auto_pentest
Perform automated penetration testing to identify security vulnerabilities in networks, web applications, or full systems using configurable scope and intensity levels for authorized security assessments.
Instructions
Perform comprehensive automated penetration test
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| intensity | No | Testing intensity level | |
| scope | No | Scope of testing | |
| target | Yes | Target IP, domain, or URL |
Input Schema (JSON Schema)
{
"properties": {
"intensity": {
"description": "Testing intensity level",
"enum": [
"passive",
"active",
"aggressive"
],
"type": "string"
},
"scope": {
"description": "Scope of testing",
"enum": [
"network",
"web",
"full"
],
"type": "string"
},
"target": {
"description": "Target IP, domain, or URL",
"type": "string"
}
},
"required": [
"target"
],
"type": "object"
}
Implementation Reference
- src/engines/workflow.ts:59-122 (handler)Core handler function that implements the auto_pentest tool logic. Orchestrates pentest workflow phases: reconnaissance, scanning, exploitation, risk assessment, and returns structured results.async autoPentest(target: string, scope: 'network' | 'web' | 'full' = 'full', intensity: 'passive' | 'active' | 'aggressive' = 'active'): Promise<ScanResult> { try { const workflow: PentestWorkflow = this.initializeWorkflow(target, scope, intensity); console.error(`Starting automated pentest for ${target} (scope: ${scope}, intensity: ${intensity})`); // Execute phases sequentially for (let i = 0; i < workflow.phases.length; i++) { workflow.current_phase = i; const phase = workflow.phases[i]; console.error(`Executing phase: ${phase.name}`); phase.status = 'running'; phase.start_time = new Date().toISOString(); try { await this.executePhase(workflow, phase); phase.status = 'completed'; phase.end_time = new Date().toISOString(); // Analyze results and decide next steps await this.analyzePhaseResults(workflow, phase); } catch (error) { phase.status = 'failed'; console.error(`Phase ${phase.name} failed:`, error); // Decide whether to continue or abort based on failure if (this.shouldAbortOnFailure(phase, error)) { break; } } } // Calculate final risk score and recommendations this.calculateFinalRiskScore(workflow); this.generateFinalRecommendations(workflow); return { target, timestamp: new Date().toISOString(), tool: 'auto_pentest', results: { workflow, completed_phases: workflow.phases.filter(p => p.status === 'completed').length, total_phases: workflow.phases.length, final_risk_score: workflow.results.risk_score, threat_level: workflow.results.threat_level }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'auto_pentest', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:204-223 (registration)Registers the auto_pentest tool in the MCP server with name, description, and input schema definition.name: "auto_pentest", description: "Perform comprehensive automated penetration test", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target IP, domain, or URL" }, scope: { type: "string", enum: ["network", "web", "full"], description: "Scope of testing" }, intensity: { type: "string", enum: ["passive", "active", "aggressive"], description: "Testing intensity level" } }, required: ["target"] } },
- src/index.ts:535-537 (registration)Dispatch handler in the tool call switch statement that invokes the workflowEngine.autoPentest method.case "auto_pentest": return respond(await this.workflowEngine.autoPentest(args.target, args.scope || "full", args.intensity || "active"));
- src/utils/validation.ts:298-302 (schema)Validates auto_pentest as an allowed tool name in the security validator.const allowedTools = [ 'nmap_scan', 'subdomain_enum', 'tech_detection', 'directory_bruteforce', 'nuclei_scan', 'nikto_scan', 'sqlmap_scan', 'metasploit_search', 'exploit_attempt', 'auto_pentest', 'suggest_next_steps', 'generate_report' ];