MCP Pentest

Instructions

Input Schema

Input Schema (JSON Schema)

Implementation Reference

• src/engines/adaptive-strategy.ts:71-141 (handler)

  The AdaptiveStrategyEngine class containing the core generateStrategy method, which implements the 'adaptive_strategy' tool logic. This method analyzes ports, technologies, and vulns to generate a comprehensive testing strategy including OS detection, service profiling, attack vectors, testing phases, priority targets, and risk assessment.
  export class AdaptiveStrategyEngine { async generateStrategy( ports: PortScanResult[], technologies: TechDetectionResult[], existingVulns?: VulnerabilityResult[], existingCVEs?: CVEResult[] ): Promise<ScanResult> { try { console.error('🧠 Generating adaptive penetration testing strategy...'); // Phase 1: OS Detection const osDetection = this.detectOperatingSystem(ports); console.error(` Detected OS: ${osDetection.os_family} (${osDetection.confidence}% confidence)`); // Phase 2: Service Profiling const serviceProfiles = this.profileServices(ports, osDetection); console.error(` Profiled ${serviceProfiles.length} services`); // Phase 3: Attack Vector Analysis const attackVectors = this.analyzeAttackVectors(ports, technologies, serviceProfiles, osDetection); console.error(` Identified ${attackVectors.length} attack vectors`); // Phase 4: Testing Phase Planning const testingPhases = this.planTestingPhases(attackVectors, serviceProfiles, technologies); console.error(` Planned ${testingPhases.length} testing phases`); // Phase 5: Priority Target Identification const priorityTargets = this.identifyPriorityTargets(serviceProfiles, technologies, existingVulns); console.error(` Identified ${priorityTargets.length} priority targets`); // Phase 6: Risk Assessment const riskAssessment = this.assessRisk(ports, technologies, attackVectors, existingVulns, existingCVEs); console.error(` Overall risk level: ${riskAssessment.overall_risk}`); const strategy: AdaptiveStrategy = { target: 'adaptive_strategy', os_detection: osDetection, service_profiles: serviceProfiles, technology_stack: technologies, attack_vectors: attackVectors, testing_phases: testingPhases, priority_targets: priorityTargets, risk_assessment: riskAssessment }; return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: { strategy, execution_plan: this.generateExecutionPlan(strategy), estimated_duration: this.calculateEstimatedDuration(testingPhases), resource_requirements: this.calculateResourceRequirements(testingPhases), success_metrics: this.defineSuccessMetrics(strategy) }, status: 'success' }; } catch (error) { return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
• src/index.ts:567-572 (registration)

  Dispatch handler in the main MCP server switch statement that routes 'adaptive_strategy' tool calls to the AdaptiveStrategyEngine.generateStrategy method.
  case "adaptive_strategy": return respond(await this.adaptiveStrategy.generateStrategy( args.ports, args.technologies, args.existing_vulns ));
• src/index.ts:341-364 (registration)

  MCP tool registration including name, description, and input schema definition for 'adaptive_strategy'.
  name: "adaptive_strategy", description: "Generate adaptive penetration testing strategy based on detected services and OS", inputSchema: { type: "object", properties: { ports: { type: "array", items: { type: "object" }, description: "Array of open ports and services" }, technologies: { type: "array", items: { type: "object" }, description: "Array of detected technologies" }, existing_vulns: { type: "array", items: { type: "object" }, description: "Array of existing vulnerabilities (optional)" } }, required: ["ports", "technologies"] } },
• src/engines/adaptive-strategy.ts:23-32 (schema)

  TypeScript interface defining the structure of the AdaptiveStrategy output object returned by the tool.
  export interface AdaptiveStrategy { target: string; os_detection: OSDetectionResult; service_profiles: ServiceProfile[]; technology_stack: TechDetectionResult[]; attack_vectors: AttackVector[]; testing_phases: TestingPhase[]; priority_targets: PriorityTarget[]; risk_assessment: RiskAssessment; }
• src/engines/adaptive-strategy.ts:143-256 (helper)

