// SCAN REPORT

Pentest Ai

51 tools. 29 can modify or destroy data without limits.

29 write tools that can modify data. Rate limits recommended.

Last updated:

29 can modify or destroy data
22 read-only
51 tools total

Community server · catalogue entry verified 10/06/2026

How to control Pentest Ai ↓

TOOL MAP

Read (22) Write / Execute (29) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Execute · High run_probe The tool appears designed to execute security testing probes/scans against systems. Execute · High run_recon run_recon initiates active security scanning operations whose effects depend on the target and depth argument provided. Execute · High run_tool While framed as a 'security tool' in a pentest context, this tool executes external security utilities with user-controlled parameters (target selection). Execute · High start_campaign This tool triggers external operations (penetration testing) whose effects depend on the provided target arguments.

29 of Pentest Ai's 51 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL PENTEST AI

PolicyLayer is an MCP gateway — it sits between your AI agents and Pentest Ai, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "close_engagement": {
    "limits": [
      {
        "counter": "close_engagement_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browser_inspect": {
    "limits": [
      {
        "counter": "browser_inspect_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Pentest Ai — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON PENTEST AI →

Free to start. No card required.

ALL 51 PENTEST AI TOOLS

EXECUTE 24 tools
Execute run_probe run_probe Execute run_recon Start a reconnaissance scan against a target. Returns immediately with an engagement_id while the recon a Execute run_tool Run a specific security tool against a target. Returns structured results that are automatically stored i Execute start_campaign Start a multi-target campaign. Creates one engagement per target. Accepts a list of IPs, hostnames, or UR Execute start_engagement Start a new pentest engagement against a target. AUTHORIZED TARGETS ONLY. This initiates reconnaissance a Execute authenticated_scan Run a deterministic authenticated web scan (no LLM required). Logs in, crawls same-host pages, probes eac Execute builtin_scan Run built-in security scans without requiring any external tools. Works immediately after install. Scan t Execute ensure_tools_installed ensure_tools_installed Execute http_request http_request Execute scan_dns_builtin Perform DNS enumeration (built-in). Execute scan_ports_builtin Scan common ports on a target (built-in, no nmap required). Execute test_active_directory Run Active Directory security assessment. Includes: BloodHound enumeration, Kerberoasting, AS-REP roastin Execute test_api_security Run API security testing (REST + GraphQL) following OWASP API Top 10. Tests for: BOLA/IDOR, JWT alg-confu Execute test_cloud Run cloud security assessment. Providers: aws, azure, gcp Tests for: Misconfigurations, exposed secr Execute test_credentials Run authentication testing (default creds, password spray, MFA bypass). Lockout-aware. Prefers spraying o Execute test_mobile Run mobile app security testing (Android or iOS). Static + dynamic analysis. OWASP Mobile Top 10 coverage Execute test_privesc Run privilege escalation enumeration on a compromised host. Platforms: linux, windows, container. Uses li Execute test_social_engineering Run a social engineering assessment (phishing simulation, OSINT, DMARC audit). Returns immediately with en Execute test_vulnerabilities Run vulnerability scanning (Nuclei + RouterSploit + nikto + dirb). De-duplicates against findings already Execute test_web_app test_web_app Execute test_wireless Run wireless security assessment (WiFi + Bluetooth). Returns immediately with engagement_id; agent runs as Execute validate_finding Validate a specific finding with a safe, non-destructive proof of concept. Confirms the vulnerability is Execute plan_tools plan_tools Execute resume_engagement Resume an interrupted engagement from its last checkpoint. Returns immediately with status='running' and
WRITE 5 tools
Write close_engagement Close an engagement and mark it as completed. Write generate_detection_rules Generate detection rules (Sigma, SPL, KQL) for all discovered attacks. Every offensive technique gets a c Write generate_report Generate a professional pentest report (asynchronous). Formats: markdown, html, pdf, json Includes e Write select_agent select_agent Write set_intensity Change scan intensity (stealth, normal, aggressive) mid-engagement. Persists to DB. If the engagement is
READ 22 tools
Read browser_inspect Inspect a URL with the headless browser. Actions: headers (security headers), dom (forms+links+scripts), Read discover_attack_chains Discover attack chains from existing findings. Analyzes all findings for an engagement and identifies how Read get_attack_chains Get discovered attack chains for an engagement. Shows how individual findings chain together into full co Read get_campaign_summary Get aggregated summary across all engagements in a campaign. Read get_config Get current pentest-ai configuration (secrets masked). Read get_engagement_status Get the current status of a pentest engagement. Read get_engagement_summary Get a summary of an engagement including finding counts, chains, and rules. Read get_evidence Retrieve evidence artifacts for an engagement or specific finding. Always returns the on-disk SHA-256 per Read get_findings get_findings Read health health Read kill_process kill_process Read list_engagements List all pentest engagements, optionally filtered by status. Read list_plugins List installed YAML plugins from ~/.pentest-ai/plugins/. Read list_probes List every registered web probe with its metadata. Use this to discover what bug classes ptai can test fo Read list_processes List running tool subprocesses tracked by the engine. Each entry includes pid, tool, target, runtime_seco Read list_tools List all available security tools, optionally filtered by category. Categories: network, web, password, b Read poll_oob Poll the OOB collaborator server for callbacks raised by recent probes; materialize confirmed findings. Read query_compliance Query compliance mapping for an engagement's findings. Frameworks: pci_dss, hipaa, soc2, owasp, all R Read scan_headers_builtin Analyze HTTP security headers (built-in). Read scan_paths_builtin Scan for common sensitive paths (built-in). Read scan_secrets_builtin Scan HTTP responses for leaked secrets and credentials (built-in). Read scan_ssl_builtin Check SSL/TLS configuration (built-in).

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
automation
Binance MCP Server 734 tools
automation
Nodebench 724 tools
automation
GoHighLevel MCP Server 566 tools
automation
UnClick 451 tools
automation
NowAIKit — ServiceNow AI Toolkit 446 tools
automation
Mcp Windows 441 tools
automation
0nmcp 407 tools
automation

FAQ

How do I prevent bulk modifications through Pentest Ai? +

The Pentest Ai server has 5 write tools including close_engagement, generate_detection_rules, generate_report. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Pentest Ai.

How many tools does the Pentest Ai MCP server expose? +

51 tools across 3 categories: Execute, Read, Write. 22 are read-only. 29 can modify, create, or delete data.

How do I enforce a policy on Pentest Ai? +

Register the Pentest Ai MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Pentest Ai tool call.

Deterministic rules across all 51 Pentest Ai tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PENTEST AI →

Free to start. No card required.

51 Pentest Ai tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.