Skip to main content

MCP server for Nobody AI Pentest Engine v2 — real tool execution (nmap, httpx, CVE APIs) via Claude Code

Project description

Nobody Pentest MCP Server v2

MCP server yang menghubungkan Claude Code dengan Nobody AI Pentest Engine. v2: Real tool execution -- tools dijalankan secara lokal, bukan hanya prompt ke API.

Features

Real Executors (lokal, tidak perlu API)

  • port_scan: nmap port scan + service detection + vuln suggestions
  • web_audit: technology detection, security headers, misconfigs, dir enumeration, SQLi/XSS indicators
  • cve_search: CVE databases (NIST NVD + circl.lu) + exploit references
  • payload_gen: reverse shell, bind shell, web shell, SQLi, XSS, command injection templates

AI-Based (via Nobody API)

  • exploit_gen: AI-generated exploit code
  • code_audit: AI-powered SAST
  • report: AI-formatted pentest report
  • custom: AI general pentest

Quick Setup

# Install dependencies
pip install mcp httpx python-nmap

# Configure API key (for AI-based tools)
cp .env.example .env
# Edit .env, set NOBODY_API_KEY=sk-nobody-xxx

# Add to Claude Code
claude mcp add nobody-pentest python /path/to/mcp-pentest/server.py -e NOBODY_API_KEY=sk-nobody-xxx

# Restart Claude Code, then:
> Scan 192.168.1.1 for open ports
> Audit example.com for SQL injection
> Generate reverse shell for Linux

Requirements

  • Python 3.10+
  • nmap (for port scanning) -- https://nmap.org/download.html
  • mcp pip package
  • httpx pip package
  • python-nmap pip package (optional, nmap CLI works too)
  • NOBODY_API_KEY (only for AI-based tools: exploit_gen, code_audit, report, custom)

Architecture

User (Claude Code)
    | MCP protocol (tool call)
Nobody Pentest MCP Server (local)
    |-- REAL EXECUTION: nmap, httpx, CVE APIs, templates
    |-- AI EXECUTION: POST /v1/messages -> DeepSeek
    v
Results returned to Claude Code

Tools

Tool Executor API Required
nobody_pentest_scan nmap (local) No
nobody_pentest_web_audit httpx + manual checks (local) No
nobody_pentest_cve_search NVD + circl.lu APIs (local) No
nobody_pentest_payload_gen Templates (local) No
nobody_pentest_exploit_gen Nobody AI API Yes
nobody_pentest_code_audit Nobody AI API Yes
nobody_pentest_report Nobody AI API Yes
nobody_pentest_custom Nobody AI API Yes

Environment Variables

Variable Default Description
NOBODY_API_KEY (none) API key for AI-based tools
NOBODY_API_URL https://v2.nobody0x.com/v1/messages API endpoint
NOBODY_MODEL nobody-pentest Model name
NMAP_PATH nmap Path to nmap binary
SCAN_TIMEOUT 300 Max scan time in seconds
HTTP_TIMEOUT 15.0 HTTP request timeout

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nobody_pentest_mcp-2.0.0.tar.gz (36.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nobody_pentest_mcp-2.0.0-py3-none-any.whl (20.7 kB view details)

Uploaded Python 3

File details

Details for the file nobody_pentest_mcp-2.0.0.tar.gz.

File metadata

  • Download URL: nobody_pentest_mcp-2.0.0.tar.gz
  • Upload date:
  • Size: 36.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for nobody_pentest_mcp-2.0.0.tar.gz
Algorithm Hash digest
SHA256 d792d980fc86b0d382f9084a4d70f7a684f0843c085ae33288c5e683566ae294
MD5 cebb299c3b76c5d2c3551c81fbda3750
BLAKE2b-256 f978fe397e28fcd19aee43efa644b17522a46c531ce7bdd55de1564fa7cdd555

See more details on using hashes here.

File details

Details for the file nobody_pentest_mcp-2.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for nobody_pentest_mcp-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0e7ef8d46f9da0843d21252e0b0d455da89ce800be5de8f03074c6c7ea24c41a
MD5 7999243647ab69eb39e2540d746cf567
BLAKE2b-256 32d594371c49f0648195d4fe38fc1b8c76ba18f48ba4d0d93eff64ebbf1b6c33

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page