Metadata-Version: 2.4
Name: nobody-pentest-mcp
Version: 2.0.1
Summary: MCP server for Nobody AI Pentest Engine v2 — real tool execution (nmap, httpx, CVE APIs) via Claude Code
Project-URL: Homepage, https://nobody0x.com/pentest-docs
Project-URL: Documentation, https://nobody0x.com/pentest-docs
Project-URL: Repository, https://github.com/nobody0x/nobody-pentest-mcp
Project-URL: Issues, https://github.com/nobody0x/nobody-pentest-mcp/issues
Author-email: Nobody AI <admin@nobody0x.com>
License: MIT
License-File: LICENSE
Keywords: ai,claude,exploit,mcp,pentest,security,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Requires-Dist: httpx>=0.25.0
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

# Nobody Pentest MCP Server v2

MCP server yang menghubungkan Claude Code dengan Nobody AI Pentest Engine.
**v2: Real tool execution** -- tools dijalankan secara lokal, bukan hanya prompt ke API.

## Features

### Real Executors (lokal, tidak perlu API)
- **port_scan**: nmap port scan + service detection + vuln suggestions
- **web_audit**: technology detection, security headers, misconfigs, dir enumeration, SQLi/XSS indicators
- **cve_search**: CVE databases (NIST NVD + circl.lu) + exploit references
- **payload_gen**: reverse shell, bind shell, web shell, SQLi, XSS, command injection templates

### AI-Based (via Nobody API)
- **exploit_gen**: AI-generated exploit code
- **code_audit**: AI-powered SAST
- **report**: AI-formatted pentest report
- **custom**: AI general pentest

## Quick Setup

### Install (Recommended)

```bash
pip install nobody-pentest-mcp
```

### Add to Claude Code

```bash
# Using default Nobody AI endpoint (API key optional)
claude mcp add nobody-pentest nobody-pentest-mcp

# Using your own API key (for external endpoints)
claude mcp add nobody-pentest nobody-pentest-mcp -e NOBODY_API_KEY=sk-nobody-xxx
```

### Manual Setup

```bash
# Install dependencies
pip install mcp httpx python-nmap

# Configure (optional for Nobody AI endpoint)
cp .env.example .env
# Edit .env if needed

# Run server
nobody-pentest-mcp
```

## Requirements

- **Python 3.10+**
- **nmap** (for port scanning) -- https://nmap.org/download.html
- **mcp** pip package
- **httpx** pip package
- **python-nmap** pip package (optional, nmap CLI works too)
- **NOBODY_API_KEY** (optional for Nobody AI endpoint, required for external endpoints)

## API Key

### Using Default Nobody AI Endpoint (v2.nobody0x.com)

**API key is optional**. The default endpoint handles authentication automatically.

```bash
# Just install and use
pip install nobody-pentest-mcp
claude mcp add nobody-pentest nobody-pentest-mcp
```

### Using External Endpoints (OpenAI, DeepSeek, etc.)

**API key is required**. Set it via environment variable or .env file.

```bash
# Set API key
export NOBODY_API_KEY=sk-your-key-here

# Or use .env file
echo "NOBODY_API_KEY=sk-your-key-here" > .env
```

## Architecture

```
User (Claude Code)
    | MCP protocol (tool call)
Nobody Pentest MCP Server (local)
    |-- REAL EXECUTION: nmap, httpx, CVE APIs, templates
    |-- AI EXECUTION: POST /v1/messages -> DeepSeek
    v
Results returned to Claude Code
```

## Tools

| Tool | Executor | API Required |
|------|----------|-------------|
| `nobody_pentest_scan` | nmap (local) | No |
| `nobody_pentest_web_audit` | httpx + manual checks (local) | No |
| `nobody_pentest_cve_search` | NVD + circl.lu APIs (local) | No |
| `nobody_pentest_payload_gen` | Templates (local) | No |
| `nobody_pentest_exploit_gen` | Nobody AI API | Yes (external only) |
| `nobody_pentest_code_audit` | Nobody AI API | Yes (external only) |
| `nobody_pentest_report` | Nobody AI API | Yes (external only) |
| `nobody_pentest_custom` | Nobody AI API | Yes (external only) |

## Environment Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `NOBODY_API_KEY` | (none) | API key (optional for Nobody AI endpoint) |
| `NOBODY_API_URL` | `https://v2.nobody0x.com/v1/messages` | API endpoint |
| `NOBODY_MODEL` | `nobody-pentest` | Model name |
| `NMAP_PATH` | `nmap` | Path to nmap binary |
| `SCAN_TIMEOUT` | `300` | Max scan time in seconds |
| `HTTP_TIMEOUT` | `15.0` | HTTP request timeout |
