Pentest-Tools.com CLI & MCP Server

Command-line interface, Python bindings, and MCP server for Pentest-Tools.com, a platform for scanning web applications and network infrastructure for vulnerabilities.

MCP Server

Connect any MCP-compatible AI assistant to your Pentest-Tools.com account to run scans, triage findings, and generate reports. You'll need an API key from a paid plan. Get one at My Account > API.

Supported clients: Claude, Cursor, VS Code, Gemini CLI, and any MCP-compatible tool. Full documentation: pentest-tools.com/docs/ai/mcp/overview

What you can do

• Run Website Scanner, Subdomain Finder, and Network Scanner scans
• Manage targets, workspaces, scans, and findings
• Generate and download reports, including translated reports for regional teams
• Chain tools into multi-phase workflows that include recon, vulnerability triage, and executive summaries, through plain language prompts

Quick setup: remote server (recommended)

For terminal-based clients, use directly:

Claude Code

claude mcp add --transport http ptt-mcp https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

Gemini CLI

gemini mcp add ptt-mcp --transport http https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

Cursor: paste this URL in your browser for one-click install, then add your API key:

cursor://anysphere.cursor-deeplink/mcp/install?name=ptt-mcp&config=eyJ1cmwiOiJodHRwczovL21jcC5wZW50ZXN0LXRvb2xzLmNvbS9tY3AiLCJoZWFkZXJzIjp7IkF1dGhvcml6YXRpb24iOiJCZWFyZXIgeW91cl9hcGlfa2V5X2hlcmUifX0=

Or manually add according to your preferred agent and config file location:

{
  "servers": {
    "ptt-mcp": {
      "type": "http",
      "url": "https://mcp.pentest-tools.com/mcp",
      "headers": { "Authorization": "Bearer your_api_key_here" }
    }
  }
}

Local server

Requires Python 3.10+.

pip install "pentesttools[mcp]"
PTT_API_KEY=your_api_key_here ptt mcp

You can also pass the key inline: --key your_api_key_here. For client-specific local setup, see the full documentation.

CLI

Run scans from the terminal or integrate PTT into your scripts and CI/CD pipelines.

For AI assistant integration, see the MCP Server section above.

Installing

PentestTools Python module is delivered through PyPI, so it can be installed directly via pip:

pip install pentesttools

Usage

The pentesttools package provides a command line interface through the ptt utility. Right now it supports the Website Scanner service.

Example for the simplest scan:

ptt run website_scanner <url>

This runs a freemium Website Scanner scan on the <url>. Unlike in the platform itself, you can omit the schema part from the url.

Global arguments, like a suitable key for a deep scan, have to be passed straight to ptt. Tool arguments have to be passed to the tool.

ptt --key <key> run website_scanner --scan_type deep <url>

If you want the command to fail if the report contains vulnerabilities with a higher risk than some value, you can use the --fail argument.

ptt --fail high run website_scanner <url>

You can also run ptt using docker. The docker image has ptt as an entrypoint, so you don't have to type it anymore. Note that the old ptt-scan name is still used on docker.

docker run pentesttoolscom/ptt-scan:latest run website_scanner <url>

Development installation

If you want to easily modify the sources and your modifications:

pip install --edit .

Uninstalling

pip uninstall pentesttools

Testing and Coverage

You can run the tests and make coverage reports like this:

python3 -m pytest src/tests

coverage run -m pytest src/tests
coverage report -m