MCP Pentest

fuzzing_parameters

Test extracted parameters with payloads using ffuf or wfuzz to identify vulnerabilities in web applications during security assessments.

Instructions

Fuzz extracted parameters with various payloads using ffuf/wfuzz

Input Schema

TableJSON Schema

Name	Required	Description	Default
`parameters`	Yes	Array of extracted parameters to fuzz
`tool`	No	Fuzzing tool to use

Implementation Reference

src/tools/fuzzing.ts:37-101 (handler)

Core handler function implementing the fuzzing_parameters tool logic: configures fuzzing tool (ffuf/wfuzz), groups parameters by endpoint, executes fuzzing, analyzes responses for vulnerabilities, and returns structured ScanResult.

async fuzzParameters(parameters: ExtractedParameter[], config: Partial<FuzzingConfiguration> = {}): Promise<ScanResult> {
  try {
    const defaultConfig: FuzzingConfiguration = {
      tool: 'ffuf',
      threads: 10,
      timeout: 10,
      delay: 100,
      wordlist: this.getDefaultWordlist('parameters'),
      filter_codes: [404, 403],
      ...config
    };
    
    console.error(`🔍 Fuzzing ${parameters.length} parameters with ${defaultConfig.tool}`);
    
    const allResults: FuzzingResult[] = [];
    
    // Group parameters by URL and method for efficient fuzzing
    const paramGroups = this.groupParametersByEndpoint(parameters);
    
    for (const [endpoint, params] of paramGroups.entries()) {
      console.error(`  Fuzzing endpoint: ${endpoint}`);
      
      if (defaultConfig.tool === 'ffuf') {
        const ffufResults = await this.runFFUF(endpoint, params, defaultConfig);
        allResults.push(...ffufResults);
      } else if (defaultConfig.tool === 'wfuzz') {
        const wfuzzResults = await this.runWfuzz(endpoint, params, defaultConfig);
        allResults.push(...wfuzzResults);
      }
      
      // Rate limiting between endpoints
      await this.sleep(defaultConfig.delay);
    }
    
    // Analyze results for vulnerabilities
    const analyzedResults = this.analyzeResults(allResults);
    const vulnerabilities = analyzedResults.filter(r => r.vulnerability_detected);
    
    return {
      target: 'parameter_fuzzing',
      timestamp: new Date().toISOString(),
      tool: 'fuzzing_engine',
      results: {
        total_tests: allResults.length,
        vulnerabilities_found: vulnerabilities.length,
        critical_findings: vulnerabilities.filter(v => v.severity === 'critical').length,
        high_findings: vulnerabilities.filter(v => v.severity === 'high').length,
        fuzzing_results: allResults,
        vulnerability_summary: this.summarizeVulnerabilities(vulnerabilities),
        recommendations: this.generateRecommendations(vulnerabilities)
      },
      status: 'success'
    };
    
  } catch (error) {
    return {
      target: 'parameter_fuzzing',
      timestamp: new Date().toISOString(),
      tool: 'fuzzing_engine',
      results: {},
      status: 'error',
      error: error instanceof Error ? error.message : String(error)
    };
  }
}

src/index.ts:282-301 (registration)

Tool registration entry defining the name, description, and input schema for the fuzzing_parameters tool in the MCP server.

{
  name: "fuzzing_parameters",
  description: "Fuzz extracted parameters with various payloads using ffuf/wfuzz",
  inputSchema: {
    type: "object",
    properties: {
      parameters: { 
        type: "array", 
        items: { type: "object" },
        description: "Array of extracted parameters to fuzz" 
      },
      tool: { 
        type: "string", 
        enum: ["ffuf", "wfuzz"],
        description: "Fuzzing tool to use" 
      }
    },
    required: ["parameters"]
  }
},

src/index.ts:552-553 (handler)
Dispatch handler in main tool call switch statement that invokes the FuzzingEngine.fuzzParameters method with parsed arguments.
```
case "fuzzing_parameters":
  return respond(await this.fuzzingEngine.fuzzParameters(args.parameters, { tool: args.tool || 'ffuf' }));
```

src/tools/fuzzing.ts:22-33 (schema)

