Target Component
Core Services (Frontend UI/Backend API)
Enhancement Description
Summary
Add a generic MCP (Model Context Protocol) client to PentAGI so that agents can
use any MCP-compatible external tool as a first-class tool — starting with
Burp Suite Pro as a concrete use case.
Motivation
PentAGI's current toolset covers most of the pentest lifecycle well, but there
is a growing ecosystem of professional security tools that are exposing MCP
servers as their AI integration interface. The most notable example is
Burp Suite Pro, which PortSwigger has officially published as an MCP server
extension:
https://github.com/PortSwigger/mcp-server
Without MCP client support, integrating Burp Suite (or any other MCP-compatible
tool) requires either:
- Manual CLI scripting generated by the
coder agent (fragile, high overhead)
- Forking PentAGI to add vendor-specific tool implementations
With MCP client support, PentAGI gains access to the entire MCP ecosystem
through a single integration point.
Proposed Solution
Add a configurable MCP client layer to PentAGI that:
- Reads MCP server connections from config (similar to how LLM providers
are configured in .env / custom.provider.yml)
- Auto-discovers available tools from each connected MCP server at startup
via the MCP tools/list method
- Exposes discovered tools to all agents as first-class callable tools
alongside native tools (terminal, file, browser, delegation)
- Supports standard MCP transports: stdio, SSE, and HTTP
Example config (.env):
MCP_SERVERS=burp,nuclei
MCP_BURP_TRANSPORT=http
MCP_BURP_URL=http://host.docker.internal:1337
MCP_NUCLEI_TRANSPORT=stdio
MCP_NUCLEI_CMD=nuclei-mcp-server
Concrete Use Case: Burp Suite Pro
With Burp Suite's MCP server running on the analyst's machine and PentAGI
connected to it, the pentester agent could:
- Trigger active scans on URLs discovered during recon — Burp's scanner is
significantly more capable than CLI alternatives for complex web applications
- Retrieve structured findings (vulnerability type, severity, HTTP evidence)
and incorporate them into the engagement context
- Use Burp Collaborator for out-of-band detection — blind SSRF, blind SQLi,
XXE — a class of vulnerabilities currently undetectable with PentAGI's
CLI-only toolset
- Pull the crawled sitemap to seed directory enumeration with real
discovered paths
This addresses a genuine gap: PentAGI cannot currently detect OOB/blind
vulnerabilities at all, and Burp's web crawler handles JS-heavy applications
far better than gobuster/ffuf.
Broader Impact
MCP is becoming the standard integration interface for AI-connected tooling.
Beyond Burp Suite, supporting MCP opens PentAGI to:
| Tool |
Capability unlocked |
| Burp Suite Pro |
Web scanning, Collaborator OOB, sitemap |
| Nuclei |
Template-based vulnerability detection |
| Shodan / Censys |
Passive OSINT enrichment |
| Ghostwriter |
Direct finding logging during engagement |
| Internal / custom MCP servers |
Organisation-specific tooling |
Rather than maintaining one-off integrations per tool, MCP client support makes
PentAGI's capabilities open-ended as the ecosystem grows.
Implementation Notes
- Go MCP client libraries exist:
github.com/mark3labs/mcp-go is a
mature implementation
- MCP tool descriptors (name, description, input schema) map directly onto
PentAGI's existing tool calling structure — no architectural changes required
to the agent system
- MCP servers running on the analyst's host are reachable from the Kali
container via host.docker.internal (already used in the codebase for
similar purposes)
- Security boundary: MCP tool calls would be subject to the same permission
model as existing tools
Technical Details
No response
Designs and Mockups
No response
Alternative Solutions
No response
Verification
Target Component
Core Services (Frontend UI/Backend API)
Enhancement Description
Summary
Add a generic MCP (Model Context Protocol) client to PentAGI so that agents can
use any MCP-compatible external tool as a first-class tool — starting with
Burp Suite Pro as a concrete use case.
Motivation
PentAGI's current toolset covers most of the pentest lifecycle well, but there
is a growing ecosystem of professional security tools that are exposing MCP
servers as their AI integration interface. The most notable example is
Burp Suite Pro, which PortSwigger has officially published as an MCP server
extension:
https://github.com/PortSwigger/mcp-server
Without MCP client support, integrating Burp Suite (or any other MCP-compatible
tool) requires either:
coderagent (fragile, high overhead)With MCP client support, PentAGI gains access to the entire MCP ecosystem
through a single integration point.
Proposed Solution
Add a configurable MCP client layer to PentAGI that:
are configured in
.env/custom.provider.yml)via the MCP
tools/listmethodalongside native tools (terminal, file, browser, delegation)
Example config (
.env):MCP_SERVERS=burp,nuclei
MCP_BURP_TRANSPORT=http
MCP_BURP_URL=http://host.docker.internal:1337
MCP_NUCLEI_TRANSPORT=stdio
MCP_NUCLEI_CMD=nuclei-mcp-server
Concrete Use Case: Burp Suite Pro
With Burp Suite's MCP server running on the analyst's machine and PentAGI
connected to it, the pentester agent could:
significantly more capable than CLI alternatives for complex web applications
and incorporate them into the engagement context
XXE — a class of vulnerabilities currently undetectable with PentAGI's
CLI-only toolset
discovered paths
This addresses a genuine gap: PentAGI cannot currently detect OOB/blind
vulnerabilities at all, and Burp's web crawler handles JS-heavy applications
far better than gobuster/ffuf.
Broader Impact
MCP is becoming the standard integration interface for AI-connected tooling.
Beyond Burp Suite, supporting MCP opens PentAGI to:
Rather than maintaining one-off integrations per tool, MCP client support makes
PentAGI's capabilities open-ended as the ecosystem grows.
Implementation Notes
github.com/mark3labs/mcp-gois amature implementation
PentAGI's existing tool calling structure — no architectural changes required
to the agent system
container via
host.docker.internal(already used in the codebase forsimilar purposes)
model as existing tools
Technical Details
No response
Designs and Mockups
No response
Alternative Solutions
No response
Verification