Skip to main content
Glama

MCP Pentest

by adriyansyah-mf
GitHub
TypeScript
1
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
report.tsā€¢21.7 kB
import { ScanResult } from './recon.js'; import { VulnerabilityResult } from './vulnscan.js'; import { ExploitResult } from '../tools/exploit.js'; import { PentestWorkflow } from '../engines/workflow.js'; export interface PentestReport { report_id: string; target: string; generated_at: string; scope: string; methodology: string; executive_summary: ExecutiveSummary; technical_findings: TechnicalFindings; vulnerability_details: VulnerabilityDetail[]; exploitation_summary: ExploitationSummary; recommendations: RecommendationSection; appendices: AppendixSection; } export interface ExecutiveSummary { assessment_overview: string; key_findings: string[]; risk_rating: 'Low' | 'Medium' | 'High' | 'Critical'; business_impact: string; remediation_priority: string[]; } export interface TechnicalFindings { methodology_used: string[]; scope_coverage: string; tools_utilized: string[]; timeline: string; limitations: string[]; } export interface VulnerabilityDetail { id: string; title: string; severity: string; cvss_score?: number; description: string; impact: string; affected_systems: string[]; evidence: string[]; proof_of_concept: string; remediation: string; references: string[]; } export interface ExploitationSummary { successful_exploits: number; attempted_exploits: number; compromise_level: 'None' | 'Limited' | 'Significant' | 'Complete'; access_gained: string[]; data_accessed: string[]; } export interface RecommendationSection { immediate_actions: string[]; short_term_goals: string[]; long_term_strategy: string[]; security_controls: string[]; } export interface AppendixSection { raw_scan_outputs: any[]; port_scan_results: any[]; vulnerability_scan_details: any[]; exploitation_logs: any[]; } export class ReportTools { async generateReport(target: string, format: 'html' | 'pdf' | 'json' | 'markdown' = 'html'): Promise<ScanResult> { try { // This would typically load results from a database or file system // For now, we'll create a sample report structure const report = await this.compileReport(target); let formattedReport: string; switch (format) { case 'html': formattedReport = this.generateHTMLReport(report); break; case 'markdown': formattedReport = this.generateMarkdownReport(report); break; case 'json': formattedReport = JSON.stringify(report, null, 2); break; case 'pdf': formattedReport = 'PDF generation requires additional dependencies'; break; default: formattedReport = this.generateMarkdownReport(report); } // Save report to file const filename = `pentest_report_${target.replace(/[^a-zA-Z0-9]/g, '_')}_${new Date().toISOString().split('T')[0]}.${format}`; return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: { report_content: formattedReport, filename, format, report_summary: { total_vulnerabilities: report.vulnerability_details.length, successful_exploits: report.exploitation_summary.successful_exploits, risk_rating: report.executive_summary.risk_rating } }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } } async generateExecutiveSummary(workflow: PentestWorkflow): Promise<ExecutiveSummary> { const vulnCount = workflow.results.vulnerabilities.length; const exploitCount = workflow.results.exploits.length; const riskScore = workflow.results.risk_score; const keyFindings = [ `${vulnCount} vulnerabilities identified across ${workflow.phases.length} assessment phases`, `${workflow.results.reconnaissance.open_ports.length} network services exposed`, `${exploitCount} successful exploitation attempts`, `Risk score: ${riskScore}/100` ]; let riskRating: 'Low' | 'Medium' | 'High' | 'Critical'; if (riskScore >= 80) riskRating = 'Critical'; else if (riskScore >= 60) riskRating = 'High'; else if (riskScore >= 30) riskRating = 'Medium'; else riskRating = 'Low'; const businessImpact = this.generateBusinessImpact(workflow); const remediationPriority = this.generateRemediationPriority(workflow); return { assessment_overview: `Comprehensive security assessment conducted against ${workflow.target} using automated penetration testing methodology.