Schema | TurboPentest

Describes the environment variables required to run the server.

Name	Required	Description	Default
`TURBOPENTEST_API_KEY`	Yes	Your TurboPentest API key (required)
`TURBOPENTEST_API_URL`	No	Custom API base URL (for testing)	https://turbopentest.com/api

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": true }

Functions exposed to the LLM to take actions

Name	Description
start_pentest	Launch an AI-powered penetration test against a target URL. The domain must be verified first (see list_domains). Requires an available credit matching the selected tier.
get_pentest	Get full details for a pentest including status, progress, findings summary, executive summary, attack surface map, and STRIDE threat model.
list_pentests	List all your pentests with status and finding counts. Results are ordered newest first.
get_findings	Get structured vulnerability findings for a pentest. Each finding includes severity, CVSS, CWE, description, PoC, remediation, and retest command. Use the severity filter to narrow results.
download_report	Download a pentest report. Use format=markdown for AI-readable content, format=json for structured data, or format=pdf for the full formatted report. The scan must be complete.
get_credits	Check your credit balance and available scan tiers with pricing. Credits are required to launch pentests.
verify_attestation	Verify a blockchain-anchored pentest attestation by its hash. This is a public endpoint — no API key required. Use this to confirm that a pentest was actually performed and its results are authentic.
list_domains	List your verified domains and their verification status. Domains must be verified before you can run pentests against them.

Interactive templates invoked by user choice

Name	Description
No prompts

Contextual data attached and managed by the client

Name	Description
No resources

TurboPentest