Metadata-Version: 2.4
Name: pentesttools
Version: 0.1.10
Summary: Pentest-Tools.com Vulnerability Scanners Library
Author-email: The Pentest-Tools Team <contact@pentest-tools.com>
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests>=2.31.0
Requires-Dist: typing-extensions>=4.15.0
Provides-Extra: dev
Requires-Dist: coverage; extra == "dev"
Provides-Extra: mcp
Requires-Dist: mcp>=1.4.1; extra == "mcp"
Requires-Dist: pydantic>=2.11.7; extra == "mcp"
Requires-Dist: fastmcp>=2.12.4; extra == "mcp"
Dynamic: license-file

Command-Line Interface and Python bindings for https://Pentest-Tools.com.

# Installing
PentestTools Python module is delivered through PyPI, so it can be installed directly via pip:
```bash
pip install pentesttools
```

# Usage
The `pentesttools` package provides a command line interface through the `ptt` utility. Right
now it supports the Website Scanner service.

Example for the simplest scan:
```bash
ptt run website_scanner <url>
```
This runs a freemium Website Scanner scan on the `<url>`. Unlike in the platform itself, you can omit the schema part from the url.

Global arguments, like a suitable key for a deep scan, have to be passed straight to `ptt`. Tool arguments have to be passed to the tool.

```bash
ptt --key <key> run website_scanner --scan_type deep <url>
```

If you want the command to fail if the report contains vulnerabilities with a higher risk than some value, you can use the `--fail argument`.

```bash
ptt --fail high run website_scanner <url>
```

You can also run `ptt` using docker. The docker image has `ptt` as an entrypoint, so you don't have to type it anymore. Note that the old `ptt-scan` name is still used on docker.

```bash
docker run pentesttoolscom/ptt-scan:latest run website_scanner <url>
```

# Development installation
If you want to easily modify the sources and your modifications:
```bash
pip install --edit .
```

# Uninstalling

```bash
pip uninstall pentesttools
```

# Testing and Coverage
You can run the tests and make coverage reports like this:
```bash
python3 -m pytest src/tests
```

```bash
coverage run -m pytest src/tests
coverage report -m
```

# MCP
There is an optional MCP server provided in this package.
## Installation:
```bash
pip install "pentesttools[mcp]"
```

## Usage
There is a hosted endpoint at `https://mcp.pentest-tools.com:9001/mcp`.

Example config:
```
"ptt-mcp-http": {
  "type": "http",
  "url": "https://mcp.pentest-tools.com:9001/mcp/",
  "headers": {
    "PTT_API_KEY": "<ptt-api-key>"
  }
}
```

You can also self-host the MCP server. This command will open an MCP server locally on port 9000.
```bash
ptt --key <ptt-api-key> mcp --mcp_method stdio
```
Connect with your favorite LLM client.
```bash
"ptt-mcp-remote": {
  "type": "stdio",
  "command": "ptt",
  "args": ["mcp", "--mcp_method", "stdio"],
  "env": {
    "PTT_API_KEY": "<ptt-api-key>"
  }
}
```

The MCP server also supports the HTTP method, which is also the default.

```bash
ptt mcp
```

In this case, you have to pass the API key as a header, called `PTT_API_KEY`.

Example config:
```
"ptt-mcp-http": {
  "type": "http",
  "url": "http://localhost:9000/mcp",
  "headers": {
    "PTT_API_KEY": "<ptt-api-key>"
  }
}
```
