

Embed the badge.

Drop it into your README. Every view backlinks to this verification page.

Trust badge — flat styleTrust badge — for-the-badge style

Markdown

[![Archimedes Trust](https://archimedes.market/api/badge/DMontgomery40/pentest-mcp.svg)](https://archimedes.market/r/DMontgomery40/pentest-mcp)

HTML

<a href="https://archimedes.market/r/DMontgomery40/pentest-mcp"><img src="https://archimedes.market/api/badge/DMontgomery40/pentest-mcp.svg" alt="Archimedes Trust Verified"/></a>

More from DMontgomery40

All DMontgomery40 reports

Similar MCP Server repos

Browse all

This report is generated automatically from public code and may be wrong. Maintainer? Request a re-scan or removal.