PentestMCP: A Toolkit for Agentic Penetration Testing
Zachary Ezetta, Wu-chang Feng
TL;DR
The paper addresses automating penetration testing with agentic AI by decoupling agents from their tools through the Model-Context-Protocol RPC framework. It presents PentestMCP, a library of MCP servers that expose tool calls for scanning, enumeration, vulnerability assessment, exploitation, and post-exploitation, enabling automated end-to-end pentesting workflows. Through two CVE case studies (CVE-2017-5638 and CVE-2017-0144), the authors demonstrate automated agent-driven discovery, exploitation, and data exfiltration, plus post-exploitation actions, with model-dependent performance. The results suggest that baseline pentest tasks can be automated with agentic AI, though model choice significantly influences success, and code is openly available for further development.
Abstract
Agentic AI is transforming security by automating many tasks being performed manually. While initial agentic approaches employed a monolithic architecture, the Model-Context-Protocol has now enabled a remote-procedure call (RPC) paradigm to agentic applications, allowing for the flexible construction and composition of multi-function agents. This paper describes PentestMCP, a library of MCP server implementations that support agentic penetration testing. By supporting common penetration testing tasks such as network scanning, resource enumeration, service fingerprinting, vulnerability scanning, exploitation, and post-exploitation, PentestMCP allows a developer to customize multi-agent workflows for performing penetration tests.