High-risk tools in Pentester-MCP

High severity Pentester-MCP MCP Server 332 of 337 tools

332 of the 337 tools in Pentester-MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

dnscat_client Execute

dnscat_client
execute_weevely_module Execute

execute_weevely_module
identify_hash Execute

identify_hash
john_prepare Execute

john_prepare
launch_xsser_gui Execute

Launches the graphical user interface (GTK) for XSSer.
objection_explore Execute

objection_explore
run_403bypasser Execute

run_403bypasser
run_addcomputer Execute

run_addcomputer
run_aircrack_action Execute

run_aircrack_action
run_aix Execute

run_aix
run_alterx Execute

run_alterx
run_amass Execute

run_amass
run_apktool Execute

run_apktool
run_arachni Execute

run_arachni
run_arjun Execute

run_arjun
run_asnmap Execute

run_asnmap
run_atexec Execute

run_atexec
run_autobloody Execute

run_autobloody
run_autorecon Execute

run_autorecon
run_awk Execute

run_awk
run_bbot Execute

run_bbot
run_binwalk Execute

run_binwalk
run_bloodhound Execute

run_bloodhound
run_bloodhound_automation Execute

run_bloodhound_automation
run_bloodyad Execute

run_bloodyad
run_bruteforce_luks Execute

run_bruteforce_luks
run_bruteshark_analysis Execute

run_bruteshark_analysis
run_cariddi Execute

run_cariddi
run_cdncheck Execute

run_cdncheck
run_cero Execute

run_cero
run_certipy Execute

run_certipy
run_cewl Execute

run_cewl
run_changeme Execute

run_changeme
run_cloud_enum Execute

run_cloud_enum
run_cloudlist Execute

run_cloudlist
run_coercer Execute

run_coercer
run_commix Execute

run_commix
run_corsy Execute

run_corsy
run_crlfuzz Execute

run_crlfuzz
run_crunch Execute

run_crunch
run_cupp Execute

run_cupp
run_curl Execute

run_curl
run_dacledit Execute

run_dacledit
run_dalfox Execute

run_dalfox
run_describe_ticket Execute

run_describe_ticket
run_dig Execute

run_dig
run_dirb Execute

run_dirb
run_dirsearch Execute

run_dirsearch
run_dirstalk Execute

run_dirstalk
run_dmitry Execute

run_dmitry
run_dnsenum Execute

run_dnsenum
run_dnsrecon Execute

run_dnsrecon
run_dnsx Execute

run_dnsx
run_docker Execute

run_docker
run_dotdotpwn Execute

run_dotdotpwn
run_dpapi Execute

run_dpapi
run_dpl4hydra Execute

run_dpl4hydra
run_drupwn Execute

run_drupwn
run_dump_ntlm_info Execute

run_dump_ntlm_info
run_emailharvester Execute

run_emailharvester
run_enum4linux_ng Execute

run_enum4linux_ng
run_eyewitness Execute

run_eyewitness
run_fatcat Execute

run_fatcat
run_fcrackzip Execute

run_fcrackzip
run_feroxbuster Execute

run_feroxbuster
run_ffuf Execute

run_ffuf
run_fierce Execute

run_fierce
run_finalrecon Execute

run_finalrecon
run_find Execute

run_find
run_find_delegation Execute

run_find_delegation
run_findomain Execute

run_findomain
run_fping Execute

run_fping
run_gaia Execute

run_gaia
run_gau Execute

run_gau
run_get_ad_computers Execute

run_get_ad_computers
run_get_gpppassword Execute

run_get_gpppassword
run_getadusers Execute

run_getadusers
run_getnpusers Execute

run_getnpusers
run_getpac Execute

run_getpac
run_getst Execute

run_getst
run_getuserspns Execute

run_getuserspns
run_ghauri Execute

run_ghauri
run_git Execute

run_git
run_gitleaks Execute

run_gitleaks
run_gobuster Execute

run_gobuster
run_goldenpac Execute

run_goldenpac
run_gospider Execute

run_gospider
run_gowitness Execute

run_gowitness
run_graphw00f Execute

run_graphw00f
run_grep Execute

run_grep
run_gunzip Execute

run_gunzip
run_hakrawler Execute

run_hakrawler
run_hashcat Execute

run_hashcat
run_hashdeep Execute

run_hashdeep
run_hashid Execute

run_hashid
run_httpx Execute

run_httpx
run_hydra Execute

run_hydra
run_impacket_changepasswd Execute

run_impacket_changepasswd
run_impacket_dcomexec Execute

run_impacket_dcomexec
run_impacket_esentutl Execute

run_impacket_esentutl
run_impacket_exchanger Execute

run_impacket_exchanger
run_impacket_getarch Execute

run_impacket_getarch
run_impacket_getlapspassword Execute

run_impacket_getlapspassword
run_impacket_gettgt Execute

run_impacket_gettgt
run_impacket_keylistattack Execute

run_impacket_keylistattack
run_impacket_mimikatz Execute

run_impacket_mimikatz
run_impacket_mssqlinstance Execute

run_impacket_mssqlinstance
run_impacket_net Execute

run_impacket_net
run_impacket_ping Execute

run_impacket_ping
run_impacket_ping6 Execute

run_impacket_ping6
run_impacket_reg Execute

run_impacket_reg
run_impacket_services Execute

run_impacket_services
run_impacket_tstool Execute

run_impacket_tstool
run_jadx Execute

run_jadx
run_john Execute

run_john
run_joomscan Execute

run_joomscan
run_jwt_tool Execute

run_jwt_tool
run_k8scan Execute

run_k8scan
run_katana Execute

run_katana
run_kerbrute Execute

run_kerbrute
run_kiterunner Execute

run_kiterunner
run_kubectl Execute

run_kubectl
run_kubernetes_task Execute

run_kubernetes_task
run_lookupsid Execute

run_lookupsid
run_lsassy Execute

run_lsassy
run_machine_role Execute

run_machine_role
run_mapcidr Execute

run_mapcidr
run_masscan Execute

run_masscan
run_medusa Execute

run_medusa
run_mqtt_check Execute

run_mqtt_check
run_msfconsole Execute

run_msfconsole
run_msfvenom Execute

run_msfvenom
run_mssqlclient Execute

run_mssqlclient
run_naabu Execute

run_naabu
run_nbtscan Execute

run_nbtscan
run_ndiff Execute

run_ndiff
run_netcat_client Execute

run_netcat_client
run_netdiscover_scan Execute

run_netdiscover_scan
run_nikto_scan Execute

run_nikto_scan
run_nmap Execute

run_nmap
run_nmapautomator Execute

run_nmapautomator
run_nping Execute

run_nping
run_npm Execute

run_npm
run_ntfs_read Execute

run_ntfs_read
run_nuclei Execute

run_nuclei
run_nxc Execute

run_nxc
run_onesixtyone Execute

run_onesixtyone
run_openredirex Execute

run_openredirex
run_owneredit Execute

run_owneredit
run_pacu Execute

run_pacu
run_paramspider Execute

run_paramspider
run_passdetective Execute

run_passdetective
run_php Execute

run_php
run_phpsploit Execute

run_phpsploit
run_plumhound Execute

run_plumhound
run_psexec Execute

run_psexec
run_pw_inspector Execute

run_pw_inspector
run_pwncat_scan Execute

run_pwncat_scan
run_pywhisker Execute

run_pywhisker
run_qsfuzz Execute

run_qsfuzz
run_qsreplace Execute

run_qsreplace
run_raise_child Execute

run_raise_child
run_rbcd Execute

run_rbcd
run_rdp_check Execute

run_rdp_check
run_recon_ng Execute

run_recon_ng
run_rpcclient Execute

run_rpcclient
run_rpcmap Execute

run_rpcmap
run_sambapipe Execute

run_sambapipe
run_scp Execute

run_scp
run_searchsploit Execute

run_searchsploit
run_sherlock Execute

run_sherlock
run_shuffledns Execute

run_shuffledns
run_sliver_action Execute

run_sliver_action
run_smbclient Execute

run_smbclient
run_smbexec Execute

run_smbexec
run_smbmap Execute

run_smbmap
run_smtp_user_enum Execute

run_smtp_user_enum
run_smugglex Execute

run_smugglex
run_snmp_check Execute

run_snmp_check
run_snmpwalk Execute

run_snmpwalk
run_spiderfoot Execute

run_spiderfoot
run_sprayhound Execute

run_sprayhound
run_sqlmap Execute

run_sqlmap
run_ssh_command Execute

run_ssh_command
run_sslscan Execute

run_sslscan
run_ssrfmap Execute

run_ssrfmap
run_sstimap Execute

run_sstimap
run_subfinder Execute

run_subfinder
run_subjack Execute

run_subjack
run_tar Execute

run_tar
run_tcpdump Execute

run_tcpdump
run_theharvester Execute

run_theharvester
run_ticketer Execute

run_ticketer
run_tldfinder Execute

run_tldfinder
run_tlsx Execute

run_tlsx
run_trivy Execute

run_trivy
run_trufflehog Execute

run_trufflehog
run_uncover Execute

run_uncover
run_urlfinder Execute

