auto_pentest
Perform automated penetration testing to identify security vulnerabilities through reconnaissance, scanning, and controlled exploitation for authorized security assessments.
Instructions
Perform comprehensive automated penetration test
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target IP, domain, or URL | |
| scope | No | Scope of testing | |
| intensity | No | Testing intensity level |
Implementation Reference
- src/engines/workflow.ts:59-122 (handler)The core handler function that implements the auto_pentest tool logic. It orchestrates a multi-phase penetration testing workflow: reconnaissance, vulnerability scanning, exploitation attempts, and generates risk assessment and recommendations.async autoPentest(target: string, scope: 'network' | 'web' | 'full' = 'full', intensity: 'passive' | 'active' | 'aggressive' = 'active'): Promise<ScanResult> { try { const workflow: PentestWorkflow = this.initializeWorkflow(target, scope, intensity); console.error(`Starting automated pentest for ${target} (scope: ${scope}, intensity: ${intensity})`); // Execute phases sequentially for (let i = 0; i < workflow.phases.length; i++) { workflow.current_phase = i; const phase = workflow.phases[i]; console.error(`Executing phase: ${phase.name}`); phase.status = 'running'; phase.start_time = new Date().toISOString(); try { await this.executePhase(workflow, phase); phase.status = 'completed'; phase.end_time = new Date().toISOString(); // Analyze results and decide next steps await this.analyzePhaseResults(workflow, phase); } catch (error) { phase.status = 'failed'; console.error(`Phase ${phase.name} failed:`, error); // Decide whether to continue or abort based on failure if (this.shouldAbortOnFailure(phase, error)) { break; } } } // Calculate final risk score and recommendations this.calculateFinalRiskScore(workflow); this.generateFinalRecommendations(workflow); return { target, timestamp: new Date().toISOString(), tool: 'auto_pentest', results: { workflow, completed_phases: workflow.phases.filter(p => p.status === 'completed').length, total_phases: workflow.phases.length, final_risk_score: workflow.results.risk_score, threat_level: workflow.results.threat_level }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'auto_pentest', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:204-223 (schema)The input schema definition for the auto_pentest tool, specifying parameters: target (required), scope, and intensity.name: "auto_pentest", description: "Perform comprehensive automated penetration test", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target IP, domain, or URL" }, scope: { type: "string", enum: ["network", "web", "full"], description: "Scope of testing" }, intensity: { type: "string", enum: ["passive", "active", "aggressive"], description: "Testing intensity level" } }, required: ["target"] } },
- src/index.ts:535-537 (registration)Tool registration in the MCP server's CallToolRequestSchema handler, which delegates execution to WorkflowEngine.autoPentest method.case "auto_pentest": return respond(await this.workflowEngine.autoPentest(args.target, args.scope || "full", args.intensity || "active"));