Which integrations are available for this server?

Allows for white-box scanning by integrating GitHub repositories into penetration test workflows for source code analysis.

@turbopentest/mcp-server

MCP server for TurboPentest — run AI-powered penetration tests and review findings from your coding assistant.

Setup

1. Get your API key

Create an API key at turbopentest.com/settings/api-keys.

2. Add to your MCP client

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "turbopentest": {
      "command": "npx",
      "args": ["@turbopentest/mcp-server"],
      "env": {
        "TURBOPENTEST_API_KEY": "tp_live_..."
      }
    }
  }
}

Claude Code (.mcp.json in your project root):

{
  "mcpServers": {
    "turbopentest": {
      "command": "npx",
      "args": ["@turbopentest/mcp-server"],
      "env": {
        "TURBOPENTEST_API_KEY": "tp_live_..."
      }
    }
  }
}

Cursor (Settings > MCP Servers > Add):

{
  "command": "npx",
  "args": ["@turbopentest/mcp-server"],
  "env": {
    "TURBOPENTEST_API_KEY": "tp_live_..."
  }
}

Tools

Tool	Description
`start_pentest`	Launch a pentest against a verified domain. Supports recon/standard/deep/blitz tiers and optional GitHub repo for white-box scanning.
`get_pentest`	Get full scan details: status, progress, findings summary, executive summary, attack surface map, STRIDE threat model.
`list_pentests`	List all your pentests with status and finding counts. Filter by status, limit results.
`get_findings`	Get structured vulnerability findings with severity, CVSS, CWE, PoC, remediation, and retest commands. Filter by severity.
`download_report`	Download a pentest report as markdown (best for AI), JSON, or PDF.
`get_credits`	Check your credit balance and available scan tiers with pricing.
`verify_attestation`	Verify a blockchain-anchored pentest attestation by hash (public, no API key required).
`list_domains`	List your verified domains and their verification status.

Scan Tiers

Tier	Agents	Duration	Price
Recon	1	30 min	$49
Standard	4	1 hour	$99
Deep	10	2 hours	$299
Blitz	20	4 hours	$699

Example

You:    "Run a pentest on staging.example.com"
Claude: Calls start_pentest → "Started pentest tp_abc123, 4 agents, ~1 hour"

You:    "How's it going?"
Claude: Calls get_pentest → "60% complete, 3 findings so far (1 high, 2 medium)"

You:    "Show me the high severity findings"
Claude: Calls get_findings(severity: "high") → Shows SQL injection details with PoC and remediation

Configuration

Environment Variable	Description	Default
`TURBOPENTEST_API_KEY`	Your TurboPentest API key (required)	—
`TURBOPENTEST_API_URL`	Custom API base URL (for testing)	`https://turbopentest.com/api`

Requirements

Node.js 18+
A TurboPentest account with API access

License

MIT

Install Server

A

security – no known vulnerabilities

A

license - permissive license

A

quality - confirmed to work

How are these scores calculated?

Resources

Need Help?

Report Issue

Related Servers

Looking for Admin?

Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.

Tools

Appeared in Searches

A server for penetration testing resources and information

TurboPentest

@turbopentest/mcp-server

Setup

1. Get your API key

2. Add to your MCP client

Tools

Scan Tiers

Example

Configuration

Requirements

License

Resources

Looking for Admin?

Tools

Appeared in Searches

Latest Blog Posts

MCP directory API