Type definitions for FuzzingConfiguration (used for tool options) and FuzzingResult (output structure for fuzzing findings).

export interface FuzzingConfiguration {
  tool: 'ffuf' | 'wfuzz';
  threads: number;
  timeout: number;
  delay: number;
  wordlist: string;
  extensions?: string[];
  filter_codes?: number[];
  filter_size?: number[];
  match_codes?: number[];
  custom_headers?: Record<string, string>;
}

src/tools/fuzzing.ts:204-271 (helper)

Helper method to execute ffuf fuzzing on parameters, parse output, and create FuzzingResult objects.

private async runFFUF(endpoint: string, parameters: ExtractedParameter[], config: FuzzingConfiguration): Promise<FuzzingResult[]> {
  try {
    // Check if ffuf is installed
    try {
      await execAsync('ffuf -h', { timeout: 5000 });
    } catch {
      console.warn('ffuf not found, skipping ffuf fuzzing');
      return [];
    }
    
    const results: FuzzingResult[] = [];
    
    for (const param of parameters.slice(0, 5)) { // Limit to 5 params per endpoint
      const payloads = this.getPayloadsForParameter(param);
      
      for (const payload of payloads.slice(0, 20)) { // Limit payloads
        try {
          const testUrl = this.buildTestUrl(endpoint, param, payload);
          
          const command = `ffuf -u "${testUrl}" -w ${config.wordlist} -t ${config.threads} -timeout ${config.timeout} -p ${config.delay / 1000} -o /dev/null -s`;
          
          const { stdout } = await execAsync(command, { 
            timeout: 30000,
            maxBuffer: 1024 * 1024 
          });
          
          // Parse ffuf output (simplified)
          const lines = stdout.split('\n').filter(line => line.trim());
          
          for (const line of lines) {
            if (line.includes('Status:') && line.includes('Size:')) {
              const statusMatch = line.match(/Status:\s*(\d+)/);
              const sizeMatch = line.match(/Size:\s*(\d+)/);
              const timeMatch = line.match(/Time:\s*(\d+)/);
              
              if (statusMatch && sizeMatch) {
                const result: FuzzingResult = {
                  parameter: param.name,
                  payload,
                  url: testUrl,
                  method: param.method,
                  response_code: parseInt(statusMatch[1]),
                  response_size: parseInt(sizeMatch[1]),
                  response_time: timeMatch ? parseInt(timeMatch[1]) : 0,
                  vulnerability_detected: false,
                  severity: 'info'
                };
                
                // Analyze for vulnerabilities
                this.analyzeResponseForVulnerabilities(result, param);
                results.push(result);
              }
            }
          }
          
        } catch (error) {
          console.error(`FFuf error for ${param.name}:`, error);
        }
      }
    }
    
    return results;
    
  } catch (error) {
    console.error('FFuf execution error:', error);
    return [];
  }
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It mentions the tools used (ffuf/wfuzz) but lacks details on execution behavior, such as rate limits, output format, or potential impacts (e.g., whether it's safe or could cause disruptions). This leaves significant gaps for an agent to understand how the tool operates.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that directly states the tool's purpose and method without any unnecessary words. It is appropriately sized and front-loaded, making it easy to understand quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (involving fuzzing with external tools) and the lack of annotations and output schema, the description is insufficient. It doesn't explain what the tool returns, how results are structured, or any behavioral nuances, making it incomplete for effective agent use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents both parameters ('parameters' as an array of objects and 'tool' as an enum). The description adds no additional meaning beyond what's in the schema, such as examples of parameter payloads or tool selection criteria, resulting in the baseline score of 3.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('fuzz extracted parameters') and the method ('using ffuf/wfuzz'), which is specific and actionable. However, it doesn't explicitly differentiate from sibling tools like 'fuzzing_directories' or 'parameter_extraction', which limits the score from a perfect 5.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives, such as 'fuzzing_directories' for directory fuzzing or 'parameter_extraction' for obtaining parameters. There's no mention of prerequisites, context, or exclusions, leaving usage unclear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server