MCP Pentest

Instructions

Implementation Reference

• src/tools/report.ts:74-130 (handler)

  Core handler function that implements the generate_report tool logic: compiles pentest report data, formats it (HTML, Markdown, JSON, PDF), generates filename, and returns structured ScanResult.
  async generateReport(target: string, format: 'html' | 'pdf' | 'json' | 'markdown' = 'html'): Promise<ScanResult> { try { // This would typically load results from a database or file system // For now, we'll create a sample report structure const report = await this.compileReport(target); let formattedReport: string; switch (format) { case 'html': formattedReport = this.generateHTMLReport(report); break; case 'markdown': formattedReport = this.generateMarkdownReport(report); break; case 'json': formattedReport = JSON.stringify(report, null, 2); break; case 'pdf': formattedReport = 'PDF generation requires additional dependencies'; break; default: formattedReport = this.generateMarkdownReport(report); } // Save report to file const filename = `pentest_report_${target.replace(/[^a-zA-Z0-9]/g, '_')}_${new Date().toISOString().split('T')[0]}.${format}`; return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: { report_content: formattedReport, filename, format, report_summary: { total_vulnerabilities: report.vulnerability_details.length, successful_exploits: report.exploitation_summary.successful_exploits, risk_rating: report.executive_summary.risk_rating } }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
• src/index.ts:238-252 (schema)

  MCP tool schema definition including input schema with 'target' (required) and 'format' (optional enum: html/pdf/json/markdown).
  name: "generate_report", description: "Generate comprehensive penetration test report", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target identifier" }, format: { type: "string", enum: ["html", "pdf", "json", "markdown"], description: "Report format" } }, required: ["target"] } },
• src/index.ts:542-543 (registration)

  Tool registration in MCP CallToolRequest handler: switch case dispatches generate_report calls to this.reportTools.generateReport().
  case "generate_report": return respond(await this.reportTools.generateReport(args.target, args.format || "html"));
• src/tools/report.ts:6-71 (schema)

  TypeScript interfaces defining the structure of PentestReport, ExecutiveSummary, and related types used for report validation and structure.
  export interface PentestReport { report_id: string; target: string; generated_at: string; scope: string; methodology: string; executive_summary: ExecutiveSummary; technical_findings: TechnicalFindings; vulnerability_details: VulnerabilityDetail[]; exploitation_summary: ExploitationSummary; recommendations: RecommendationSection; appendices: AppendixSection; } export interface ExecutiveSummary { assessment_overview: string; key_findings: string[]; risk_rating: 'Low' | 'Medium' | 'High' | 'Critical'; business_impact: string; remediation_priority: string[]; } export interface TechnicalFindings { methodology_used: string[]; scope_coverage: string; tools_utilized: string[]; timeline: string; limitations: string[]; } export interface VulnerabilityDetail { id: string; title: string; severity: string; cvss_score?: number; description: string; impact: string; affected_systems: string[]; evidence: string[]; proof_of_concept: string; remediation: string; references: string[]; } export interface ExploitationSummary { successful_exploits: number; attempted_exploits: number; compromise_level: 'None' | 'Limited' | 'Significant' | 'Complete'; access_gained: string[]; data_accessed: string[]; } export interface RecommendationSection { immediate_actions: string[]; short_term_goals: string[]; long_term_strategy: string[]; security_controls: string[]; } export interface AppendixSection { raw_scan_outputs: any[]; port_scan_results: any[]; vulnerability_scan_details: any[]; exploitation_logs: any[]; }
• src/tools/report.ts:72-130 (helper)

  ReportTools class containing the generateReport handler and supporting helper methods (compileReport, generateHTMLReport, generateMarkdownReport, etc.). Instantiated in src/index.ts.
  export class ReportTools { async generateReport(target: string, format: 'html' | 'pdf' | 'json' | 'markdown' = 'html'): Promise<ScanResult> { try { // This would typically load results from a database or file system // For now, we'll create a sample report structure const report = await this.compileReport(target); let formattedReport: string; switch (format) { case 'html': formattedReport = this.generateHTMLReport(report); break; case 'markdown': formattedReport = this.generateMarkdownReport(report); break; case 'json': formattedReport = JSON.stringify(report, null, 2); break; case 'pdf': formattedReport = 'PDF generation requires additional dependencies'; break; default: formattedReport = this.generateMarkdownReport(report); } // Save report to file const filename = `pentest_report_${target.replace(/[^a-zA-Z0-9]/g, '_')}_${new Date().toISOString().split('T')[0]}.${format}`; return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: { report_content: formattedReport, filename, format, report_summary: { total_vulnerabilities: report.vulnerability_details.length, successful_exploits: report.exploitation_summary.successful_exploits, risk_rating: report.executive_summary.risk_rating } }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'generate_report', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }