Share 
## https://sploitus.com/exploit?id=F353D1E1-3DB7-5615-9A8E-2CFCC60EADC9
# Pentest Autopilot MCP Servers

Professional-grade Model Context Protocol (MCP) servers for automated penetration testing.

## ๐Ÿ”ฅ Servers

- **[mcp-sqli](./mcp-servers/mcp-sqli)** - SQL Injection (150+ payloads, WAF bypass, blind extraction)
- **[mcp-exploit](./mcp-servers/mcp-exploit)** - RCE & Exploitation (SSTI, shells, deserialization)
- **[mcp-auth](./mcp-servers/mcp-auth)** - Authentication Testing (JWT, OAuth, OTP bypass)
- **[mcp-recon](./mcp-servers/mcp-recon)** - Reconnaissance & OSINT (subdomains, tech fingerprinting)

## ๐Ÿš€ Quick Start

```bash
# Clone repository
git clone https://github.com/YOUR_USERNAME/pentest-autopilot-mcps.git
cd pentest-autopilot-mcps

# Install all servers
cd mcp-servers/mcp-sqli && npm install && cd ../..
cd mcp-servers/mcp-exploit && npm install && cd ../..
cd mcp-servers/mcp-auth && npm install && cd ../..
cd mcp-servers/mcp-recon && npm install && cd ../..
```

## โš™๏ธ Configuration

Add to your MCP settings (e.g., `cline_mcp_settings.json` or Claude Desktop config):

```json
{
  "mcpServers": {
    "sqli": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-servers/mcp-sqli/index.js"]
    },
    "exploit": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-servers/mcp-exploit/index.js"]
    },
    "auth": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-servers/mcp-auth/index.js"]
    },
    "recon": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-servers/mcp-recon/index.js"]
    }
  }
}
```

## ๐Ÿ“– Documentation

- **[mcp-servers/README.md](./mcp-servers/README.md)** - Complete documentation
- **[GITHUB_SETUP.md](./GITHUB_SETUP.md)** - Deployment guide
- **[MCP_INTEGRATION_GUIDE.md](./MCP_INTEGRATION_GUIDE.md)** - Integration with agents
- **[PROJECT_SUMMARY.md](./PROJECT_SUMMARY.md)** - Project overview

## ๐Ÿ“Š Statistics

- **4 MCP Servers**: SQLi, Exploit, Auth, Recon
- **27 Tools**: Automated testing capabilities
- **500+ Payloads**: SQL injection, RCE, authentication attacks
- **Production Ready**: Error handling, validation, comprehensive docs

## ๐ŸŽฏ Features

### mcp-sqli
- MySQL, PostgreSQL, MSSQL, Oracle, SQLite, NoSQL payloads
- WAF bypass engine (6 techniques)
- Blind SQLi oracle
- Automated endpoint testing
- SQLMap integration

### mcp-exploit
- SSTI for 10 template engines
- Command injection (Unix & Windows)
- Reverse shell generator (7 languages)
- Deserialization gadgets
- File upload bypass
- XXE payloads

### mcp-auth
- JWT attacks (alg:none, brute force, tampering)
- OAuth/SSO bypass
- OTP/2FA bypass (10 techniques)
- Session attacks
- Password reset vulnerabilities

### mcp-recon
- Subdomain enumeration (crt.sh + DNS brute)
- Tech fingerprinting (30+ signatures)
- API discovery (50+ paths)
- Google dorks generation
- Wayback Machine integration

## โš ๏ธ Legal Disclaimer

**Educational and authorized testing only.**

These tools are designed for:
- Authorized penetration testing
- Security research
- Bug bounty programs
- CTF competitions

**DO NOT** use against systems without explicit permission.

## ๐Ÿค Contributing

Pull requests welcome! See individual MCP READMEs for development info.

## ๐Ÿ“ License

MIT - See LICENSE file.

---

**Built for the Pentest Autopilot system** ๐Ÿš€