PentestMCP: A Toolkit for Agentic Penetration Testing
This work addresses the need for more efficient and adaptable agentic AI tools in cybersecurity, though it appears incremental as it builds on existing MCP frameworks.
The paper tackles the problem of automating penetration testing by introducing PentestMCP, a toolkit that uses the Model-Context-Protocol to enable flexible multi-agent workflows for tasks like network scanning and vulnerability exploitation, resulting in a customizable library for developers.
Agentic AI is transforming security by automating many tasks being performed manually. While initial agentic approaches employed a monolithic architecture, the Model-Context-Protocol has now enabled a remote-procedure call (RPC) paradigm to agentic applications, allowing for the flexible construction and composition of multi-function agents. This paper describes PentestMCP, a library of MCP server implementations that support agentic penetration testing. By supporting common penetration testing tasks such as network scanning, resource enumeration, service fingerprinting, vulnerability scanning, exploitation, and post-exploitation, PentestMCP allows a developer to customize multi-agent workflows for performing penetration tests.