MCP Pentest

suggest_next_steps

Analyze penetration testing scan results to recommend logical next steps for security assessments, guiding testers through effective vulnerability investigation and exploitation workflows.

Instructions

Analyze current findings and suggest next steps

Input Schema

TableJSON Schema

Name	Required	Description	Default
`scan_results`	Yes	Previous scan results in JSON format

Implementation Reference

src/engines/workflow.ts:124-177 (handler)

Core handler function implementing the suggest_next_steps tool logic. Parses input scan results, analyzes different categories of findings using helper methods, generates prioritized next-step recommendations, and returns a structured response.

async suggestNextSteps(scanResults: string): Promise<ScanResult> {
  try {
    const results = JSON.parse(scanResults);
    const recommendations: NextStepsRecommendation[] = [];
    
    // Analyze reconnaissance results
    if (results.reconnaissance) {
      recommendations.push(...this.analyzeReconResults(results.reconnaissance));
    }
    
    // Analyze vulnerability results
    if (results.vulnerabilities) {
      recommendations.push(...this.analyzeVulnResults(results.vulnerabilities));
    }
    
    // Analyze exploitation results
    if (results.exploits) {
      recommendations.push(...this.analyzeExploitResults(results.exploits));
    }
    
    // Sort recommendations by priority and risk
    recommendations.sort((a, b) => {
      const priorityOrder = { high: 3, medium: 2, low: 1 };
      const riskOrder = { critical: 4, high: 3, medium: 2, low: 1 };
      
      const aScore = priorityOrder[a.priority] + riskOrder[a.risk_level];
      const bScore = priorityOrder[b.priority] + riskOrder[b.risk_level];
      
      return bScore - aScore;
    });
    
    return {
      target: 'analysis',
      timestamp: new Date().toISOString(),
      tool: 'suggest_next_steps',
      results: {
        recommendations: recommendations.slice(0, 10), // Top 10 recommendations
        total_recommendations: recommendations.length,
        analysis_summary: this.generateAnalysisSummary(results)
      },
      status: 'success'
    };
    
  } catch (error) {
    return {
      target: 'analysis',
      timestamp: new Date().toISOString(),
      tool: 'suggest_next_steps',
      results: {},
      status: 'error',
      error: error instanceof Error ? error.message : String(error)
    };
  }
}

src/index.ts:224-234 (registration)

Tool registration in the ListToolsRequest handler, including name, description, and input schema definition.

{
  name: "suggest_next_steps",
  description: "Analyze current findings and suggest next steps",
  inputSchema: {
    type: "object",
    properties: {
      scan_results: { type: "string", description: "Previous scan results in JSON format" }
    },
    required: ["scan_results"]
  }
},

src/index.ts:227-233 (schema)

Input schema definition for the suggest_next_steps tool, specifying the required scan_results parameter as a JSON string.

inputSchema: {
  type: "object",
  properties: {
    scan_results: { type: "string", description: "Previous scan results in JSON format" }
  },
  required: ["scan_results"]
}

src/index.ts:538-539 (handler)
Dispatch handler in the CallToolRequest switch statement that routes calls to the workflow engine's suggestNextSteps method.
```
case "suggest_next_steps":
  return respond(await this.workflowEngine.suggestNextSteps(args.scan_results));
```

src/engines/workflow.ts:506-537 (helper)

Helper method for analyzing reconnaissance results (ports, services) and generating specific next-step recommendations.

private analyzeReconResults(recon: any): NextStepsRecommendation[] {
  const recommendations: NextStepsRecommendation[] = [];
  
  if (recon.open_ports && recon.open_ports.length > 0) {
    const webPorts = recon.open_ports.filter((p: any) => p.port === 80 || p.port === 443 || p.port === 8080);
    
    if (webPorts.length > 0) {
      recommendations.push({
        priority: 'high',
        action: 'Perform web application vulnerability scan',
        tool: 'nuclei_scan',
        reason: 'Web services detected on target',
        estimated_time: '10-30 minutes',
        risk_level: 'medium'
      });
    }
    
    const sshPorts = recon.open_ports.filter((p: any) => p.port === 22);
    if (sshPorts.length > 0) {
      recommendations.push({
        priority: 'medium',
        action: 'Test SSH for weak credentials',
        tool: 'ssh_bruteforce',
        reason: 'SSH service exposed',
        estimated_time: '30-60 minutes',
        risk_level: 'high'
      });
    }
  }
  
  return recommendations;
}

Tool Definition Quality

C2.6/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions analysis and suggestion but doesn't describe what the tool actually does (e.g., returns a list, generates a plan, requires specific inputs beyond scan_results). There's no information on permissions, rate limits, or output format, leaving significant gaps for a tool that likely involves processing and recommendations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise with a single sentence, 'Analyze current findings and suggest next steps', which is front-loaded and wastes no words. However, it's overly brief to the point of under-specification, slightly reducing its effectiveness despite efficient structure.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of analysis and suggestion tasks, with no annotations and no output schema, the description is incomplete. It doesn't explain what the tool returns (e.g., a list of steps, a plan) or any behavioral traits. For a tool with one parameter but significant processing logic, more context is needed to guide the agent effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% for the single parameter 'scan_results', which is documented as 'Previous scan results in JSON format'. The description adds no additional meaning beyond this, such as what the JSON should contain or how it's used. With high schema coverage, the baseline is 3, and the description doesn't compensate with extra context.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description 'Analyze current findings and suggest next steps' states a vague purpose without specifying what type of analysis or what domain it operates in. It doesn't distinguish from siblings like 'generate_report' or 'adaptive_strategy', which could have overlapping functionality. The description is generic rather than specific to a particular resource or context.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With siblings like 'generate_report' for reporting and 'adaptive_strategy' for strategy planning, there's no indication of prerequisites, timing, or exclusions. The agent must infer usage from the tool name alone, which is insufficient.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server