Burpsuite MCP Server

Overview Schema Related Servers Score Discussions

start_scan

Initiate vulnerability scans on target URLs using specified scan types (passive, active, full) via Burpsuite MCP Server to identify security issues.

Instructions

Start a new vulnerability scan on a target URL

Input Schema

TableJSON Schema

Name	Required	Description	Default
`scan_type`	No	Type of scan to perform
`target`	Yes	Target URL to scan (e.g., https://example.com)

Implementation Reference

src/index.ts:490-530 (handler)

The handler logic for the 'start_scan' tool. It extracts target URL and scan_type from arguments, validates target, generates a unique scan ID, initializes a mock Scan object, stores it in mockScans, sets a 5-second timeout to simulate scan completion by generating mock issues based on scan_type, and returns the scan_id and initial status.

case "start_scan": {
  const target = String(request.params.arguments?.target);
  const scanType = String(request.params.arguments?.scan_type || "passive");

  if (!target) {
    throw new McpError(ErrorCode.InvalidParams, "Target URL is required");
  }

  // Create a new scan
  const scanId = `scan-${Date.now()}`;
  const scan: Scan = {
    id: scanId,
    target,
    status: "running",
    startTime: new Date().toISOString(),
    progress: 0,
    issues: []
  };

  mockScans[scanId] = scan;

  // Simulate scan completion after a delay (in a real implementation, this would be async)
  setTimeout(() => {
    const issueCount = scanType === "passive" ? 3 : scanType === "active" ? 8 : 15;
    mockScans[scanId].issues = generateMockIssues(new URL(target).hostname, issueCount);
    mockScans[scanId].status = "completed";
    mockScans[scanId].endTime = new Date().toISOString();
    mockScans[scanId].progress = 100;
  }, 5000);

  return {
    content: [{
      type: "text",
      text: JSON.stringify({
        scan_id: scanId,
        message: `Started ${scanType} scan on ${target}`,
        status: "running"
      }, null, 2)
    }]
  };
}

src/index.ts:385-399 (schema)

Input schema definition for the 'start_scan' tool, specifying a required 'target' string and optional 'scan_type' enum.

inputSchema: {
  type: "object",
  properties: {
    target: {
      type: "string",
      description: "Target URL to scan (e.g., https://example.com)"
    },
    scan_type: {
      type: "string",
      enum: ["passive", "active", "full"],
      description: "Type of scan to perform"
    }
  },
  required: ["target"]
}

src/index.ts:382-400 (registration)

The tool registration entry in the ListTools handler, including name, description, and input schema for 'start_scan'.

{
  name: "start_scan",
  description: "Start a new vulnerability scan on a target URL",
  inputSchema: {
    type: "object",
    properties: {
      target: {
        type: "string",
        description: "Target URL to scan (e.g., https://example.com)"
      },
      scan_type: {
        type: "string",
        enum: ["passive", "active", "full"],
        description: "Type of scan to perform"
      }
    },
    required: ["target"]
  }
},

Install Server

Other Tools

Related Tools

start_scan
@Cyreslab-AI/nessus-mcp-server
security_vulnerability_scan
@Heht571/ops-mcp-server
start_scan
@Spritualkb/nuclei-mcp
search_vulnerabilities
@Cyreslab-AI/nessus-mcp-server
startAccessibilityScan
@browserstack/mcp-server
list_scan_templates
@Cyreslab-AI/nessus-mcp-server

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Cyreslab-AI/burpsuite-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server