MCP Pentest

Instructions

Implementation Reference

• src/engines/workflow.ts:124-177 (handler)

  Core handler function implementing the suggest_next_steps tool logic. Parses input scan results, analyzes different categories of findings using helper methods, generates prioritized next-step recommendations, and returns a structured response.
  async suggestNextSteps(scanResults: string): Promise<ScanResult> { try { const results = JSON.parse(scanResults); const recommendations: NextStepsRecommendation[] = []; // Analyze reconnaissance results if (results.reconnaissance) { recommendations.push(...this.analyzeReconResults(results.reconnaissance)); } // Analyze vulnerability results if (results.vulnerabilities) { recommendations.push(...this.analyzeVulnResults(results.vulnerabilities)); } // Analyze exploitation results if (results.exploits) { recommendations.push(...this.analyzeExploitResults(results.exploits)); } // Sort recommendations by priority and risk recommendations.sort((a, b) => { const priorityOrder = { high: 3, medium: 2, low: 1 }; const riskOrder = { critical: 4, high: 3, medium: 2, low: 1 }; const aScore = priorityOrder[a.priority] + riskOrder[a.risk_level]; const bScore = priorityOrder[b.priority] + riskOrder[b.risk_level]; return bScore - aScore; }); return { target: 'analysis', timestamp: new Date().toISOString(), tool: 'suggest_next_steps', results: { recommendations: recommendations.slice(0, 10), // Top 10 recommendations total_recommendations: recommendations.length, analysis_summary: this.generateAnalysisSummary(results) }, status: 'success' }; } catch (error) { return { target: 'analysis', timestamp: new Date().toISOString(), tool: 'suggest_next_steps', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
• src/index.ts:224-234 (registration)

  Tool registration in the ListToolsRequest handler, including name, description, and input schema definition.
  { name: "suggest_next_steps", description: "Analyze current findings and suggest next steps", inputSchema: { type: "object", properties: { scan_results: { type: "string", description: "Previous scan results in JSON format" } }, required: ["scan_results"] } },
• src/index.ts:227-233 (schema)

  Input schema definition for the suggest_next_steps tool, specifying the required scan_results parameter as a JSON string.
  inputSchema: { type: "object", properties: { scan_results: { type: "string", description: "Previous scan results in JSON format" } }, required: ["scan_results"] }
• src/index.ts:538-539 (handler)

  Dispatch handler in the CallToolRequest switch statement that routes calls to the workflow engine's suggestNextSteps method.
  case "suggest_next_steps": return respond(await this.workflowEngine.suggestNextSteps(args.scan_results));
• src/engines/workflow.ts:506-537 (helper)

  Helper method for analyzing reconnaissance results (ports, services) and generating specific next-step recommendations.
  private analyzeReconResults(recon: any): NextStepsRecommendation[] { const recommendations: NextStepsRecommendation[] = []; if (recon.open_ports && recon.open_ports.length > 0) { const webPorts = recon.open_ports.filter((p: any) => p.port === 80 || p.port === 443 || p.port === 8080); if (webPorts.length > 0) { recommendations.push({ priority: 'high', action: 'Perform web application vulnerability scan', tool: 'nuclei_scan', reason: 'Web services detected on target', estimated_time: '10-30 minutes', risk_level: 'medium' }); } const sshPorts = recon.open_ports.filter((p: any) => p.port === 22); if (sshPorts.length > 0) { recommendations.push({ priority: 'medium', action: 'Test SSH for weak credentials', tool: 'ssh_bruteforce', reason: 'SSH service exposed', estimated_time: '30-60 minutes', risk_level: 'high' }); } } return recommendations; }