Skip to main content
Glama

MCP Pentest

by adriyansyah-mf
GitHub
TypeScript
1
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
adaptive-strategy.tsā€¢33.3 kB
import { PortScanResult, TechDetectionResult } from '../tools/recon.js'; import { CVEResult } from '../tools/cve-discovery.js'; import { VulnerabilityResult } from '../tools/vulnscan.js'; import { ScanResult } from '../tools/recon.js'; export interface OSDetectionResult { os_family: 'windows' | 'linux' | 'unix' | 'mac' | 'unknown'; os_version?: string; confidence: number; evidence: string[]; } export interface ServiceProfile { service: string; version?: string; port: number; protocol: string; vulnerability_potential: 'low' | 'medium' | 'high' | 'critical'; recommended_tests: string[]; specific_cves: string[]; } export interface AdaptiveStrategy { target: string; os_detection: OSDetectionResult; service_profiles: ServiceProfile[]; technology_stack: TechDetectionResult[]; attack_vectors: AttackVector[]; testing_phases: TestingPhase[]; priority_targets: PriorityTarget[]; risk_assessment: RiskAssessment; } export interface AttackVector { vector_type: 'web' | 'network' | 'service' | 'application'; description: string; likelihood: 'low' | 'medium' | 'high' | 'critical'; impact: 'low' | 'medium' | 'high' | 'critical'; prerequisites: string[]; tools_required: string[]; testing_approach: string[]; } export interface TestingPhase { phase_name: string; description: string; tools: string[]; parameters: Record<string, any>; expected_duration: number; success_criteria: string[]; risk_level: 'low' | 'medium' | 'high'; } export interface PriorityTarget { target_type: 'service' | 'application' | 'endpoint' | 'file'; target_identifier: string; priority_score: number; justification: string; recommended_actions: string[]; } export interface RiskAssessment { overall_risk: 'low' | 'medium' | 'high' | 'critical'; risk_factors: string[]; attack_surface_score: number; vulnerability_score: number; exposure_score: number; business_impact: string; } export class AdaptiveStrategyEngine { async generateStrategy( ports: PortScanResult[], technologies: TechDetectionResult[], existingVulns?: VulnerabilityResult[], existingCVEs?: CVEResult[] ): Promise<ScanResult> { try { console.error('šŸ§  Generating adaptive penetration testing strategy...'); // Phase 1: OS Detection const osDetection = this.detectOperatingSystem(ports); console.error(` Detected OS: ${osDetection.os_family} (${osDetection.confidence}% confidence)`); // Phase 2: Service Profiling const serviceProfiles = this.profileServices(ports, osDetection); console.error(` Profiled ${serviceProfiles.length} services`); // Phase 3: Attack Vector Analysis const attackVectors = this.analyzeAttackVectors(ports, technologies, serviceProfiles, osDetection); console.error(` Identified ${attackVectors.length} attack vectors`); // Phase 4: Testing Phase Planning const testingPhases = this.planTestingPhases(attackVectors, serviceProfiles, technologies); console.error(` Planned ${testingPhases.length} testing phases`); // Phase 5: Priority Target Identification const priorityTargets = this.identifyPriorityTargets(serviceProfiles, technologies, existingVulns); console.error(` Identified ${priorityTargets.length} priority targets`); // Phase 6: Risk Assessment const riskAssessment = this.assessRisk(ports, technologies, attackVectors, existingVulns, existingCVEs); console.error(` Overall risk level: ${riskAssessment.overall_risk}`); const strategy: AdaptiveStrategy = { target: 'adaptive_strategy', os_detection: osDetection, service_profiles: serviceProfiles, technology_stack: technologies, attack_vectors: attackVectors, testing_phases: testingPhases, priority_targets: priorityTargets, risk_assessment: riskAssessment }; return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: { strategy, execution_plan: this.generateExecutionPlan(strategy), estimated_duration: this.calculateEstimatedDuration(testingPhases), resource_requirements: