Full reference for the Pentest-Tools.com MCP server. Scanning, target management, reporting, everything your AI assistant can touch, documented.
run_website_scanner
Run a website vulnerability scanner on a target URL.
| Parameter | Type | Required | Description |
|---|
| target | string | Yes | Target URL (e.g., https://example.com) |
| scan_type | string | No | light (default), deep, or custom |
| attack_active | array | No | Active attacks: xss, sqli, lfi, ssrf, ssti, xxe, etc. |
| attack_passive | array | No | Passive checks: security_headers, cookie_security, etc. |
| discovery | array | No | Discovery modules: fingerprint, sensitive_files, etc. |
| spider | object | No | Crawl options: approach (auto|classic|spa), depth (default 10), include_urls, exclude_urls, subdomains_in_scope |
| auth_headers | array | No | HTTP headers for authentication (e.g., ["Authorization: Bearer token123"]) |
| auth_cookies | string | No | Cookie string for session-based authentication (e.g., "PHPSESSID=abc123; token=xyz") |
| auth_login_form_url | string | No | URL of the login page for form-based authentication |
| auth_login_form_username | string | No | Username for form-based authentication |
| auth_login_form_password | string | No | Password for form-based authentication |
| requests_per_second | integer | No | Max requests per second (1–10000, default 100) |
| max_scan_time | integer | No | Max scan duration in minutes (5–1440, default 5) |
| workspace_id | integer | No | Workspace for the scan |
| vpn_profile_uuid | string | No | VPN profile for internal scanning |
Authenticated scanning configuration is complex. LLMs may require a few attempts to construct the parameters correctly. Provide explicit examples in your prompts.For all the parameter options of attack_active, attack_passive and discovery, see the API reference > scans > Start a scan > Website Scanner. run_subdomain_finder
Discover subdomains for a target domain.
| Parameter | Type | Required | Description |
|---|
| target | string | Yes | Target domain (e.g., example.com) |
| scan_type | string | No | light (default), deep, or custom |
| web_details | boolean | No | Include web server details |
| whois | boolean | No | Include WHOIS information |
| search_methods | object | No | Custom methods: dns_enumeration, ctr_search, etc. |
run_network_scanner
Run a network vulnerability scanner or port scanner.
| Parameter | Type | Required | Description |
|---|
| target | string | Yes | Hostname or IP address |
| preset | string | No | light (default), deep, or custom |
| scanning_engines | array | No | Engines: version_based, sniper, nuclei, openvas |
| protocol_type | string | No | tcp (default) or udp |
| port_range | object | No | start_port, end_port |
| port_list | array | No | Specific ports: [22, 80, 443] |
| just_scan_ports | boolean | No | Port scan only (no vulnerability checks |
get_scans
Retrieve scans with optional filtering.
| Parameter | Type | Description |
|---|
| workspace_id | integer | Filter by workspace |
| target_id | integer | Filter by target |
| status | string | Filter: running, finished, stopped, etc. |
| limit | integer | Max results |
| page | integer | Page number |
scan
Manage individual scans using various verbs.
| Verb | Parameters | Description |
|---|
| get_status | scan_id | Get scan status and progress |
| get_output | scan_id | Get parsed JSON output |
| get_raw_output | scan_id | Get raw output |
| stop | scan_id | Stop a running scan |
| delete | scan_id | Delete a scan (requires confirmation) |
| start_by_targetid | target_id, tool_id, tool_params | Start scan on existing target |
Targets
get_targets / target
| Tool | Verb | Parameters | Description |
|---|
| get_targets | — | workspace_id, target_type, limit | List targets |
| target | add | name, description, workspace_id | Create target |
| target | delete | target_id | Delete target |
workspace
| Verb | Parameters | Description |
|---|
| list | — | Get all workspaces |
| get | workspace_id | Get workspace details |
| create | name, description | Create workspace |
| edit | workspace_id, name, description | Update workspace |
| delete | workspace_id | Delete workspace |
findings
| Verb | Parameters | Description |
|---|
| get | — | Get all findings |
| get_finding_information_by_id | finding_id | Get finding details |
import_findings
Import external findings into Pentest-Tools.com.
| Parameter | Type | Required | Description |
|---|
| findings | array | Yes | Array of finding objects |
Reports
create_report
Generate a new report.
| Parameter | Type | Required | Description |
|---|
| format | string | Yes | pdf, html, json, csv, xlsx, docx |
| group_by | string | Yes | target or vulnerability |
| source | string | Yes | scans or findings |
| resources | array | Yes | Scan IDs or finding IDs |
| webhook_url | string | No | Notification URL |
report
Handle and download reports
| Verb | Parameters | Description |
|---|
| get_all | — | List all reports |
| get_report_information_by_id | report_id | Get report details |
| download | report_id | Download report file. |
| delete | report_id | Delete report |
Best practices for Handling Large Reports: When requesting a PDF report download via the MCP, keep in mind that the API returns large raw binary data, which might use a lot of context. We recommend instructing the AI to “Save the PDF report to a local file” rather than “Show me the report,” as the latter may result in a large block of unreadable text in your terminal or limit interactions with the Generate PDF functionality.
translate_report
LLM-powered tool that uses AI to translate vulnerability findings. Creates a new report from the generated translated findings.
| Parameter | Type | Required | Description |
|---|
| report_id | integer | Yes | Report to translate |
| target_language | string | Yes | e.g., Spanish, French, German |
| workspace_id | integer | Yes | Workspace for translated findings |
Utilities
http_logger
Manage HTTP request loggers for out-of-band testing.
| Verb | Parameters | Description |
|---|
| create | label, workspace_id | Create logger |
| delete | logger_id | Delete logger |
| clear | logger_id | Clear logged data |
get_vpn_profiles
Retrieve VPN profiles for internal network scanning. Returns profile UUIDs for use with scanning tools.
Resources
MCP resources provide read-only context to the LLM:
| Resource | Description |
|---|
| scans:// | List of all scans |
| targets:// | List of all targets |
| workspaces:// | List of all workspaces |
| findings:// | List of all findings (heavy) |
| reports:// | List of all reports |
| http_loggers:// | List of all HTTP loggers |
| wordlists:// | List of all available wordlists |
Prompts
Ready-made MCP prompts with parameters
| Name | Parameter | Prompt |
|---|
| pentest | target | Please provide a comprehensive pentesting report for this target: target, using the tools at your disposal. |
| subdomains | target | Please find all the subdomains that you can for this domain: target, using the tools at your disposal. |
| summary | workspace_id | Please create an executive summary for the latest scans in the workspace workspace_id, using the tools at your disposal. |
