Agentic AI is transforming security by automating many tasks being performed manually. While initial agentic approaches employed a monolithic architecture, the Model-Context-Protocol has now enabled a remote-procedure call (RPC) paradigm to agentic applications, allowing for the flexible construction and composition of multi-function agents. This paper describes PentestMCP, a library of MCP server implementations that support agentic penetration testing. By supporting common penetration testing tasks such as network scanning, resource enumeration, service fingerprinting, vulnerability scanning, exploitation, and post-exploitation, PentestMCP allows a developer to customize multi-agent workflows for performing penetration tests.

翻译：智能体人工智能正通过自动化许多原本手动执行的任务来改变安全领域。虽然早期的智能体方法采用单体架构，但模型-上下文-协议现已为智能体应用实现了远程过程调用范式，使得多功能智能体的灵活构建与组合成为可能。本文介绍了PentestMCP，这是一个支持智能体渗透测试的MCP服务器实现库。通过支持网络扫描、资源枚举、服务指纹识别、漏洞扫描、漏洞利用和后渗透等常见渗透测试任务，PentestMCP使开发人员能够定制用于执行渗透测试的多智能体工作流。