index.tsā¢22.7 kB
#!/usr/bin/env node
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
import {
CallToolRequestSchema,
ListToolsRequestSchema,
Tool,
McpError,
ErrorCode,
} from '@modelcontextprotocol/sdk/types.js';
import { ReconTools } from './tools/recon.js';
import { VulnScanTools } from './tools/vulnscan.js';
import { ExploitTools } from './tools/exploit.js';
import { WorkflowEngine } from './engines/workflow.js';
import { ReportTools } from './tools/report.js';
import { CVEDiscoveryEngine } from './tools/cve-discovery.js';
import { ParameterExtractionEngine } from './tools/parameter-extraction.js';
import { FuzzingEngine } from './tools/fuzzing.js';
import { DirectoryScannerEngine } from './tools/directory-scanner.js';
import { ServiceSpecificTools } from './tools/service-specific.js';
import { BurpSuiteIntegration } from './tools/burpsuite-integration.js';
import { AdaptiveStrategyEngine } from './engines/adaptive-strategy.js';
class PentestMCPServer {
private server: Server;
private reconTools: ReconTools;
private vulnScanTools: VulnScanTools;
private exploitTools: ExploitTools;
private workflowEngine: WorkflowEngine;
private reportTools: ReportTools;
private cveDiscovery: CVEDiscoveryEngine;
private parameterExtraction: ParameterExtractionEngine;
private fuzzingEngine: FuzzingEngine;
private directoryScanner: DirectoryScannerEngine;
private serviceSpecificTools: ServiceSpecificTools;
private burpSuite: BurpSuiteIntegration;
private adaptiveStrategy: AdaptiveStrategyEngine;
constructor() {
this.server = new Server(
{
name: "mcp-pentest",
version: "1.0.0",
},
{
capabilities: {
tools: {},
},
}
);
this.reconTools = new ReconTools();
this.vulnScanTools = new VulnScanTools();
this.exploitTools = new ExploitTools();
this.workflowEngine = new WorkflowEngine();
this.reportTools = new ReportTools();
this.cveDiscovery = new CVEDiscoveryEngine();
this.parameterExtraction = new ParameterExtractionEngine();
this.fuzzingEngine = new FuzzingEngine();
this.directoryScanner = new DirectoryScannerEngine();
this.serviceSpecificTools = new ServiceSpecificTools();
this.burpSuite = new BurpSuiteIntegration();
this.adaptiveStrategy = new AdaptiveStrategyEngine();
this.setupHandlers();
}
private setupHandlers() {
// List available tools
this.server.setRequestHandler(ListToolsRequestSchema, async () => {
const tools: Tool[] = [
// Reconnaissance Tools
{
name: "nmap_scan",
description: "Perform comprehensive port scan using Nmap",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target IP or domain" },
scan_type: {
type: "string",
enum: ["quick", "full", "stealth", "aggressive"],
description: "Type of scan to perform"
}
},
required: ["target"]
}
},
{
name: "subdomain_enum",
description: "Enumerate subdomains of target domain using multiple methods",
inputSchema: {
type: "object",
properties: {
domain: { type: "string", description: "Target domain" },
wordlist: { type: "string", description: "Wordlist to use (optional)" },
use_subfinder: { type: "boolean", description: "Also use subfinder for enumeration" },
fuzz_tool: {
type: "string",
enum: ["ffuf", "wfuzz"],
description: "Use fuzzing tool for subdomain discovery (ffuf/wfuzz)"
}
},
required: ["domain"]
}
},
{
name: "tech_detection",
description: "Detect technologies used by target website",
inputSchema: {
type: "object",
properties: {
url: { type: "string", description: "Target URL" }
},
required: ["url"]
}
},
{
name: "directory_bruteforce",
description: "Bruteforce directories and files on web server",
inputSchema: {
type: "object",
properties: {
url: { type: "string", description: "Target URL" },
wordlist: { type: "string", description: "Wordlist to use" },
extensions: { type: "array", items: { type: "string" }, description: "File extensions to check" },
use_seclists: { type: "boolean", description: "Use SecLists common lists if no wordlist provided" }
},
required: ["url"]
}
},
// Vulnerability Scanning
{
name: "nuclei_scan",
description: "Run Nuclei vulnerability scanner",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL or IP" },
templates: { type: "array", items: { type: "string" }, description: "Specific templates to run" },
severity: { type: "string", enum: ["info", "low", "medium", "high", "critical"], description: "Minimum severity level" }
},
required: ["target"]
}
},
{
name: "nikto_scan",
description: "Run Nikto web vulnerability scanner",
inputSchema: {
type: "object",
properties: {
url: { type: "string", description: "Target URL" },
port: { type: "number", description: "Target port (default: 80/443)" }
},
required: ["url"]
}
},
{
name: "sqlmap_scan",
description: "Test for SQL injection vulnerabilities",
inputSchema: {
type: "object",
properties: {
url: { type: "string", description: "Target URL" },
data: { type: "string", description: "POST data (optional)" },
cookie: { type: "string", description: "Session cookie (optional)" }
},
required: ["url"]
}
},
// Exploitation
{
name: "metasploit_search",
description: "Search for Metasploit modules based on detected services",
inputSchema: {
type: "object",
properties: {
service: { type: "string", description: "Service name or version" },
platform: { type: "string", description: "Target platform" }
},
required: ["service"]
}
},
{
name: "exploit_attempt",
