MCP.so
Sign In
T

Turbopentest

@integsec

About Turbopentest

MCP server for TurboPentest — AI-powered penetration testing from your coding assistant

Basic information

Category

Other

Transports

stdio

Publisher

integsec

Submitted by

Mike Chamberland

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "turbopentest": {
      "command": "npx",
      "args": [
        "@turbopentest/mcp-server"
      ],
      "env": {
        "TURBOPENTEST_API_KEY": "tp_live_..."
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Turbopentest?

Turbopentest is an MCP server that integrates TurboPentest’s AI-powered penetration testing capabilities into coding assistants. It lets developers launch penetration tests, review findings, and download reports directly from their IDE.

How to use Turbopentest?

Obtain an API key from <turbopentest.com/settings/api-keys>, then configure your MCP client (Claude Desktop, Claude Code, or Cursor) with the command npx @turbopentest/mcp-server and set the TURBOPENTEST_API_KEY environment variable. The server exposes tools to start pentests, retrieve results, list findings, download reports, and verify attestations.

Key features of Turbopentest

  • Start pentests with recon, standard, deep, or blitz tiers (1–20 agents, 30 min–4 hours).
  • Get full scan details: status, progress, findings, attack surface map, and STRIDE threat model.
  • List and filter all pentests by status with finding counts.
  • Retrieve structured findings with severity, CVSS, CWE, PoC, and remediation.
  • Download reports in markdown, JSON, or PDF formats.
  • Check credit balance and available scan tiers with pricing.
  • Verify blockchain-anchored pentest attestations by hash (public, no API key required).

Use cases of Turbopentest

  • Launch a penetration test on a staging domain and monitor its progress from your coding assistant.
  • Review high-severity vulnerabilities with proof-of-concept and remediation steps without leaving your editor.
  • Download a pentest report in markdown for AI-driven analysis or JSON for programmatic processing.
  • Verify the authenticity of a pentest attestation using its blockchain hash.

FAQ from Turbopentest

What API key is required?

An API key from <turbopentest.com/settings/api-keys> is required and must be set as the TURBOPENTEST_API_KEY environment variable.

What scan tiers are available and how much do they cost?

Recon (1 agent, 30 min, $49), Standard (4 agents, 1 hour, $99), Deep (10 agents, 2 hours, $299), and Blitz (20 agents, 4 hours, $699).

What tools does the server provide?

The server provides start_pentest, get_pentest, list_pentests, get_findings, download_report, get_credits, verify_attestation, and list_domains.

Is the verify_attestation tool public?

Yes, it is a public tool that does not require an API key.

What are the system requirements?

Node.js 18+ and a TurboPentest account with API access.

Comments

More Other MCP servers