this.calculateResourceRequirements(testingPhases), success_metrics: this.defineSuccessMetrics(strategy) }, status: 'success' }; } catch (error) { return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } } private detectOperatingSystem(ports: PortScanResult[]): OSDetectionResult { const evidence: string[] = []; let osFamily: 'windows' | 'linux' | 'unix' | 'mac' | 'unknown' = 'unknown'; let confidence = 0; let osVersion: string | undefined; // Windows indicators const windowsPorts = [135, 139, 445, 3389, 5985, 5986]; // RPC, NetBIOS, SMB, RDP, WinRM const windowsServices = ['microsoft-ds', 'msrpc', 'rdp', 'winrm']; const windowsPortsFound = ports.filter(p => windowsPorts.includes(p.port)); const windowsServicesFound = ports.filter(p => windowsServices.some(ws => p.service.toLowerCase().includes(ws)) ); if (windowsPortsFound.length > 0 || windowsServicesFound.length > 0) { osFamily = 'windows'; confidence += windowsPortsFound.length * 20 + windowsServicesFound.length * 25; if (windowsPortsFound.some(p => p.port === 445)) { evidence.push('SMB service detected (port 445)'); } if (windowsPortsFound.some(p => p.port === 3389)) { evidence.push('RDP service detected (port 3389)'); } if (windowsPortsFound.some(p => p.port === 135)) { evidence.push('RPC endpoint mapper detected (port 135)'); } // Try to detect Windows version from service versions const smbService = ports.find(p => p.port === 445); if (smbService?.version) { if (smbService.version.includes('Windows Server 2019')) { osVersion = 'Windows Server 2019'; } else if (smbService.version.includes('Windows Server 2016')) { osVersion = 'Windows Server 2016'; } else if (smbService.version.includes('Windows 10')) { osVersion = 'Windows 10'; } else if (smbService.version.includes('Windows Server 2012')) { osVersion = 'Windows Server 2012'; } } } // Linux indicators const linuxPorts = [22, 80, 443, 25, 53, 110, 143, 993, 995]; // SSH, HTTP, SMTP, DNS, POP3, IMAP const linuxServices = ['openssh', 'apache', 'nginx', 'postfix', 'dovecot', 'bind']; const linuxPortsFound = ports.filter(p => linuxPorts.includes(p.port)); const linuxServicesFound = ports.filter(p => linuxServices.some(ls => p.service.toLowerCase().includes(ls) || p.version?.toLowerCase().includes(ls)) ); if (linuxServicesFound.length > 0) { if (osFamily === 'unknown' || confidence < 50) { osFamily = 'linux'; confidence = linuxServicesFound.length * 15 + linuxPortsFound.length * 5; evidence.push('Linux services detected'); // Try to detect specific distributions const sshService = ports.find(p => p.port === 22); if (sshService?.version) { if (sshService.version.includes('Ubuntu')) { osVersion = 'Ubuntu Linux'; evidence.push('Ubuntu SSH banner detected'); } else if (sshService.version.includes('Debian')) { osVersion = 'Debian Linux'; evidence.push('Debian SSH banner detected'); } else if (sshService.version.includes('CentOS') || sshService.version.includes('RHEL')) { osVersion = 'RedHat/CentOS Linux'; evidence.push('RedHat/CentOS SSH banner detected'); } } } } // macOS indicators const macServices = ['afp', 'apple-filing']; const macServicesFound = ports.filter(p => macServices.some(ms => p.service.toLowerCase().includes(ms)) ); if (macServicesFound.length > 0) { osFamily = 'mac'; confidence = macServicesFound.length * 30; evidence.push('Apple Filing Protocol detected'); } // Generic Unix indicators const unixPorts = [513, 514, 515]; // rsh, syslog, printer const unixPortsFound = ports.filter(p => unixPorts.includes(p.port)); if (unixPortsFound.length > 0 && osFamily === 'unknown') { osFamily = 'unix'; confidence = unixPortsFound.length * 20; evidence.push('Unix services detected'); } // Confidence normalization confidence = Math.min(confidence, 95); // Cap at 95% if (confidence < 30) { osFamily = 'unknown'; evidence.push('Insufficient evidence for OS detection'); } return { os_family: osFamily, os_version: osVersion, confidence, evidence }; } private profileServices(ports: PortScanResult[], osDetection: OSDetectionResult): ServiceProfile[] { const