VulneraMCP

Instructions

Implementation Reference

• src/tools/zap.ts:402-424 (registration)

  Registration of the 'zap.get_urls' MCP tool, including input schema and handler function that delegates to ZAPClient.getUrls
  server.tool( 'zap.get_urls', { description: 'Get list of discovered URLs from ZAP', inputSchema: { type: 'object', properties: { baseURL: { type: 'string', description: 'Filter by base URL (optional)', }, }, }, }, async ({ baseURL }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.getUrls(baseURL); return formatToolResult(result.success, result.data, result.error); } );
• src/integrations/zap.ts:432-450 (handler)

  Core handler implementation in ZAPClient class that fetches discovered URLs via ZAP REST API /core/view/urls/ endpoint
  async getUrls(baseURL?: string): Promise<ZAPScanResult> { try { const params: any = {}; if (baseURL) params.baseurl = baseURL; const response = await this.client.get('/core/view/urls/', { params }); return { success: true, data: { urls: response.data.urls || [], }, }; } catch (error: any) { return { success: false, error: error.message || 'Failed to get URLs', }; } }
• src/integrations/zap.ts:504-506 (helper)

  Helper function to retrieve the singleton ZAPClient instance used by the tool handler
  export function getZAPClient(): ZAPClient | null { return zapClient; }
• src/integrations/zap.ts:494-502 (helper)

  Initialization function for creating the singleton ZAPClient instance called during tool registration
  export function initZAP(baseURL?: string, apiKey?: string): ZAPClient { if (!zapClient) { zapClient = new ZAPClient( baseURL || process.env.ZAP_URL || 'http://localhost:8081', apiKey || process.env.ZAP_API_KEY ); } return zapClient; }