Metadata-Version: 2.4
Name: nobody-pentest-mcp
Version: 2.0.0
Summary: MCP server for Nobody AI Pentest Engine v2 — real tool execution (nmap, httpx, CVE APIs) via Claude Code
Project-URL: Homepage, https://nobody0x.com/pentest-docs
Project-URL: Documentation, https://nobody0x.com/pentest-docs
Project-URL: Repository, https://github.com/nobody0x/nobody-pentest-mcp
Project-URL: Issues, https://github.com/nobody0x/nobody-pentest-mcp/issues
Author-email: Nobody AI <admin@nobody0x.com>
License: MIT
License-File: LICENSE
Keywords: ai,claude,exploit,mcp,pentest,security,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Requires-Dist: httpx>=0.25.0
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

# Nobody Pentest MCP Server v2

MCP server yang menghubungkan Claude Code dengan Nobody AI Pentest Engine.
**v2: Real tool execution** -- tools dijalankan secara lokal, bukan hanya prompt ke API.

## Features

### Real Executors (lokal, tidak perlu API)
- **port_scan**: nmap port scan + service detection + vuln suggestions
- **web_audit**: technology detection, security headers, misconfigs, dir enumeration, SQLi/XSS indicators
- **cve_search**: CVE databases (NIST NVD + circl.lu) + exploit references
- **payload_gen**: reverse shell, bind shell, web shell, SQLi, XSS, command injection templates

### AI-Based (via Nobody API)
- **exploit_gen**: AI-generated exploit code
- **code_audit**: AI-powered SAST
- **report**: AI-formatted pentest report
- **custom**: AI general pentest

## Quick Setup

```bash
# Install dependencies
pip install mcp httpx python-nmap

# Configure API key (for AI-based tools)
cp .env.example .env
# Edit .env, set NOBODY_API_KEY=sk-nobody-xxx

# Add to Claude Code
claude mcp add nobody-pentest python /path/to/mcp-pentest/server.py -e NOBODY_API_KEY=sk-nobody-xxx

# Restart Claude Code, then:
> Scan 192.168.1.1 for open ports
> Audit example.com for SQL injection
> Generate reverse shell for Linux
```

## Requirements

- **Python 3.10+**
- **nmap** (for port scanning) -- https://nmap.org/download.html
- **mcp** pip package
- **httpx** pip package
- **python-nmap** pip package (optional, nmap CLI works too)
- **NOBODY_API_KEY** (only for AI-based tools: exploit_gen, code_audit, report, custom)

## Architecture

```
User (Claude Code)
    | MCP protocol (tool call)
Nobody Pentest MCP Server (local)
    |-- REAL EXECUTION: nmap, httpx, CVE APIs, templates
    |-- AI EXECUTION: POST /v1/messages -> DeepSeek
    v
Results returned to Claude Code
```

## Tools

| Tool | Executor | API Required |
|------|----------|-------------|
| `nobody_pentest_scan` | nmap (local) | No |
| `nobody_pentest_web_audit` | httpx + manual checks (local) | No |
| `nobody_pentest_cve_search` | NVD + circl.lu APIs (local) | No |
| `nobody_pentest_payload_gen` | Templates (local) | No |
| `nobody_pentest_exploit_gen` | Nobody AI API | Yes |
| `nobody_pentest_code_audit` | Nobody AI API | Yes |
| `nobody_pentest_report` | Nobody AI API | Yes |
| `nobody_pentest_custom` | Nobody AI API | Yes |

## Environment Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `NOBODY_API_KEY` | (none) | API key for AI-based tools |
| `NOBODY_API_URL` | `https://v2.nobody0x.com/v1/messages` | API endpoint |
| `NOBODY_MODEL` | `nobody-pentest` | Model name |
| `NMAP_PATH` | `nmap` | Path to nmap binary |
| `SCAN_TIMEOUT` | `300` | Max scan time in seconds |
| `HTTP_TIMEOUT` | `15.0` | HTTP request timeout |
