MCP server for Nobody AI Pentest Engine v2 — real tool execution (nmap, httpx, CVE APIs) via Claude Code
Project description
Nobody Pentest MCP Server v2
MCP server yang menghubungkan Claude Code dengan Nobody AI Pentest Engine. v2: Real tool execution -- tools dijalankan secara lokal, bukan hanya prompt ke API.
Features
Real Executors (lokal, tidak perlu API)
- port_scan: nmap port scan + service detection + vuln suggestions
- web_audit: technology detection, security headers, misconfigs, dir enumeration, SQLi/XSS indicators
- cve_search: CVE databases (NIST NVD + circl.lu) + exploit references
- payload_gen: reverse shell, bind shell, web shell, SQLi, XSS, command injection templates
AI-Based (via Nobody API)
- exploit_gen: AI-generated exploit code
- code_audit: AI-powered SAST
- report: AI-formatted pentest report
- custom: AI general pentest
Quick Setup
# Install dependencies
pip install mcp httpx python-nmap
# Configure API key (for AI-based tools)
cp .env.example .env
# Edit .env, set NOBODY_API_KEY=sk-nobody-xxx
# Add to Claude Code
claude mcp add nobody-pentest python /path/to/mcp-pentest/server.py -e NOBODY_API_KEY=sk-nobody-xxx
# Restart Claude Code, then:
> Scan 192.168.1.1 for open ports
> Audit example.com for SQL injection
> Generate reverse shell for Linux
Requirements
- Python 3.10+
- nmap (for port scanning) -- https://nmap.org/download.html
- mcp pip package
- httpx pip package
- python-nmap pip package (optional, nmap CLI works too)
- NOBODY_API_KEY (only for AI-based tools: exploit_gen, code_audit, report, custom)
Architecture
User (Claude Code)
| MCP protocol (tool call)
Nobody Pentest MCP Server (local)
|-- REAL EXECUTION: nmap, httpx, CVE APIs, templates
|-- AI EXECUTION: POST /v1/messages -> DeepSeek
v
Results returned to Claude Code
Tools
| Tool | Executor | API Required |
|---|---|---|
nobody_pentest_scan |
nmap (local) | No |
nobody_pentest_web_audit |
httpx + manual checks (local) | No |
nobody_pentest_cve_search |
NVD + circl.lu APIs (local) | No |
nobody_pentest_payload_gen |
Templates (local) | No |
nobody_pentest_exploit_gen |
Nobody AI API | Yes |
nobody_pentest_code_audit |
Nobody AI API | Yes |
nobody_pentest_report |
Nobody AI API | Yes |
nobody_pentest_custom |
Nobody AI API | Yes |
Environment Variables
| Variable | Default | Description |
|---|---|---|
NOBODY_API_KEY |
(none) | API key for AI-based tools |
NOBODY_API_URL |
https://v2.nobody0x.com/v1/messages |
API endpoint |
NOBODY_MODEL |
nobody-pentest |
Model name |
NMAP_PATH |
nmap |
Path to nmap binary |
SCAN_TIMEOUT |
300 |
Max scan time in seconds |
HTTP_TIMEOUT |
15.0 |
HTTP request timeout |
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nobody_pentest_mcp-2.0.0.tar.gz
(36.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nobody_pentest_mcp-2.0.0.tar.gz.
File metadata
- Download URL: nobody_pentest_mcp-2.0.0.tar.gz
- Upload date:
- Size: 36.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d792d980fc86b0d382f9084a4d70f7a684f0843c085ae33288c5e683566ae294
|
|
| MD5 |
cebb299c3b76c5d2c3551c81fbda3750
|
|
| BLAKE2b-256 |
f978fe397e28fcd19aee43efa644b17522a46c531ce7bdd55de1564fa7cdd555
|
File details
Details for the file nobody_pentest_mcp-2.0.0-py3-none-any.whl.
File metadata
- Download URL: nobody_pentest_mcp-2.0.0-py3-none-any.whl
- Upload date:
- Size: 20.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0e7ef8d46f9da0843d21252e0b0d455da89ce800be5de8f03074c6c7ea24c41a
|
|
| MD5 |
7999243647ab69eb39e2540d746cf567
|
|
| BLAKE2b-256 |
32d594371c49f0648195d4fe38fc1b8c76ba18f48ba4d0d93eff64ebbf1b6c33
|