// MCP TOOL REFERENCE

PENTEST AI TOOLS

51 tools from the Pentest Ai MCP Server, categorised by risk level.

// ALL 51 PENTEST AI TOOLS

READ 22 tools

Read browser_inspect Inspect a URL with the headless browser. Actions: headers (security headers), dom (forms+links+scripts... Read discover_attack_chains Discover attack chains from existing findings. Analyzes all findings for an engagement and identifies ... Read get_attack_chains Get discovered attack chains for an engagement. Shows how individual findings chain together into full... Read get_campaign_summary Get aggregated summary across all engagements in a campaign. Read get_config Get current pentest-ai configuration (secrets masked). Read get_engagement_status Get the current status of a pentest engagement. Read get_engagement_summary Get a summary of an engagement including finding counts, chains, and rules. Read get_evidence Retrieve evidence artifacts for an engagement or specific finding. Always returns the on-disk SHA-256 ... Read get_findings get_findings Read health health Read kill_process kill_process Read list_engagements List all pentest engagements, optionally filtered by status. Read list_plugins List installed YAML plugins from ~/.pentest-ai/plugins/. Read list_probes List every registered web probe with its metadata. Use this to discover what bug classes ptai can test... Read list_processes List running tool subprocesses tracked by the engine. Each entry includes pid, tool, target, runtime_s... Read list_tools List all available security tools, optionally filtered by category. Categories: network, web, password... Read poll_oob Poll the OOB collaborator server for callbacks raised by recent probes; materialize confirmed findings.... Read query_compliance Query compliance mapping for an engagement's findings. Frameworks: pci_dss, hipaa, soc2, owasp, all ... Read scan_headers_builtin Analyze HTTP security headers (built-in). Read scan_paths_builtin Scan for common sensitive paths (built-in). Read scan_secrets_builtin Scan HTTP responses for leaked secrets and credentials (built-in). Read scan_ssl_builtin Check SSL/TLS configuration (built-in).

WRITE 5 tools

Write close_engagement Close an engagement and mark it as completed. Write generate_detection_rules Generate detection rules (Sigma, SPL, KQL) for all discovered attacks. Every offensive technique gets ... Write generate_report Generate a professional pentest report (asynchronous). Formats: markdown, html, pdf, json Include... Write select_agent select_agent Write set_intensity Change scan intensity (stealth, normal, aggressive) mid-engagement. Persists to DB. If the engagement ...

EXECUTE 24 tools

Execute run_probe run_probe Execute run_recon Start a reconnaissance scan against a target. Returns immediately with an engagement_id while the reco... Execute run_tool Run a specific security tool against a target. Returns structured results that are automatically store... Execute start_campaign Start a multi-target campaign. Creates one engagement per target. Accepts a list of IPs, hostnames, or... Execute start_engagement Start a new pentest engagement against a target. AUTHORIZED TARGETS ONLY. This initiates reconnaissanc... Execute authenticated_scan Run a deterministic authenticated web scan (no LLM required). Logs in, crawls same-host pages, probes ... Execute builtin_scan Run built-in security scans without requiring any external tools. Works immediately after install. Sca... Execute ensure_tools_installed ensure_tools_installed Execute http_request http_request Execute scan_dns_builtin Perform DNS enumeration (built-in). Execute scan_ports_builtin Scan common ports on a target (built-in, no nmap required). Execute test_active_directory Run Active Directory security assessment. Includes: BloodHound enumeration, Kerberoasting, AS-REP roas... Execute test_api_security Run API security testing (REST + GraphQL) following OWASP API Top 10. Tests for: BOLA/IDOR, JWT alg-co... Execute test_cloud Run cloud security assessment. Providers: aws, azure, gcp Tests for: Misconfigurations, exposed s... Execute test_credentials Run authentication testing (default creds, password spray, MFA bypass). Lockout-aware. Prefers sprayin... Execute test_mobile Run mobile app security testing (Android or iOS). Static + dynamic analysis. OWASP Mobile Top 10 cover... Execute test_privesc Run privilege escalation enumeration on a compromised host. Platforms: linux, windows, container. Uses... Execute test_social_engineering Run a social engineering assessment (phishing simulation, OSINT, DMARC audit). Returns immediately with... Execute test_vulnerabilities Run vulnerability scanning (Nuclei + RouterSploit + nikto + dirb). De-duplicates against findings alre... Execute test_web_app test_web_app Execute test_wireless Run wireless security assessment (WiFi + Bluetooth). Returns immediately with engagement_id; agent runs... Execute validate_finding Validate a specific finding with a safe, non-destructive proof of concept. Confirms the vulnerability ... Execute plan_tools plan_tools Execute resume_engagement Resume an interrupted engagement from its last checkpoint. Returns immediately with status='running' a...

// FAQ

How many tools does the Pentest Ai MCP server have? +

The Pentest Ai MCP server exposes 51 tools across 3 categories: Read, Write, Execute.

How do I enforce policies on Pentest Ai tools? +

Route the Pentest Ai server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Pentest Ai tools fall into? +

Pentest Ai tools are categorised as Read (22), Write (5), Execute (24). Each category has a recommended default policy.

Enforce policy on every Pentest Ai tool call.

Deterministic rules across all 51 Pentest Ai tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN PENTEST AI →

Free to start. No card required.

42,500+ MCP servers and 110,000+ tools scanned and risk-classified.