profiles: ServiceProfile[] = []; for (const port of ports) { const profile: ServiceProfile = { service: port.service, version: port.version, port: port.port, protocol: port.protocol, vulnerability_potential: this.assessServiceVulnerability(port, osDetection), recommended_tests: this.getRecommendedTests(port, osDetection), specific_cves: this.getKnownCVEs(port) }; profiles.push(profile); } return profiles.sort((a, b) => { const priorityOrder = { critical: 4, high: 3, medium: 2, low: 1 }; return priorityOrder[b.vulnerability_potential] - priorityOrder[a.vulnerability_potential]; }); } private assessServiceVulnerability(port: PortScanResult, osDetection: OSDetectionResult): 'low' | 'medium' | 'high' | 'critical' { const service = port.service.toLowerCase(); const version = port.version?.toLowerCase() || ''; // Critical vulnerability indicators if (service.includes('smb') && osDetection.os_family === 'windows') { if (version.includes('windows server 2008') || version.includes('windows 7')) { return 'critical'; // EternalBlue vulnerable } return 'high'; // SMB generally high risk } if (service.includes('ftp') && version.includes('vsftpd 2.3.4')) { return 'critical'; // Known backdoor } if (service.includes('ssh') && version.includes('openssh')) { const versionMatch = version.match(/openssh[_\s]*([\d.]+)/); if (versionMatch) { const sshVersion = parseFloat(versionMatch[1]); if (sshVersion < 7.0) { return 'high'; // Older SSH versions } } } if (service.includes('apache') && version) { const versionMatch = version.match(/apache[/\s]*([\d.]+)/); if (versionMatch) { const apacheVersion = parseFloat(versionMatch[1]); if (apacheVersion < 2.4) { return 'high'; // Older Apache versions } } } if (service.includes('mysql') && version) { const versionMatch = version.match(/mysql[/\s]*([\d.]+)/); if (versionMatch) { const mysqlVersion = parseFloat(versionMatch[1]); if (mysqlVersion < 5.7) { return 'high'; // Older MySQL versions } } } // High risk services const highRiskServices = ['telnet', 'rsh', 'rlogin', 'vnc', 'x11']; if (highRiskServices.some(hrs => service.includes(hrs))) { return 'high'; } // Medium risk services const mediumRiskServices = ['http', 'https', 'ftp', 'smtp', 'pop3', 'imap']; if (mediumRiskServices.some(mrs => service.includes(mrs))) { return 'medium'; } // Everything else is low risk by default return 'low'; } private getRecommendedTests(port: PortScanResult, osDetection: OSDetectionResult): string[] { const tests: string[] = []; const service = port.service.toLowerCase(); // Service-specific tests switch (true) { case service.includes('smb'): tests.push('smb_enumeration', 'smb_null_session', 'smb_share_enumeration'); if (osDetection.os_family === 'windows') { tests.push('ms17_010_eternalblue', 'ms08_067_netapi'); } break; case service.includes('ssh'): tests.push('ssh_auth_methods', 'ssh_key_exchange', 'ssh_bruteforce'); break; case service.includes('ftp'): tests.push('ftp_anonymous_access', 'ftp_bounce_attack', 'ftp_bruteforce'); break; case service.includes('http') || service.includes('https'): tests.push('web_directory_enumeration', 'web_vulnerability_scan', 'ssl_certificate_check'); break; case service.includes('smtp'): tests.push('smtp_enumeration', 'smtp_relay_test', 'smtp_auth_bypass'); break; case service.includes('mysql'): tests.push('mysql_default_credentials', 'mysql_privilege_escalation', 'mysql_injection_test'); break; case service.includes('rdp'): tests.push('rdp_bluekeep_check', 'rdp_nla_bypass', 'rdp_bruteforce'); break; case service.includes('dns'): tests.push('dns_zone_transfer', 'dns_enumeration', 'dns_cache_poisoning'); break; default: tests.push('generic_banner_grab', 'generic_vulnerability_check'); } return tests; } private getKnownCVEs(port: PortScanResult): string[] { const cves: string[] = []; const service = port.service.toLowerCase(); const version = port.version?.toLowerCase() || ''; // Known CVEs for specific services and versions if (service.includes('smb')) { cves.push('CVE-2017-0144'); // EternalBlue