description: "Attempt exploitation using detected vulnerabilities",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target IP/URL" },
vulnerability: { type: "string", description: "Vulnerability identifier" },
payload: { type: "string", description: "Payload type" }
},
required: ["target", "vulnerability"]
}
},
// Workflow & Automation
{
name: "auto_pentest",
description: "Perform comprehensive automated penetration test",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target IP, domain, or URL" },
scope: {
type: "string",
enum: ["network", "web", "full"],
description: "Scope of testing"
},
intensity: {
type: "string",
enum: ["passive", "active", "aggressive"],
description: "Testing intensity level"
}
},
required: ["target"]
}
},
{
name: "suggest_next_steps",
description: "Analyze current findings and suggest next steps",
inputSchema: {
type: "object",
properties: {
scan_results: { type: "string", description: "Previous scan results in JSON format" }
},
required: ["scan_results"]
}
},
// Reporting
{
name: "generate_report",
description: "Generate comprehensive penetration test report",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target identifier" },
format: {
type: "string",
enum: ["html", "pdf", "json", "markdown"],
description: "Report format"
}
},
required: ["target"]
}
},
// Advanced Tools
{
name: "cve_discovery",
description: "Discover CVEs based on detected technologies and versions",
inputSchema: {
type: "object",
properties: {
technologies: {
type: "array",
items: { type: "object" },
description: "Array of detected technologies with versions"
}
},
required: ["technologies"]
}
},
{
name: "parameter_extraction",
description: "Extract parameters from web applications using Katana and manual methods",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL" },
depth: { type: "number", description: "Crawling depth (default: 2)" }
},
required: ["target"]
}
},
{
name: "fuzzing_parameters",
description: "Fuzz extracted parameters with various payloads using ffuf/wfuzz",
inputSchema: {
type: "object",
properties: {
parameters: {
type: "array",
items: { type: "object" },
description: "Array of extracted parameters to fuzz"
},
tool: {
type: "string",
enum: ["ffuf", "wfuzz"],
description: "Fuzzing tool to use"
}
},
required: ["parameters"]
}
},
{
name: "fuzzing_directories",
description: "Fuzz directories and files using ffuf/wfuzz",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target base URL" },
tool: {
type: "string",
enum: ["ffuf", "wfuzz"],
description: "Fuzzing tool to use"
},
extensions: {
type: "array",
items: { type: "string" },
description: "File extensions to test"
}
},
required: ["target"]
}
},
{
name: "directory_scan",
description: "Advanced directory scanning with dirb/dirsearch/gobuster/feroxbuster",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL" },
tool: {
type: "string",
enum: ["dirb", "dirsearch", "gobuster", "feroxbuster"],
description: "Directory scanning tool to use"
},
recursive: { type: "boolean", description: "Enable recursive scanning" }
},
required: ["target"]
}
},
{
name: "adaptive_strategy",
description: "Generate adaptive penetration testing strategy based on detected services and OS",
inputSchema: {
type: "object",
properties: {
ports: {
type: "array",
items: { type: "object" },
description: "Array of open ports and services"
},
technologies: {
type: "array",
items: { type: "object" },
description: "Array of detected technologies"
},
existing_vulns: {
type: "array",
items: { type: "object" },
description: "Array of existing vulnerabilities (optional)"
}
},
required: ["ports", "technologies"]
}
},
{
name: "test_active_directory",
description: "Comprehensive Active Directory penetration testing",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Domain Controller IP address" },
domain: { type: "string", description: "Domain name (optional)" }
},
required: ["target"]
}
},
{
name: "test_web_application",
description: "Technology-specific web application penetration testing",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target web application URL" },
technologies: {
type: "array",
items: { type: "string" },
description: "Detected technologies (e.g., ['WordPress', 'Apache', 'PHP'])"
}
},
required: ["target", "technologies"]
}
},
{
name: "test_smb_service",
description: "Comprehensive SMB/NetBIOS service testing",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target IP address" },
port: { type: "number", description: "SMB port (default: 445)" }
},
required: ["target"]
}
},
{
name: "burp_start",
description: "Start Burp Suite Professional with API enabled",
inputSchema: {
type: "object",
properties: {
jar_path: { type: "string", description: "Path to burpsuite_pro.jar (optional, auto-detected)" },
project_file: { type: "string", description: "Burp project file path (optional)" },
headless: { type: "boolean", description: "Run in headless mode (default: true)" },
memory: { type: "string", description: "Java memory allocation (default: 2g)" }
},
required: []
}
},
{
name: "burp_stop",
description: "Stop Burp Suite instance",
inputSchema: {
type: "object",
properties: {},
required: []
}
},
{
name: "burp_active_scan",
description: "Perform active vulnerability scan using Burp Suite",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL to scan" },
scope: {