  Helper method for OS detection used within generateStrategy.
  private detectOperatingSystem(ports: PortScanResult[]): OSDetectionResult { const evidence: string[] = []; let osFamily: 'windows' | 'linux' | 'unix' | 'mac' | 'unknown' = 'unknown'; let confidence = 0; let osVersion: string | undefined; // Windows indicators const windowsPorts = [135, 139, 445, 3389, 5985, 5986]; // RPC, NetBIOS, SMB, RDP, WinRM const windowsServices = ['microsoft-ds', 'msrpc', 'rdp', 'winrm']; const windowsPortsFound = ports.filter(p => windowsPorts.includes(p.port)); const windowsServicesFound = ports.filter(p => windowsServices.some(ws => p.service.toLowerCase().includes(ws)) ); if (windowsPortsFound.length > 0 || windowsServicesFound.length > 0) { osFamily = 'windows'; confidence += windowsPortsFound.length * 20 + windowsServicesFound.length * 25; if (windowsPortsFound.some(p => p.port === 445)) { evidence.push('SMB service detected (port 445)'); } if (windowsPortsFound.some(p => p.port === 3389)) { evidence.push('RDP service detected (port 3389)'); } if (windowsPortsFound.some(p => p.port === 135)) { evidence.push('RPC endpoint mapper detected (port 135)'); } // Try to detect Windows version from service versions const smbService = ports.find(p => p.port === 445); if (smbService?.version) { if (smbService.version.includes('Windows Server 2019')) { osVersion = 'Windows Server 2019'; } else if (smbService.version.includes('Windows Server 2016')) { osVersion = 'Windows Server 2016'; } else if (smbService.version.includes('Windows 10')) { osVersion = 'Windows 10'; } else if (smbService.version.includes('Windows Server 2012')) { osVersion = 'Windows Server 2012'; } } } // Linux indicators const linuxPorts = [22, 80, 443, 25, 53, 110, 143, 993, 995]; // SSH, HTTP, SMTP, DNS, POP3, IMAP const linuxServices = ['openssh', 'apache', 'nginx', 'postfix', 'dovecot', 'bind']; const linuxPortsFound = ports.filter(p => linuxPorts.includes(p.port)); const linuxServicesFound = ports.filter(p => linuxServices.some(ls => p.service.toLowerCase().includes(ls) || p.version?.toLowerCase().includes(ls)) ); if (linuxServicesFound.length > 0) { if (osFamily === 'unknown' || confidence < 50) { osFamily = 'linux'; confidence = linuxServicesFound.length * 15 + linuxPortsFound.length * 5; evidence.push('Linux services detected'); // Try to detect specific distributions const sshService = ports.find(p => p.port === 22); if (sshService?.version) { if (sshService.version.includes('Ubuntu')) { osVersion = 'Ubuntu Linux'; evidence.push('Ubuntu SSH banner detected'); } else if (sshService.version.includes('Debian')) { osVersion = 'Debian Linux'; evidence.push('Debian SSH banner detected'); } else if (sshService.version.includes('CentOS') || sshService.version.includes('RHEL')) { osVersion = 'RedHat/CentOS Linux'; evidence.push('RedHat/CentOS SSH banner detected'); } } } } // macOS indicators const macServices = ['afp', 'apple-filing']; const macServicesFound = ports.filter(p => macServices.some(ms => p.service.toLowerCase().includes(ms)) ); if (macServicesFound.length > 0) { osFamily = 'mac'; confidence = macServicesFound.length * 30; evidence.push('Apple Filing Protocol detected'); } // Generic Unix indicators const unixPorts = [513, 514, 515]; // rsh, syslog, printer const unixPortsFound = ports.filter(p => unixPorts.includes(p.port)); if (unixPortsFound.length > 0 && osFamily === 'unknown') { osFamily = 'unix'; confidence = unixPortsFound.length * 20; evidence.push('Unix services detected'); } // Confidence normalization confidence = Math.min(confidence, 95); // Cap at 95% if (confidence < 30) { osFamily = 'unknown'; evidence.push('Insufficient evidence for OS detection'); } return { os_family: osFamily, os_version: osVersion, confidence, evidence }; }