cves.push('CVE-2008-4250'); // MS08-067 cves.push('CVE-2017-0145'); // EternalRomance } if (service.includes('ssh') && version.includes('openssh')) { if (version.includes('7.4')) { cves.push('CVE-2018-15473'); // SSH user enumeration } } if (service.includes('apache')) { cves.push('CVE-2021-44228'); // Log4j (if Log4j is used) if (version.includes('2.4.49')) { cves.push('CVE-2021-41773'); // Path traversal } } if (service.includes('mysql')) { cves.push('CVE-2016-6662'); // MySQL privilege escalation cves.push('CVE-2017-3599'); // MySQL vulnerability } if (service.includes('rdp')) { cves.push('CVE-2019-0708'); // BlueKeep cves.push('CVE-2019-1181'); // RDP vulnerability } return cves; } private analyzeAttackVectors( ports: PortScanResult[], technologies: TechDetectionResult[], serviceProfiles: ServiceProfile[], osDetection: OSDetectionResult ): AttackVector[] { const vectors: AttackVector[] = []; // Network-based attack vectors if (serviceProfiles.some(s => s.vulnerability_potential === 'critical' || s.vulnerability_potential === 'high')) { vectors.push({ vector_type: 'network', description: 'Network service exploitation', likelihood: 'high', impact: 'high', prerequisites: ['Network access to target services'], tools_required: ['nmap', 'metasploit', 'exploit-db'], testing_approach: [ 'Service enumeration and version detection', 'Known vulnerability exploitation', 'Credential brute-forcing', 'Protocol-specific attacks' ] }); } // Web application attack vectors const webServices = serviceProfiles.filter(s => s.service.includes('http') || s.port === 80 || s.port === 443 || s.port === 8080 ); if (webServices.length > 0) { vectors.push({ vector_type: 'web', description: 'Web application security testing', likelihood: 'high', impact: 'medium', prerequisites: ['HTTP access to web application'], tools_required: ['burp', 'owasp-zap', 'nikto', 'dirb', 'sqlmap'], testing_approach: [ 'Directory and file enumeration', 'Parameter discovery and fuzzing', 'OWASP Top 10 vulnerability testing', 'Authentication and session management testing' ] }); } // Windows-specific attack vectors if (osDetection.os_family === 'windows') { vectors.push({ vector_type: 'service', description: 'Windows-specific service exploitation', likelihood: 'medium', impact: 'critical', prerequisites: ['Windows services accessible', 'Valid credentials or exploits'], tools_required: ['crackmapexec', 'impacket', 'powershell-empire'], testing_approach: [ 'SMB enumeration and exploitation', 'Active Directory enumeration', 'Kerberos attacks', 'LDAP enumeration', 'Windows credential attacks' ] }); } // Database attack vectors const dbServices = serviceProfiles.filter(s => s.service.includes('mysql') || s.service.includes('postgres') || s.service.includes('mssql') || s.service.includes('oracle') ); if (dbServices.length > 0) { vectors.push({ vector_type: 'service', description: 'Database security assessment', likelihood: 'medium', impact: 'high', prerequisites: ['Database access', 'Network connectivity'], tools_required: ['sqlmap', 'metasploit', 'nmap-scripts'], testing_approach: [ 'Default credential testing', 'Privilege escalation testing', 'SQL injection assessment', 'Database configuration review' ] }); } // Application-specific vectors based on technology stack for (const tech of technologies) { if (tech.technology.toLowerCase().includes('wordpress')) { vectors.push({ vector_type: 'application', description: 'WordPress-specific security testing', likelihood: 'high', impact: 'medium', prerequisites: ['WordPress installation identified'], tools_required: ['wpscan', 'wp-cli', 'metasploit'], testing_approach: [ 'WordPress version and plugin enumeration', 'Known WordPress vulnerability exploitation', 'Admin interface brute-forcing', 'File upload vulnerability testing' ] }); } } return vectors; } private planTestingPhases( attackVectors: AttackVector[], serviceProfiles: ServiceProfile[], technologies: TechDetectionResult[] ): TestingPhase[] { const