run_urlfinder
run_uro Execute

run_uro
run_username_anarchy Execute

run_username_anarchy
run_vulnx Execute

run_vulnx
run_wafw00f Execute

run_wafw00f
run_wapiti Execute

run_wapiti
run_wfuzz Execute

run_wfuzz
run_wget Execute

run_wget
run_whatweb Execute

run_whatweb
run_windapsearch Execute

run_windapsearch
run_wmipersist Execute

run_wmipersist
run_wmiquery Execute

run_wmiquery
run_wp Execute

run_wp
run_wpprobe_scan Execute

run_wpprobe_scan
run_wpscan Execute

run_wpscan
run_xsser Execute

run_xsser
run_xsstrike Execute

run_xsstrike
run_xxexploiter Execute

run_xxexploiter
run_ysoserial Execute

run_ysoserial
run_zip Execute

run_zip
split_pcap Execute

split_pcap
start_autopsy Execute

start_autopsy
start_bruteshark_live Execute

start_bruteshark_live
start_caido_service Execute

start_caido_service
start_certipy_relay Execute

start_certipy_relay
start_chisel_client Execute

start_chisel_client
start_chisel_server Execute

start_chisel_server
start_commix_session Execute

start_commix_session
start_dnscat2_server Execute

start_dnscat2_server
start_docker_monitor Execute

start_docker_monitor
start_evil_winrm Execute

start_evil_winrm
start_goshs Execute

start_goshs
start_gowitness_report_server Execute

start_gowitness_report_server
start_hashcat_session Execute

start_hashcat_session
start_impacket_sniff Execute

start_impacket_sniff
start_interactsh_client Execute

start_interactsh_client
start_interactsh_server Execute

start_interactsh_server
start_jrmp_listener Execute

start_jrmp_listener
start_k8scan_server Execute

start_k8scan_server
start_karmasmb Execute

start_karmasmb
start_kubectl_port_forward Execute

start_kubectl_port_forward
start_kubernetes_persistence Execute

start_kubernetes_persistence
start_ligolo_proxy Execute

start_ligolo_proxy
start_mimikatz_interactive_session Execute

start_mimikatz_interactive_session
start_mitm6 Execute

start_mitm6
start_msf_handler Execute

start_msf_handler
start_ncat_listener Execute

start_ncat_listener
start_netcat_listener Execute

start_netcat_listener
start_netdiscover_monitor Execute

start_netdiscover_monitor
start_ntlmrelayx Execute

start_ntlmrelayx
start_php_server Execute

start_php_server
start_phpsploit_session Execute

Establishes a persistent, interactive connection to a pre-deployed PHP backdoor.
start_proxify Execute

start_proxify
start_psexec_shell Execute

start_psexec_shell
start_pwncat_session Execute

start_pwncat_session
start_recon_ng_interactive Execute

start_recon_ng_interactive
start_responder Execute

start_responder
start_smb_server Execute

start_smb_server
start_sniffer Execute

start_sniffer
start_spiderfoot_web Execute

start_spiderfoot_web
start_sqlmap_os_shell Execute

start_sqlmap_os_shell
start_ssh_tunnel Execute

start_ssh_tunnel
start_sshuttle Execute

start_sshuttle
start_ssrfmap_handler Execute

start_ssrfmap_handler
start_sstimap_interactive Execute

start_sstimap_interactive
start_tcpdump_capture Execute

start_tcpdump_capture
start_trivy_server Execute

start_trivy_server
start_weevely_session Execute

start_weevely_session
start_wireless_listener Execute

start_wireless_listener
start_wp_shell Execute

Open an interactive PHP shell (REPL) within the context of the WordPress environment.
start_xfreerdp Execute

start_xfreerdp
stop_autopsy Execute

Terminate a running Autopsy forensic server process using its PID.
stop_bruteshark_live Execute

Terminates a background Bruteshark live capture process.
stop_caido_service Execute

Terminates a running Caido service process using its PID.
stop_certipy_relay Execute

Terminate a background Certipy relay process.
stop_chisel_process Execute

Terminates a background Chisel server or client process using its PID.
stop_commix_session Execute

