MCP Pentest

Instructions

Input Schema

Input Schema (JSON Schema)

Implementation Reference

• src/tools/exploit.ts:74-117 (handler)

  Core implementation of the exploit_attempt tool handler. Categorizes the vulnerability type and delegates to specific exploit attempt methods (web, network, service, or generic), collects results, and returns a standardized ScanResult.
  async exploitAttempt(target: string, vulnerability: string, payload?: string): Promise<ScanResult> { try { const exploitResults: ExploitResult[] = []; // Determine exploit strategy based on vulnerability type const vulnType = this.categorizeVulnerability(vulnerability); switch (vulnType) { case 'web': await this.attemptWebExploits(target, vulnerability, payload, exploitResults); break; case 'network': await this.attemptNetworkExploits(target, vulnerability, payload, exploitResults); break; case 'service': await this.attemptServiceExploits(target, vulnerability, payload, exploitResults); break; default: await this.attemptGenericExploits(target, vulnerability, payload, exploitResults); } return { target, timestamp: new Date().toISOString(), tool: 'exploit_attempt', results: { exploit_attempts: exploitResults, successful_exploits: exploitResults.filter(e => e.success), vulnerability_targeted: vulnerability, total_attempts: exploitResults.length }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'exploit_attempt', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
• src/index.ts:188-200 (schema)

  Input schema definition for the exploit_attempt tool, registered in the MCP server's listTools handler. Defines required parameters: target and vulnerability, optional payload.
  { name: "exploit_attempt", description: "Attempt exploitation using detected vulnerabilities", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target IP/URL" }, vulnerability: { type: "string", description: "Vulnerability identifier" }, payload: { type: "string", description: "Payload type" } }, required: ["target", "vulnerability"] } },
• src/index.ts:531-532 (registration)

  MCP tool registration and dispatch handler in the CallToolRequestSchema. Maps the tool call to the ExploitTools.exploitAttempt method.
  case "exploit_attempt": return respond(await this.exploitTools.exploitAttempt(args.target, args.vulnerability, args.payload));
• src/tools/exploit.ts:8-18 (schema)

  Type definition for individual exploit results used in the output of exploitAttempt (array in results.exploit_attempts).
  export interface ExploitResult { exploit_id: string; name: string; target: string; success: boolean; payload_used: string; result_type: 'shell' | 'file_read' | 'rce' | 'information' | 'dos' | 'privilege_escalation'; evidence: string; severity: 'low' | 'medium' | 'high' | 'critical'; recommendations: string[]; }
• src/tools/exploit.ts:178-202 (helper)

  Helper method to categorize vulnerabilities into web, network, service, or other types to determine which exploit methods to invoke.
  private categorizeVulnerability(vulnerability: string): 'web' | 'network' | 'service' | 'other' { const vulnLower = vulnerability.toLowerCase(); if (vulnLower.includes('xss') || vulnLower.includes('sql injection') || vulnLower.includes('csrf') || vulnLower.includes('directory traversal') || vulnLower.includes('file upload')) { return 'web'; } if (vulnLower.includes('buffer overflow') || vulnLower.includes('rce') || vulnLower.includes('command injection')) { return 'network'; } if (vulnLower.includes('ssh') || vulnLower.includes('ftp') || vulnLower.includes('smb') || vulnLower.includes('rdp')) { return 'service'; } return 'other';