phases: TestingPhase[] = []; // Phase 1: Initial reconnaissance and enumeration phases.push({ phase_name: 'Initial Enumeration', description: 'Comprehensive service and application enumeration', tools: ['nmap', 'masscan', 'dns-enum'], parameters: { intensity: 'comprehensive', timeout: 300, scan_type: 'version_detection' }, expected_duration: 30, success_criteria: [ 'All services identified and versioned', 'Operating system detected', 'Service banners collected' ], risk_level: 'low' }); // Phase 2: Vulnerability assessment phases.push({ phase_name: 'Vulnerability Assessment', description: 'Automated vulnerability scanning and CVE correlation', tools: ['nuclei', 'nessus', 'openvas'], parameters: { templates: ['cves', 'vulnerabilities', 'misconfigurations'], severity: 'medium', concurrent_requests: 50 }, expected_duration: 60, success_criteria: [ 'All services scanned for known vulnerabilities', 'CVE database correlation completed', 'Risk assessment generated' ], risk_level: 'low' }); // Phase 3: Web application testing (if applicable) const hasWebServices = serviceProfiles.some(s => s.service.includes('http') || s.port === 80 || s.port === 443 ); if (hasWebServices) { phases.push({ phase_name: 'Web Application Testing', description: 'Comprehensive web application security assessment', tools: ['burp', 'owasp-zap', 'dirb', 'sqlmap', 'nikto'], parameters: { depth: 3, authentication: 'none', scan_intensity: 'active' }, expected_duration: 120, success_criteria: [ 'Directory enumeration completed', 'Parameter discovery finished', 'OWASP Top 10 testing completed', 'Authentication mechanisms tested' ], risk_level: 'medium' }); } // Phase 4: Service-specific exploitation const criticalServices = serviceProfiles.filter(s => s.vulnerability_potential === 'critical' || s.vulnerability_potential === 'high' ); if (criticalServices.length > 0) { phases.push({ phase_name: 'Service Exploitation', description: 'Targeted exploitation of high-risk services', tools: ['metasploit', 'exploit-db', 'custom-exploits'], parameters: { target_services: criticalServices.map(s => s.service), exploitation_approach: 'controlled', verification_required: true }, expected_duration: 90, success_criteria: [ 'All critical services tested', 'Successful exploits documented', 'Proof of concept generated' ], risk_level: 'high' }); } // Phase 5: Post-exploitation and privilege escalation phases.push({ phase_name: 'Post-Exploitation', description: 'Privilege escalation and lateral movement testing', tools: ['linpeas', 'winpeas', 'bloodhound', 'crackmapexec'], parameters: { scope: 'local_privilege_escalation', enumeration_depth: 'comprehensive' }, expected_duration: 60, success_criteria: [ 'Local privilege escalation attempted', 'System configuration reviewed', 'Sensitive data discovery completed' ], risk_level: 'medium' }); return phases; } private identifyPriorityTargets( serviceProfiles: ServiceProfile[], technologies: TechDetectionResult[], existingVulns?: VulnerabilityResult[] ): PriorityTarget[] { const targets: PriorityTarget[] = []; // High-priority services for (const service of serviceProfiles) { let priorityScore = 0; let justification = ''; // Score based on vulnerability potential switch (service.vulnerability_potential) { case 'critical': priorityScore += 40; justification += 'Critical vulnerability potential; '; break; case 'high': priorityScore += 30; justification += 'High vulnerability potential; '; break; case 'medium': priorityScore += 20; justification += 'Medium vulnerability potential; '; break; case 'low': priorityScore += 10; justification += 'Low vulnerability potential; '; break; } // Score based on service type if (service.service.includes('smb') || service.service.includes('rdp')) { priorityScore += 25; justification += 'High-value Windows service; '; } else if (service.service.includes('ssh')) { priorityScore += 20; justification += 'Administrative access service; '; } else if (service.service.includes('http')) { priorityScore += 