PentestMCP: A Toolkit for Agentic Penetration Testing
Advances in Generative AI have enabled the development of autonomous agents, combining large-language models (LLMs) and custom tools with plan generation, reasoning, and tool execution to automate security tasks. One drawback of initial agentic approaches has been their monolithic development. However, much like HTTP decoupled the development of web clients and servers by standardizing the communication protocol between them, the Model-Context-Protocol (MCP) has emerged to decouple the development of agents and their tools. This workshop will provide an introduction to LLM agents and their construction using MCP. Attendees will first walk through a set of simple MCP clients and servers for automating database and file system tasks to get an understanding of how agents and MCP work using labs from https://codelabs.cs.pdx.edu. They will then experiment with a range of MCP servers from the open-source PentestMCP project https://github.com/Craftzman7/pentest-mcp that leverage penetration testing tools such as nmap, nuclei, and metasploit to automatically find, exploit, and exfiltrate data from a vulnerable web application. Note: Due to the nature of the exercises, they will be hosted on a Google Cloud Project that registered attendees will be given access to during the workshop.
⚠️ Important:
Workshops require registration via this link: https://square.link/u/LYlZ89gC
(Registration will open at 12:00 Noon PDT, on Friday, October 10th)