`, key_findings: keyFindings, risk_rating: riskRating, business_impact: businessImpact, remediation_priority: remediationPriority }; } private async compileReport(target: string): Promise<PentestReport> { // In a real implementation, this would gather all scan results from storage // For now, we'll create a template report const reportId = `PENTEST_${Date.now()}`; return { report_id: reportId, target, generated_at: new Date().toISOString(), scope: 'Full scope penetration test', methodology: 'OWASP Testing Guide v4.0, NIST SP 800-115', executive_summary: { assessment_overview: `Security assessment performed against ${target}`, key_findings: ['Sample findings would be populated from actual scan results'], risk_rating: 'Medium', business_impact: 'Moderate risk to business operations', remediation_priority: ['Update software versions', 'Implement security headers', 'Configure access controls'] }, technical_findings: { methodology_used: ['Automated reconnaissance', 'Vulnerability scanning', 'Controlled exploitation'], scope_coverage: 'Network services, web applications, and infrastructure components', tools_utilized: ['Nmap', 'Nuclei', 'Nikto', 'Custom vulnerability checks'], timeline: 'Assessment conducted over automated timeframe', limitations: ['Limited to automated testing only', 'No manual verification performed'] }, vulnerability_details: [], exploitation_summary: { successful_exploits: 0, attempted_exploits: 0, compromise_level: 'None', access_gained: [], data_accessed: [] }, recommendations: { immediate_actions: ['Address critical vulnerabilities', 'Update vulnerable software'], short_term_goals: ['Implement security monitoring', 'Conduct security training'], long_term_strategy: ['Establish security baseline', 'Regular security assessments'], security_controls: ['Network segmentation', 'Access controls', 'Monitoring systems'] }, appendices: { raw_scan_outputs: [], port_scan_results: [], vulnerability_scan_details: [], exploitation_logs: [] } }; } private generateHTMLReport(report: PentestReport): string { return ` <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Penetration Test Report - ${report.target}</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; line-height: 1.6; margin: 0; padding: 20px; background-color: #f5f5f5; } .container { max-width: 1200px; margin: 0 auto; background: white; padding: 30px; border-radius: 10px; box-shadow: 0 0 20px rgba(0,0,0,0.1); } .header { text-align: center; border-bottom: 3px solid #007acc; padding-bottom: 20px; margin-bottom: 30px; } .header h1 { color: #007acc; margin: 0; font-size: 2.5em; } .metadata { display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr)); gap: 20px; margin-bottom: 30px; } .metadata-item { background: #f8f9fa; padding: 15px; border-radius: 8px; border-left: 4px solid #007acc; } .section { margin-bottom: 40px; } .section h2 { color: #007acc; border-bottom: 2px solid #eee; padding-bottom: 10px; } .risk-high { color: #dc3545; } .risk-medium { color: #fd7e14; } .risk-low { color: #28a745; } .risk-critical { color: #6f42c1; } .vuln-card { background: #f8f9fa; border: 1px solid #dee2e6; border-radius: 8px; padding: 20px; margin-bottom: 20px; } .vuln-header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 15px; } .severity-badge { padding: 5px 15px; border-radius: 20px; color: white; font-weight: bold; font-size: 0.8em; } .severity-critical { background-color: #6f42c1; } .severity-high { background-color: #dc3545; } .severity-medium { background-color: #fd7e14; } .severity-low { background-color: #28a745; } .findings-summary { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 20px; margin-bottom: 30px; } .finding-stat { text-align: center; background: #f8f9fa; padding: 20px; border-radius: 8px; border-top: 4px solid #007acc; } .finding-stat h3 { margin: 0; font-size: 2em; color: #007acc; } .recommendations ul { list-style-type: none; padding: 0; } .recommendations li { background: #e7f3ff; margin: 10px 0; padding: 15px; border-left: 4px solid #007acc; border-radius: 4px; } .footer { text-align: center; margin-top: 40px; padding-top: 20px; border-top: 1px solid #eee; color: #666; } </style> </head> <body> <div class="container"> <div class="header"> <h1>Penetration Test Report</h1> <p>Target: <strong>${report.target}</strong></p> </div> <div class="metadata"> <div class="metadata-item"> <h4>Report ID</h4> <p>${report.report_id}</p> </div> <div class="metadata-item"> <h4>Generated</h4> <p>${new Date(report.generated_at).toLocaleString()}</p> </div> <div