PentestThinking
PentestThinkingMCP: AI-Driven Multi-Stage Penetration Testing Framework
Part of the LIMA Research Project – Accepted at IEEE FMLDS 2025
Developed by Mohammad Ibrahim Saleem, Cybersecurity Researcher, University of Houston
PentestThinkingMCP is an AI-powered MCP (Model Context Protocol) server developed as part of the LIMA research project. This work was recently accepted as a full paper at IEEE FMLDS 2025. The server automates and optimizes penetration testing workflows by planning complex, multi-stage attack paths using advanced reasoning methods such as Beam Search and Monte Carlo Tree Search (MCTS) enabling efficient, adaptive, and intelligent exploitation in both real-world and CTF environments.
🚀 Core Features
AI-generated step-by-step attack recommendations
Context-aware tool suggestions aligned with vulnerabilities
Critical path analysis to maximize impact with minimal noise
Autonomous attack chain simulation with dynamic environment modeling
This framework helps red teamers, researchers, and ethical hackers adopt a strategic, AI-assisted offensive mindset, moving beyond traditional one-off exploits.
📢 Citation Request
If you use PentestThinkingMCP in your research, academic work, or projects, please cite our paper:
“LIMA: Leveraging Large Language Models and MCP Servers for Initial Machine Access” – IEEE FMLDS 2025.