Poll the OOB collaborator server for callbacks raised by recent probes; materialize confirmed findings. Call after firing probes that emit OOB payloads (blind SSRF / SQLi / XXE / RCE / stored XSS / SSTI / Log4Shell). The tool polls the configured Interactsh server every interval seconds up to tim...
AI agents call poll_oob to retrieve information from Pentest Ai without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
poll_oob retrieves interaction data from an out-of-band (OOB) collaborator server and correlates it with existing pending findings. While this supports penetration testing workflows (including execution of probes that generate OOB payloads), the tool itself only reads/queries callback data and assembles evidence artifacts. It does not execute probes, modify system state irreversibly, or move money.
From the tool's definition Tool polls the OOB collaborator server for callbacks and materializes confirmed findings. Key verbs: 'poll', 'looks up', 'materialize' — these are read and retrieval operations.
Documented attack patterns abuse exactly the kind of access poll_oob gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Pentest Ai, and nothing reaches the server without passing your rules. This is the rule we recommend for poll_oob:
{
"version": "1",
"default": "deny",
"tools": {
"poll_oob": {}
}
}poll_oob is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Poll the OOB collaborator server for callbacks raised by recent probes; materialize confirmed findings. Call after firing probes that emit OOB payloads (blind SSRF / SQLi / XXE / RCE / stored XSS / SSTI / Log4Shell). The tool polls the configured Interactsh server every interval seconds up to timeout seconds; for each interaction received it looks up the originating pending_oob row and materializes the parked finding with the interaction record (timestamp, source IP, raw bytes) as an on-disk evidence artifact. Args: engagement_id: engagement to poll for timeout: total seconds to wait (capped at 300 to prevent runaway) interval: seconds between polls (server default = 5) Returns dict with confirmed (list of materialized findings), expired (count of pending rows that timed out), and server (the OAST server URL used). It is categorised as a Read tool in the Pentest Ai MCP Server, which means it retrieves data without modifying state.
Register the Pentest Ai MCP server in PolicyLayer and add a rule for poll_oob: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Pentest Ai. Nothing to install.
poll_oob is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the poll_oob rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for poll_oob. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
poll_oob is provided by the Pentest Ai MCP server (0xsteph/pentest-ai). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 51 Pentest Ai tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
51 Pentest Ai tools catalogued and risk-classified — across an index of 42,500+ MCP servers.