class="metadata-item"> <h4>Risk Rating</h4> <p class="risk-${report.executive_summary.risk_rating.toLowerCase()}">${report.executive_summary.risk_rating}</p> </div> <div class="metadata-item"> <h4>Methodology</h4> <p>${report.methodology}</p> </div> </div> <div class="section"> <h2>Executive Summary</h2> <div class="findings-summary"> <div class="finding-stat"> <h3>${report.vulnerability_details.length}</h3> <p>Vulnerabilities Found</p> </div> <div class="finding-stat"> <h3>${report.exploitation_summary.successful_exploits}</h3> <p>Successful Exploits</p> </div> <div class="finding-stat"> <h3>${report.executive_summary.risk_rating}</h3> <p>Overall Risk</p> </div> </div> <p>${report.executive_summary.assessment_overview}</p> <h3>Key Findings</h3> <ul> ${report.executive_summary.key_findings.map(finding => `<li>${finding}</li>`).join('')} </ul> <h3>Business Impact</h3> <p>${report.executive_summary.business_impact}</p> </div> <div class="section"> <h2>Technical Findings</h2> <p><strong>Scope:</strong> ${report.technical_findings.scope_coverage}</p> <p><strong>Timeline:</strong> ${report.technical_findings.timeline}</p> <h3>Tools Utilized</h3> <ul> ${report.technical_findings.tools_utilized.map(tool => `<li>${tool}</li>`).join('')} </ul> <h3>Methodology</h3> <ul> ${report.technical_findings.methodology_used.map(method => `<li>${method}</li>`).join('')} </ul> </div> <div class="section"> <h2>Vulnerability Details</h2> ${report.vulnerability_details.length === 0 ? '<p>No vulnerabilities were identified during the automated assessment.</p>' : report.vulnerability_details.map(vuln => ` <div class="vuln-card"> <div class="vuln-header"> <h3>${vuln.title}</h3> <span class="severity-badge severity-${vuln.severity.toLowerCase()}">${vuln.severity}</span> </div> <p><strong>Description:</strong> ${vuln.description}</p> <p><strong>Impact:</strong> ${vuln.impact}</p> <p><strong>Remediation:</strong> ${vuln.remediation}</p> </div> `).join('') } </div> <div class="section"> <h2>Exploitation Summary</h2> <p><strong>Compromise Level:</strong> ${report.exploitation_summary.compromise_level}</p> <p><strong>Successful Exploits:</strong> ${report.exploitation_summary.successful_exploits}</p> <p><strong>Attempted Exploits:</strong> ${report.exploitation_summary.attempted_exploits}</p> ${report.exploitation_summary.access_gained.length > 0 ? ` <h3>Access Gained</h3> <ul> ${report.exploitation_summary.access_gained.map(access => `<li>${access}</li>`).join('')} </ul> ` : ''} </div> <div class="section recommendations"> <h2>Recommendations</h2> <h3>Immediate Actions</h3> <ul> ${report.recommendations.immediate_actions.map(action => `<li>${action}</li>`).join('')} </ul> <h3>Short-term Goals</h3> <ul> ${report.recommendations.short_term_goals.map(goal => `<li>${goal}</li>`).join('')} </ul> <h3>Long-term Strategy</h3> <ul> ${report.recommendations.long_term_strategy.map(strategy => `<li>${strategy}</li>`).join('')} </ul> </div> <div class="footer"> <p>This report was generated automatically by MCP Pentest Framework</p> <p>Report generated on ${new Date().toLocaleString()}</p> </div> </div> </body> </html>`; } private generateMarkdownReport(report: PentestReport): string { return `# Penetration Test Report **Target:** ${report.target} **Report ID:** ${report.report_id} **Generated:** ${new Date(report.generated_at).toLocaleString()} **Risk Rating:** ${report.executive_summary.risk_rating} ## Executive Summary ${report.executive_summary.assessment_overview} ### Key Findings ${report.executive_summary.key_findings.map(finding => `- ${finding}`).join('\n')} ### Business Impact ${report.executive_summary.business_impact} ## Technical Findings **Scope:** ${report.technical_findings.scope_coverage} **Timeline:** ${report.technical_findings.timeline} **Methodology:** ${report.methodology} ### Tools Utilized ${report.technical_findings.tools_utilized.map(tool => `- ${tool}`).join('\n')} ### Assessment Methodology ${report.technical_findings.methodology_used.map(method => `- ${method}`).join('\n')} ## Vulnerability Details ${report.vulnerability_details.length === 0 ? 