Terminates a background Commix session (pseudo-shell or reverse shell handler)
stop_dnscat Execute

Terminates a background dnscat process.
stop_dnscat2_server Execute

Terminates a background dnscat2-server process using its Process ID (PID).
stop_docker_monitor Execute

Stop a background Docker monitoring process using its PID.
stop_evil_winrm Execute

Terminates a running evil-winrm background session.
stop_fping_monitor Execute

Terminates a long-running fping monitor process.
stop_goshs Execute

Terminates a background goshs server process using its PID.
stop_gowitness_report_server Execute

Terminates a gowitness report server process.
stop_hashcat_session Execute

Terminates a background hashcat session.
stop_impacket_sniff Execute

Terminates a background impacket-sniff process.
stop_interactsh Execute

Terminates a running interactsh-client or interactsh-server process.
stop_jrmp_listener Execute

Terminates a background JRMP listener process.
stop_k8scan_server Execute

Terminates a background k8scan server process.
stop_karmasmb Execute

Terminates a background impacket-karmaSMB server process.
stop_kubectl_process Execute

Terminates a background kubectl process (like a port-forwarder) using its PID.
stop_kubernetes_persistence Execute

Terminate a background Kubernetes process (log stream or exec) using its PID.
stop_ligolo_proxy Execute

Terminates a running ligolo-proxy process.
stop_mimikatz_session Execute

Terminate a background Mimikatz session.
stop_mitm6 Execute

Terminates a running mitm6 process using its Process ID (PID).
stop_msf_handler Execute

Terminates a background Metasploit handler process.
stop_ncat_listener Execute

Terminates a background Ncat listener process.
stop_netcat_listener Execute

Terminates a background Netcat listener process using its PID.
stop_netdiscover_monitor Execute

Terminates a background netdiscover monitoring process.
stop_ntfs_shell Execute

Terminates a background impacket-ntfs-read interactive exploration process.
stop_ntlmrelayx Execute

Terminates a background ntlmrelayx process.
stop_objection_session Execute

Terminates a backgrounded objection exploration session.
stop_php_server Execute

Terminate a background PHP development server using its Process ID (PID).
stop_phpsploit_session Execute

Terminates a background phpsploit session using its Process ID (PID).
stop_proxify Execute

Terminates a running proxify background process.
stop_psexec_shell Execute

Terminates a background PSExec shell session.
stop_pwncat_session Execute

Terminates a background pwncat session using its Process ID (PID).
stop_recon_ng_interactive Execute

Terminates a background recon-ng session using its PID.
stop_responder Execute

Terminates a running Responder background process.
stop_smb_process Execute

Terminates a background impacket-smbclient process.
stop_smb_server Execute

Terminate a running Impacket SMB server process.
stop_sniffer Execute

Terminates a background sniffing process using its Process ID (PID).
stop_spiderfoot_web Execute

Terminates a background SpiderFoot web server process.
stop_sqlmap_os_shell Execute

Terminates a background sqlmap os-shell process.
stop_ssh_tunnel Execute

Terminates a background SSH tunnel or process.
stop_sshuttle Execute

Terminate a background sshuttle process.
stop_ssrfmap_handler Execute

Terminate a background ssrfmap handler process.
stop_sstimap_interactive Execute

Terminates a background sstimap session using its PID.
stop_tcpdump_capture Execute

Terminates a background tcpdump capture session using its Process ID (PID).
stop_trivy_server Execute

Terminate a background Trivy server process.
stop_weevely_session Execute

Terminates a background Weevely session.
stop_wget_process Execute

Terminates a background wget process using its PID.
stop_wireless_listener Execute

Terminates a background wireless process using its PID.
stop_wp_shell Execute

Terminates a background wp shell process by PID.
stop_xfreerdp Execute

Terminates a running XFreeRDP session by its Process ID (PID).
stop_xsser_gui Execute

Terminates a background XSSer GUI process using its PID.
monitor_fping Execute

Starts a continuous, long-running fping monitor against a target host.
generate_weevely_agent Execute

generate_weevely_agent
manage_brew Execute

manage_brew
manage_dirb_dictionaries Execute

manage_dirb_dictionaries
manage_mounts Execute

manage_mounts
manage_sliver_daemon Execute

manage_sliver_daemon
manage_wpprobe Execute

manage_wpprobe
objection_patch Execute

objection_patch

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Pentester-MCP

Tools at high risk

Attacks that target this class

More on Pentester-MCP

Enforce policy on every Pentester-MCP tool call.