Turbopentest
@integsec
About Turbopentest
MCP server for TurboPentest — AI-powered penetration testing from your coding assistant
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"turbopentest": {
"command": "npx",
"args": [
"@turbopentest/mcp-server"
],
"env": {
"TURBOPENTEST_API_KEY": "tp_live_..."
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Turbopentest?
Turbopentest is an MCP server that integrates TurboPentest’s AI-powered penetration testing capabilities into coding assistants. It lets developers launch penetration tests, review findings, and download reports directly from their IDE.
How to use Turbopentest?
Obtain an API key from <turbopentest.com/settings/api-keys>, then configure your MCP client (Claude Desktop, Claude Code, or Cursor) with the command npx @turbopentest/mcp-server and set the TURBOPENTEST_API_KEY environment variable. The server exposes tools to start pentests, retrieve results, list findings, download reports, and verify attestations.
Key features of Turbopentest
- Start pentests with recon, standard, deep, or blitz tiers (1–20 agents, 30 min–4 hours).
- Get full scan details: status, progress, findings, attack surface map, and STRIDE threat model.
- List and filter all pentests by status with finding counts.
- Retrieve structured findings with severity, CVSS, CWE, PoC, and remediation.
- Download reports in markdown, JSON, or PDF formats.
- Check credit balance and available scan tiers with pricing.
- Verify blockchain-anchored pentest attestations by hash (public, no API key required).
Use cases of Turbopentest
- Launch a penetration test on a staging domain and monitor its progress from your coding assistant.
- Review high-severity vulnerabilities with proof-of-concept and remediation steps without leaving your editor.
- Download a pentest report in markdown for AI-driven analysis or JSON for programmatic processing.
- Verify the authenticity of a pentest attestation using its blockchain hash.
FAQ from Turbopentest
What API key is required?
An API key from <turbopentest.com/settings/api-keys> is required and must be set as the TURBOPENTEST_API_KEY environment variable.
What scan tiers are available and how much do they cost?
Recon (1 agent, 30 min, $49), Standard (4 agents, 1 hour, $99), Deep (10 agents, 2 hours, $299), and Blitz (20 agents, 4 hours, $699).
What tools does the server provide?
The server provides start_pentest, get_pentest, list_pentests, get_findings, download_report, get_credits, verify_attestation, and list_domains.
Is the verify_attestation tool public?
Yes, it is a public tool that does not require an API key.
What are the system requirements?
Node.js 18+ and a TurboPentest account with API access.
More Other MCP servers
Awesome Mlops
visengerA curated list of references for MLOps
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
Maestro
mobile-dev-incPainless E2E Automation for Mobile and Web
Comments