'No vulnerabilities were identified during the automated assessment.' : report.vulnerability_details.map(vuln => ` ### ${vuln.title} (${vuln.severity}) **Description:** ${vuln.description} **Impact:** ${vuln.impact} **Remediation:** ${vuln.remediation} ${vuln.references.length > 0 ? `**References:**\n${vuln.references.map(ref => `- ${ref}`).join('\n')}` : ''} --- `).join('') } ## Exploitation Summary - **Compromise Level:** ${report.exploitation_summary.compromise_level} - **Successful Exploits:** ${report.exploitation_summary.successful_exploits} - **Attempted Exploits:** ${report.exploitation_summary.attempted_exploits} ${report.exploitation_summary.access_gained.length > 0 ? ` ### Access Gained ${report.exploitation_summary.access_gained.map(access => `- ${access}`).join('\n')} ` : ''} ## Recommendations ### Immediate Actions ${report.recommendations.immediate_actions.map(action => `- ${action}`).join('\n')} ### Short-term Goals ${report.recommendations.short_term_goals.map(goal => `- ${goal}`).join('\n')} ### Long-term Strategy ${report.recommendations.long_term_strategy.map(strategy => `- ${strategy}`).join('\n')} ### Security Controls ${report.recommendations.security_controls.map(control => `- ${control}`).join('\n')} --- *This report was generated automatically by MCP Pentest Framework on ${new Date().toLocaleString()}*`; } private generateBusinessImpact(workflow: PentestWorkflow): string { const criticalVulns = workflow.results.vulnerabilities.filter(v => v.severity === 'critical').length; const successfulExploits = workflow.results.exploits.length; if (criticalVulns > 0 || successfulExploits > 0) { return 'High risk to business operations. Critical vulnerabilities or successful exploits could lead to data breaches, service disruption, or unauthorized access.'; } else if (workflow.results.vulnerabilities.filter(v => v.severity === 'high').length > 0) { return 'Moderate risk to business operations. High severity vulnerabilities could be exploited by attackers to gain unauthorized access.'; } else { return 'Low to moderate risk to business operations. Identified vulnerabilities should be addressed as part of regular security maintenance.'; } } private generateRemediationPriority(workflow: PentestWorkflow): string[] { const priorities: string[] = []; const criticalVulns = workflow.results.vulnerabilities.filter(v => v.severity === 'critical'); const highVulns = workflow.results.vulnerabilities.filter(v => v.severity === 'high'); const successfulExploits = workflow.results.exploits.filter(e => e.success); if (criticalVulns.length > 0) { priorities.push(`Address ${criticalVulns.length} critical vulnerabilities immediately`); } if (successfulExploits.length > 0) { priorities.push('Implement additional security controls due to successful exploitation'); } if (highVulns.length > 0) { priorities.push(`Remediate ${highVulns.length} high severity vulnerabilities within 30 days`); } const openPorts = workflow.results.reconnaissance.open_ports.length; if (openPorts > 10) { priorities.push('Reduce attack surface by closing unnecessary network services'); } if (priorities.length === 0) { priorities.push('Continue regular security monitoring and assessment'); } return priorities; } convertVulnerabilityToDetail(vuln: VulnerabilityResult): VulnerabilityDetail { return { id: vuln.id, title: vuln.name, severity: vuln.severity, cvss_score: vuln.cvss_score, description: vuln.description, impact: this.generateImpactDescription(vuln), affected_systems: vuln.affected_url ? [vuln.affected_url] : [], evidence: [vuln.description], proof_of_concept: vuln.solution || 'Manual verification required', remediation: vuln.solution || 'Implement appropriate security controls', references: vuln.references || [] }; } private generateImpactDescription(vuln: VulnerabilityResult): string { switch (vuln.severity) { case 'critical': return 'Critical impact: Could lead to complete system compromise, data breach, or service disruption.'; case 'high': return 'High impact: Could allow unauthorized access, data manipulation, or significant service degradation.'; case 'medium': return 'Medium impact: Could provide attackers with additional information or limited unauthorized access.'; case 'low': return 'Low impact: Represents a security weakness that should be addressed as part of defense in depth.'; case 'info': return 'Informational: Provides information that may be useful for attackers but does not directly compromise security.'; default: return 'Unknown impact level.'; } } }

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server