type: "array",
items: { type: "string" },
description: "Additional URLs to include in scope (optional)"
}
},
required: ["target"]
}
},
{
name: "burp_proxy_scan",
description: "Perform passive scan through Burp Suite proxy",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL to proxy through" },
duration: { type: "number", description: "Scan duration in seconds (default: 300)" }
},
required: ["target"]
}
},
{
name: "burp_spider",
description: "Spider/crawl target using Burp Suite",
inputSchema: {
type: "object",
properties: {
target: { type: "string", description: "Target URL to spider" }
},
required: ["target"]
}
},
{
name: "burp_export",
description: "Export Burp Suite scan results",
inputSchema: {
type: "object",
properties: {
format: {
type: "string",
enum: ["xml", "html", "json"],
description: "Export format (default: xml)"
},
output_path: { type: "string", description: "Output file path (optional)" }
},
required: []
}
}
];
return { tools };
});
// Handle tool calls
this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
try {
const { name } = request.params;
const args = (request.params.arguments ?? {}) as any;
const respond = (data: unknown) => ({
content: [
{
type: 'text',
text: typeof data === 'string' ? data : JSON.stringify(data)
}
]
});
switch (name) {
// Reconnaissance tools
case "nmap_scan":
return respond(await this.reconTools.nmapScan(args.target, args.scan_type || "quick"));
case "subdomain_enum":
return respond(await this.reconTools.subdomainEnum(args.domain, args.wordlist, args.use_subfinder, args.fuzz_tool));
case "tech_detection":
return respond(await this.reconTools.techDetection(args.url));
case "directory_bruteforce":
return respond(await this.reconTools.directoryBruteforce(args.url, args.wordlist, args.extensions, args.use_seclists));
// Vulnerability scanning
case "nuclei_scan":
return respond(await this.vulnScanTools.nucleiScan(args.target, args.templates, args.severity));
case "nikto_scan":
return respond(await this.vulnScanTools.niktoScan(args.url, args.port));
case "sqlmap_scan":
return respond(await this.vulnScanTools.sqlmapScan(args.url, args.data, args.cookie));
// Exploitation
case "metasploit_search":
return respond(await this.exploitTools.metasploitSearch(args.service, args.platform));
case "exploit_attempt":
return respond(await this.exploitTools.exploitAttempt(args.target, args.vulnerability, args.payload));
// Workflow
case "auto_pentest":
return respond(await this.workflowEngine.autoPentest(args.target, args.scope || "full", args.intensity || "active"));
case "suggest_next_steps":
return respond(await this.workflowEngine.suggestNextSteps(args.scan_results));
// Reporting
case "generate_report":
return respond(await this.reportTools.generateReport(args.target, args.format || "html"));
// Advanced Tools
case "cve_discovery":
return respond(await this.cveDiscovery.discoverCVEs(args.technologies));
case "parameter_extraction":
return respond(await this.parameterExtraction.extractParameters(args.target, args.depth || 2));
case "fuzzing_parameters":
return respond(await this.fuzzingEngine.fuzzParameters(args.parameters, { tool: args.tool || 'ffuf' }));
case "fuzzing_directories":
return respond(await this.fuzzingEngine.fuzzDirectories(args.target, {
tool: args.tool || 'ffuf',
extensions: args.extensions
}));
case "directory_scan":
return respond(await this.directoryScanner.scanDirectories(args.target, {
tool: args.tool || 'dirsearch',
recursive: args.recursive
}));
case "adaptive_strategy":
return respond(await this.adaptiveStrategy.generateStrategy(
args.ports,
args.technologies,
args.existing_vulns
));
case "test_active_directory":
return respond(await this.serviceSpecificTools.testActiveDirectory(args.target, args.domain));
case "test_web_application":
return respond(await this.serviceSpecificTools.testWebApplication(args.target, args.technologies));
case "test_smb_service":
return respond(await this.serviceSpecificTools.testSMB(args.target, args.port || 445));
case "burp_start":
// Create new instance with custom config if provided
if (args.jar_path || args.project_file || args.headless !== undefined || args.memory) {
this.burpSuite = new BurpSuiteIntegration({
jar_path: args.jar_path,
project_file: args.project_file,
headless: args.headless,
memory: args.memory
});
}
return respond(await this.burpSuite.startBurpSuite());
case "burp_stop":
return respond(await this.burpSuite.stopBurpSuite());
case "burp_active_scan":
return respond(await this.burpSuite.activeScan(args.target, args.scope));
case "burp_proxy_scan":
return respond(await this.burpSuite.proxyScan(args.target, args.duration || 300));
case "burp_spider":
return respond(await this.burpSuite.spiderTarget(args.target));
case "burp_export":
return respond(await this.burpSuite.exportResults(args.format || 'xml', args.output_path));
default:
throw new McpError(ErrorCode.MethodNotFound, `Unknown tool: ${name}`);
}
} catch (error) {
throw new McpError(
ErrorCode.InternalError,
`Tool execution failed: ${error instanceof Error ? error.message : String(error)}`
);
}
});
}
async run() {
const transport = new StdioServerTransport();
await this.server.connect(transport);
console.error("MCP Pentest Server running on stdio");
}
}
const server = new PentestMCPServer();
server.run().catch(console.error);