# TurboPentest MCP server for TurboPentest. Blockchain-attested collaborative agentic penetration testing from your AI assistant. ## Quick Start ```bash # Connect this server (installs CLI if needed) npx -y @smithery/cli@latest mcp add integsec/turbopentest # Browse available tools npx -y @smithery/cli@latest tool list integsec/turbopentest # Get full schema for a tool npx -y @smithery/cli@latest tool get integsec/turbopentest turbopentest_download_report # Call a tool npx -y @smithery/cli@latest tool call integsec/turbopentest turbopentest_download_report '{}' ``` ## Direct MCP Connection Endpoint: `https://turbopentest--integsec.run.tools` **Optional config:** - `x-api-key` (header) — TurboPentest API Key from: https://turbopentest.com/account?tab=api-keys ## Tools (8) - `turbopentest_download_report` — Download a full penetration test report in the specified format. The scan must have status 'complete' before a report c… - `turbopentest_get_credits` — Check your current credit balance, usage breakdown by tier, and available scan tiers with pricing. Credits are consumed… - `turbopentest_get_findings` — Retrieve structured vulnerability findings for a completed penetration test. Each finding includes severity, CVSS score… - `turbopentest_get_scan` — Retrieve full details for a specific penetration test by its ID. Returns current status, scan progress percentage, find… - `turbopentest_list_domains` — List all domains in your account with their verification status and expiry dates. A domain must have status 'verified' … - `turbopentest_list_scans` — List all your penetration tests with their status and finding counts, ordered newest first. Use this to find pentest ID… - `turbopentest_start_scan` — Launch an AI-powered penetration test against a target URL. The target domain must be verified first — use turbopentest… - `turbopentest_verify_attestation` — Verify a blockchain-anchored penetration test attestation by its SHA-256 hash. Returns scan metadata (tier, agents, dur… ```bash # Get full input/output schema for a tool npx -y @smithery/cli@latest tool get integsec/turbopentest ``` ## Resources - `pentest://credits` — Current credit balance and tier pricing - `pentest://domains` — List of verified domains and their verification status ## Prompts (4) - `analyze_findings` (pentest_id) — Deep-dive analysis of a pentest's findings with prioritized remediation plan - `compare_pentests` (baseline_id, current_id) — Diff two pentests to track what's new, fixed, and persistent across scans - `run_pentest` (target_url, tier) — Guided full-lifecycle pentest — domain check, credit verification, scan launch, monitoring, and findings summary - `security_posture` — Executive summary of overall security posture across all recent pentests