MCP Pentest

auto_pentest

Perform automated penetration testing to identify security vulnerabilities through reconnaissance, scanning, and controlled exploitation for authorized security assessments.

Instructions

Perform comprehensive automated penetration test

Input Schema

TableJSON Schema

Name	Required	Description
`target`	Yes	Target IP, domain, or URL
`scope`	No	Scope of testing
`intensity`	No	Testing intensity level

Implementation Reference

src/engines/workflow.ts:59-122 (handler)

The core handler function that implements the auto_pentest tool logic. It orchestrates a multi-phase penetration testing workflow: reconnaissance, vulnerability scanning, exploitation attempts, and generates risk assessment and recommendations.

async autoPentest(target: string, scope: 'network' | 'web' | 'full' = 'full', intensity: 'passive' | 'active' | 'aggressive' = 'active'): Promise<ScanResult> {
  try {
    const workflow: PentestWorkflow = this.initializeWorkflow(target, scope, intensity);
    
    console.error(`Starting automated pentest for ${target} (scope: ${scope}, intensity: ${intensity})`);
    
    // Execute phases sequentially
    for (let i = 0; i < workflow.phases.length; i++) {
      workflow.current_phase = i;
      const phase = workflow.phases[i];
      
      console.error(`Executing phase: ${phase.name}`);
      
      phase.status = 'running';
      phase.start_time = new Date().toISOString();
      
      try {
        await this.executePhase(workflow, phase);
        phase.status = 'completed';
        phase.end_time = new Date().toISOString();
        
        // Analyze results and decide next steps
        await this.analyzePhaseResults(workflow, phase);
        
      } catch (error) {
        phase.status = 'failed';
        console.error(`Phase ${phase.name} failed:`, error);
        
        // Decide whether to continue or abort based on failure
        if (this.shouldAbortOnFailure(phase, error)) {
          break;
        }
      }
    }
    
    // Calculate final risk score and recommendations
    this.calculateFinalRiskScore(workflow);
    this.generateFinalRecommendations(workflow);
    
    return {
      target,
      timestamp: new Date().toISOString(),
      tool: 'auto_pentest',
      results: {
        workflow,
        completed_phases: workflow.phases.filter(p => p.status === 'completed').length,
        total_phases: workflow.phases.length,
        final_risk_score: workflow.results.risk_score,
        threat_level: workflow.results.threat_level
      },
      status: 'success'
    };
    
  } catch (error) {
    return {
      target,
      timestamp: new Date().toISOString(),
      tool: 'auto_pentest',
      results: {},
      status: 'error',
      error: error instanceof Error ? error.message : String(error)
    };
  }
}

src/index.ts:204-223 (schema)

The input schema definition for the auto_pentest tool, specifying parameters: target (required), scope, and intensity.

  name: "auto_pentest",
  description: "Perform comprehensive automated penetration test",
  inputSchema: {
    type: "object",
    properties: {
      target: { type: "string", description: "Target IP, domain, or URL" },
      scope: { 
        type: "string", 
        enum: ["network", "web", "full"],
        description: "Scope of testing" 
      },
      intensity: {
        type: "string",
        enum: ["passive", "active", "aggressive"],
        description: "Testing intensity level"
      }
    },
    required: ["target"]
  }
},

src/index.ts:535-537 (registration)
Tool registration in the MCP server's CallToolRequestSchema handler, which delegates execution to WorkflowEngine.autoPentest method.
```
case "auto_pentest":
  return respond(await this.workflowEngine.autoPentest(args.target, args.scope || "full", args.intensity || "active"));
```

Tool Definition Quality

C2.6/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions 'comprehensive automated' but doesn't disclose critical behavioral traits: whether this is destructive, requires special permissions, has rate limits, runtime duration, or what 'automated' entails (e.g., automatic exploitation). This is a significant gap for a security testing tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that gets straight to the point with no wasted words. However, it's arguably too concise given the tool's complexity and lack of annotations, potentially under-specifying rather than being optimally concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's likely complexity (automated penetration testing), no annotations, no output schema, and many sibling alternatives, the description is incomplete. It doesn't cover behavioral risks, output expectations, or differentiation from other tools, leaving significant gaps for an agent to use it correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all parameters (target, scope, intensity). The description adds no additional meaning about parameters beyond what's in the schema, such as examples or implications of choices. Baseline 3 is appropriate when schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool performs 'comprehensive automated penetration test', which is a clear verb+action but remains vague about what 'comprehensive' entails. It doesn't distinguish from siblings like 'nmap_scan' or 'nikto_scan' which are more specific penetration testing tools, though it implies broader scope than those.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. With many sibling tools for specific tests (e.g., 'nmap_scan', 'sqlmap_scan'), the description doesn't indicate if this is a high-level wrapper, when it's preferred, or what prerequisites might be needed for automated testing.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server