LLM/pentestagent
1
0
Fork 0
mirror of https://github.com/GH05TCREW/pentestagent.git synced 2026-05-13 15:45:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: clean up config and document MCP server integration

Browse Source 
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
GH05TCREW
2026-05-04 01:58:16 -06:00
parent b06379719e
commit cc01f4e738
4 changed files with 63 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.env.example
View File

@@ -43,14 +43,6 @@ TAVILY_API_KEY=
# PENTESTAGENT_AGENT_MAX_ITERATIONS=30
# PENTESTAGENT_ORCHESTRATOR_MAX_ITERATIONS=50
# ---------------------------------------------------------------------------
# Metasploit RPC connection (optional — only needed for MetasploitMCP adapters)
# MSF_USER=msf
# MSF_PASSWORD=
# MSF_SERVER=127.0.0.1
# MSF_PORT=55553
# MSF_SSL=false
# ---------------------------------------------------------------------------
# Debug logging
# PENTESTAGENT_DEBUG=false

65
mcp_examples/README.md
View File

@@ -1,4 +1,65 @@
# MCP examples
## Description
In this section, you will find some examples to integrate MCP with the agent.
PentestAgent connects to external MCP servers via a `mcp_servers.json` file in the project root. The format is the same as Claude Desktop.
Place the file at the root of the repo (next to `.env`) before starting the agent. Servers are connected at startup and manageable via the `/mcp` TUI command.
## Format
```json
{
"mcpServers": {
"server-name": {
"command": "python",
"args": ["path/to/server.py", "--transport", "stdio"],
"env": {
"ENV_VAR": "value"
}
}
}
}
```
For SSE servers use `"type": "sse"` and `"url"` instead of `command`/`args`:
```json
{
"mcpServers": {
"server-name": {
"type": "sse",
"url": "http://127.0.0.1:8085/sse"
}
}
}
```
## Examples
See the `stdio/` and `sse/` subdirectories for working configs.
### MetasploitMCP (stdio)
[MetasploitMCP](https://github.com/GH05TCREW/MetasploitMCP) exposes the Metasploit Framework over MCP. Start `msfrpcd` first, then add to `mcp_servers.json`:
```json
{
"mcpServers": {
"metasploit": {
"command": "python",
"args": ["path/to/MetasploitMCP.py", "--transport", "stdio"],
"env": {
"MSF_PASSWORD": "yourpassword",
"MSF_SERVER": "127.0.0.1",
"MSF_PORT": "55553",
"MSF_SSL": "false"
}
}
}
}
```
Start msfrpcd:
```bash
msfrpcd -P yourpassword -S -a 127.0.0.1 -p 55553
```

26
scripts/setup.ps1
View File

@@ -81,28 +81,6 @@ PENTESTAGENT_MODEL=gpt-5
# Settings
PENTESTAGENT_DEBUG=false
# Auto-launch vendored HexStrike on connect (true/false)
# If true, the MCP manager will attempt to start vendored HexStrike servers
# that are configured or detected under `third_party/hexstrike`.
LAUNCH_HEXTRIKE=false
# Auto-launch vendored Metasploit MCP on connect (true/false)
# If true, the MCP manager will attempt to start vendored MetasploitMCP
# servers that are configured or detected under `third_party/MetasploitMCP`.
LAUNCH_METASPLOIT_MCP=false
# Metasploit RPC (msfrpcd) settings used when LAUNCH_METASPLOIT_MCP=true
# Set MSF_PASSWORD to enable automatic msfrpcd startup. Example:
# MSF_USER=msf
# MSF_PASSWORD=change_me
# MSF_SERVER=127.0.0.1
# MSF_PORT=55553
# MSF_SSL=false
MSF_USER=msf
MSF_PASSWORD=
MSF_SERVER=127.0.0.1
MSF_PORT=55553
MSF_SSL=false
# Agent max iterations (regular agent + crew workers, default: 30)
# PENTESTAGENT_AGENT_MAX_ITERATIONS=30
@@ -129,10 +107,6 @@ if (Test-Path -Path ".env") {
New-Item -ItemType Directory -Force -Path "loot" | Out-Null
Write-Host "[OK] Loot directory created"
# NOTE: Automatic vendored MCP installation/start has been removed.
# Operators should run `scripts/*` helpers manually when they want to
# install or vendor third-party MCP adapters and their dependencies.
Write-Host ""
Write-Host "Setup complete!"
Write-Host ""

32
scripts/setup.sh
View File

@@ -90,28 +90,6 @@ PENTESTAGENT_MODEL=gpt-5
# Settings
PENTESTAGENT_DEBUG=false
# Auto-launch vendored HexStrike on connect (true/false)
# If true, the MCP manager will attempt to start vendored HexStrike servers
# that are configured or detected under `third_party/hexstrike`.
LAUNCH_HEXTRIKE=false
# Auto-launch vendored Metasploit MCP on connect (true/false)
# If true, the MCP manager will attempt to start vendored MetasploitMCP
# servers that are configured or detected under `third_party/MetasploitMCP`.
LAUNCH_METASPLOIT_MCP=false
# Metasploit RPC (msfrpcd) settings — used when LAUNCH_METASPLOIT_MCP=true
# Set MSF_PASSWORD to enable automatic msfrpcd startup. Example:
# MSF_USER=msf
# MSF_PASSWORD=change_me
# MSF_SERVER=127.0.0.1
# MSF_PORT=55553
# MSF_SSL=false
MSF_USER=msf
MSF_PASSWORD=
MSF_SERVER=127.0.0.1
MSF_PORT=55553
MSF_SSL=false
# Agent max iterations (regular agent + crew workers, default: 30)
# PENTESTAGENT_AGENT_MAX_ITERATIONS=30
@@ -135,16 +113,6 @@ fi
mkdir -p loot
echo "[OK] Loot directory created"
# NOTE: Automatic vendored MCP installation/start has been removed.
# If you need vendored MCP servers (e.g., HexStrike, MetasploitMCP), run
# the helper scripts under `third_party/` or the `scripts/` helpers manually.
# Example manual steps:
# bash scripts/install_hexstrike_deps.sh
# bash scripts/add_metasploit_subtree.sh
# bash scripts/install_metasploit_deps.sh
# Starting msfrpcd or other networked services should be done explicitly by
# the operator in a controlled environment.
echo ""
echo "=================================================================="
echo "Setup complete!"