15; justification += 'Web application exposure; '; } // Score based on known CVEs if (service.specific_cves.length > 0) { priorityScore += service.specific_cves.length * 5; justification += `${service.specific_cves.length} known CVEs; `; } if (priorityScore > 25) { // Only include medium+ priority targets targets.push({ target_type: 'service', target_identifier: `${service.service}:${service.port}`, priority_score: priorityScore, justification: justification.trim(), recommended_actions: service.recommended_tests }); } } // Technology-specific targets for (const tech of technologies) { let priorityScore = 20; // Base score for detected technology let justification = `${tech.technology} technology detected`; if (tech.confidence > 90) { priorityScore += 10; justification += ' with high confidence'; } if (tech.version) { priorityScore += 5; justification += ` (version ${tech.version})`; } // Known vulnerable technologies if (tech.technology.toLowerCase().includes('wordpress')) { priorityScore += 15; justification += '; WordPress commonly targeted'; } else if (tech.technology.toLowerCase().includes('apache')) { priorityScore += 10; justification += '; Web server technology'; } targets.push({ target_type: 'application', target_identifier: tech.technology, priority_score: priorityScore, justification, recommended_actions: this.getTechnologySpecificTests(tech.technology) }); } // Sort by priority score return targets.sort((a, b) => b.priority_score - a.priority_score).slice(0, 10); } private assessRisk( ports: PortScanResult[], technologies: TechDetectionResult[], attackVectors: AttackVector[], existingVulns?: VulnerabilityResult[], existingCVEs?: CVEResult[] ): RiskAssessment { let attackSurfaceScore = 0; let vulnerabilityScore = 0; let exposureScore = 0; const riskFactors: string[] = []; // Attack surface scoring attackSurfaceScore = ports.length * 2; // Base score from open ports const criticalPorts = [21, 22, 23, 25, 53, 80, 135, 139, 443, 445, 3389]; const criticalPortsOpen = ports.filter(p => criticalPorts.includes(p.port)); attackSurfaceScore += criticalPortsOpen.length * 5; if (criticalPortsOpen.length > 5) { riskFactors.push('Large attack surface with multiple critical services'); } // Vulnerability scoring if (existingVulns) { const criticalVulns = existingVulns.filter(v => v.severity === 'critical'); const highVulns = existingVulns.filter(v => v.severity === 'high'); vulnerabilityScore = criticalVulns.length * 20 + highVulns.length * 10; if (criticalVulns.length > 0) { riskFactors.push(`${criticalVulns.length} critical vulnerabilities identified`); } } if (existingCVEs) { const criticalCVEs = existingCVEs.filter(c => c.severity === 'critical'); const exploitableCVEs = existingCVEs.filter(c => c.exploit_available); vulnerabilityScore += criticalCVEs.length * 15 + exploitableCVEs.length * 10; if (exploitableCVEs.length > 0) { riskFactors.push(`${exploitableCVEs.length} CVEs with public exploits`); } } // Exposure scoring const webServices = ports.filter(p => p.port === 80 || p.port === 443 || p.port === 8080); if (webServices.length > 0) { exposureScore += 20; riskFactors.push('Web services exposed to internet'); } const adminServices = ports.filter(p => p.port === 22 || p.port === 3389 || p.port === 445); if (adminServices.length > 0) { exposureScore += 25; riskFactors.push('Administrative services exposed'); } // High-risk attack vectors const highRiskVectors = attackVectors.filter(v => v.likelihood === 'high' && v.impact === 'high'); if (highRiskVectors.length > 0) { exposureScore += highRiskVectors.length * 15; riskFactors.push(`${highRiskVectors.length} high-risk attack vectors identified`); } // Calculate overall risk const totalScore = attackSurfaceScore + vulnerabilityScore + exposureScore; let overallRisk: 'low' | 'medium' | 'high' | 'critical'; if (totalScore >= 100) { overallRisk = 'critical'; } else if (totalScore >= 70) { overallRisk = 'high'; } else if (totalScore >= 40) { overallRisk = 'medium'; } else { overallRisk = 'low'; } // Business impact assessment let businessImpact = 'Low business impact expected'; if (overallRisk === 'critical') { businessImpact = 'Critical business impact - immediate attention required'; } else if (overallRisk === 'high') { businessImpact = 'High business impact - security controls needed urgently'; } else if (overallRisk === 'medium') { businessImpact = 'Moderate business impact - security improvements recommended'; } return { overall_risk: overallRisk, risk_factors: riskFactors, attack_surface_score: attackSurfaceScore, vulnerability_score: vulnerabilityScore, exposure_score: exposureScore, business_impact: businessImpact }; } private getTechnologySpecificTests(technology: string): string[] { const techLower = technology.toLowerCase(); if (techLower.includes('wordpress')) { return ['wpscan', 'wordpress_version_check', 'plugin_enumeration', 'theme_enumeration']; } else if (techLower.includes('apache')) { return ['apache_version_check', 'server_status_check', 'httpd_config_check']; } else if (techLower.includes('nginx')) { return ['nginx_version_check', 'nginx_config_check', 'server_status_check']; } else if (techLower.includes('php')) { return ['php_version_check', 'phpinfo_check', 'php_config_check']; } else if (techLower.includes('mysql')) { return ['mysql_version_check', 'mysql_default_creds', 'mysql_config_check']; } return ['generic_technology_check', 'version_verification']; } private generateExecutionPlan(strategy: AdaptiveStrategy): any { return { total_phases: strategy.testing_phases.length, recommended_order: strategy.testing_phases.map(p => p.phase_name), parallel_execution_possible: this.identifyParallelPhases(strategy.testing_phases), resource_allocation: this.calculateResourceAllocation(strategy.testing_phases), risk_mitigation: this.generateRiskMitigation(strategy) }; } private calculateEstimatedDuration(phases: TestingPhase[]): number { return phases.reduce((total, phase) => total + phase.expected_duration, 0); } private calculateResourceRequirements(phases: TestingPhase[]): any { const allTools = new Set<string>(); phases.forEach(phase => phase.tools.forEach(tool => allTools.add(tool))); return { required_tools: Array.from(allTools), estimated_cpu_usage: 'High during active scanning phases', estimated_memory_usage: 'Medium to High', network_bandwidth: 'Medium to High during enumeration', storage_requirements: 'Low to Medium for logs and results' }; } private defineSuccessMetrics(strategy: AdaptiveStrategy): string[] { const metrics = [ 'All identified services tested for vulnerabilities', 'Attack surface fully mapped and assessed', 'Security posture baseline established' ]; if (strategy.priority_targets.length > 0) { metrics.push(`All ${strategy.priority_targets.length} priority targets assessed`); } if (strategy.risk_assessment.overall_risk === 'high' || strategy.risk_assessment.overall_risk === 'critical') { metrics.push('Critical security issues identified and documented'); } return metrics; } private identifyParallelPhases(phases: TestingPhase[]): string[] { // Phases that can run in parallel const parallelizable = phases.filter(p => p.risk_level === 'low').map(p => p.phase_name); return parallelizable; } private calculateResourceAllocation(phases: TestingPhase[]): any { return { reconnaissance: '30%', vulnerability_assessment: '25%', exploitation: '30%', post_exploitation: '15%' }; } private generateRiskMitigation(strategy: AdaptiveStrategy): string[] { const mitigations = [ 'Implement rate limiting to avoid service disruption', 'Use read-only testing methods when possible', 'Maintain detailed logs of all testing activities' ]; if (strategy.risk_assessment.overall_risk === 'high' || strategy.risk_assessment.overall_risk === 'critical') { mitigations.push('Coordinate with system administrators before testing'); mitigations.push('Have rollback procedures ready for critical systems'); } return mitigations; } }

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server