npm - @integsec/agentic-pentest-proxy - Versions diffs - 0.1.0 → 0.1.2 - Mend

@integsec/agentic-pentest-proxy 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +20 -21
package/dist/src/transports/stdio.d.ts.map +1 -1
package/dist/src/transports/stdio.js +8 -1
package/dist/src/transports/stdio.js.map +1 -1
package/examples/claude-desktop-config.json +2 -2
package/examples/scope-test-integsec.json +32 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -2,23 +2,23 @@
 **Scope enforcement proxy for AI-driven penetration testing.**
-The IntegSec Agentic Pentest MCP Proxy sits between an AI agent (Claude, GPT, etc.) and an MCP tool server (Kali MCP, Nuclei MCP, [TurboPentest](https://turbopentest.com), etc.), intercepting every tool call and validating it against a scope manifest before it reaches the upstream server. Out-of-scope targets, banned techniques, and expired engagement windows are blocked in real time with a full audit trail.
+The IntegSec Agentic Pentest MCP Proxy sits between an AI agent (Claude, GPT, etc.) and an MCP tool server ([TurboPentest](https://turbopentest.com), Nuclei MCP, etc.), intercepting every tool call and validating it against a scope manifest before it reaches the upstream server. Out-of-scope targets, banned techniques, and expired engagement windows are blocked in real time with a full audit trail.
 Built by **[IntegSec](https://integsec.com)** — offensive cybersecurity testing and threat simulation for modern organizations moving at AI speed.
 ```
-┌──────────┐     JSON-RPC      ┌─────────────────────┐     JSON-RPC      ┌──────────────┐
-│ AI Agent │ ──────────────────▶│ IntegSec Agentic    │ ──────────────────▶│ Upstream MCP │
-│ (Claude) │ ◀──────────────────│ Pentest MCP Proxy   │ ◀──────────────────│  (Kali /     │
-└──────────┘   allow / block    │        audit)       │    forwarded       │ TurboPentest)│
-                                └─────────────────────┘                    └──────────────┘
-                                        │
-                                        ▼
-                                  ┌───────────┐
-                                  │ Audit Log │
-                                  │ (JSONL /  │
-                                  │  Cloud)   │
-                                  └───────────┘
++------------+  JSON-RPC   +---------------------+  JSON-RPC   +----------------+
+|  AI Agent  | ----------> | IntegSec Agentic    | ----------> |  Upstream MCP  |
+|  (Claude)  | <---------- | Pentest MCP Proxy   | <---------- | (TurboPentest) |
++------------+ allow/block | (validate + audit)  |  forwarded  +----------------+
+                           +---------------------+
+                                     |
+                                     v
+                               +-----------+
+                               | Audit Log |
+                               | (JSONL /  |
+                               |  Cloud)   |
+                               +-----------+
 ```
 > **Using AI agents for pentesting?** [TurboPentest](https://turbopentest.com) delivers agentic penetration testing powered by Claude — 15 orchestrated security tools, OWASP Top 10 coverage, results in under 4 hours, blockchain-attested reports. Starting at $99/domain. Pair it with this proxy for scope-safe autonomous testing.
@@ -66,7 +66,6 @@ The IntegSec Agentic Pentest MCP Proxy solves this by enforcing scope at the pro
 **No prompt engineering. No honor system. Enforcement.**
-This is the same scope enforcement philosophy behind [IntegSec's](https://integsec.com) human-expert-led penetration testing services — applied to autonomous AI agents.
 ---
@@ -116,10 +115,10 @@ cat > scope.json << 'EOF'
 }
 EOF
-# Run the proxy (stdio mode, wrapping kali-mcp)
+# Run the proxy (stdio mode, wrapping TurboPentest MCP)
 SCOPE_MANIFEST_PATH=./scope.json \
 UPSTREAM_MCP_COMMAND=npx \
-UPSTREAM_MCP_ARGS="-y,@anthropic/kali-mcp" \
+UPSTREAM_MCP_ARGS="-y,@turbopentest/mcp-server" \
 integsec-agentic-pentest-proxy
 ```
@@ -275,7 +274,7 @@ Point `TECHNIQUE_MAP_PATH` at this file. Custom mappings are merged with built-i
 # stdio mode — wrap any MCP server
 SCOPE_MANIFEST_PATH=./scope.json \
 UPSTREAM_MCP_COMMAND=npx \
-UPSTREAM_MCP_ARGS="-y,@anthropic/kali-mcp" \
+UPSTREAM_MCP_ARGS="-y,@turbopentest/mcp-server" \
 integsec-agentic-pentest-proxy
 # HTTP mode — reverse proxy to a running MCP server
@@ -293,14 +292,14 @@ Add to your Claude Desktop `claude_desktop_config.json`:
 ```json
 {
   "mcpServers": {
-    "kali-mcp-scoped": {
+    "turbopentest-scoped": {
       "command": "npx",
       "args": ["-y", "@integsec/agentic-pentest-proxy"],
       "env": {
         "SCOPE_MANIFEST_PATH": "/path/to/scope.json",
         "MCP_TRANSPORT": "stdio",
         "UPSTREAM_MCP_COMMAND": "npx",
-        "UPSTREAM_MCP_ARGS": "-y,@anthropic/kali-mcp",
+        "UPSTREAM_MCP_ARGS": "-y,@turbopentest/mcp-server",
         "AUDIT_LOG_PATH": "./audit/"
       }
     }
@@ -315,13 +314,13 @@ Add to your `.mcp.json` or project settings:
 ```json
 {
   "mcpServers": {
-    "kali-scoped": {
+    "turbopentest-scoped": {
       "command": "npx",
       "args": ["-y", "@integsec/agentic-pentest-proxy"],
       "env": {
         "SCOPE_MANIFEST_PATH": "./scope.json",
         "UPSTREAM_MCP_COMMAND": "npx",
-        "UPSTREAM_MCP_ARGS": "-y,@anthropic/kali-mcp"
+        "UPSTREAM_MCP_ARGS": "-y,@turbopentest/mcp-server"
       }
     }
   }

package/dist/src/transports/stdio.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../../src/transports/stdio.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,wBAAsB,aAAa,CACjC,KAAK,EAAE,qBAAqB,EAC5B,eAAe,EAAE,MAAM,EACvB,YAAY,GAAE,MAAM,EAAO,GAC1B,OAAO,CAAC,IAAI,CAAC,~~CAoDf~~"}
1	+ {"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../../src/transports/stdio.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,wBAAsB,aAAa,CACjC,KAAK,EAAE,qBAAqB,EAC5B,eAAe,EAAE,MAAM,EACvB,YAAY,GAAE,MAAM,EAAO,GAC1B,OAAO,CAAC,IAAI,CAAC,CA2Df"}

package/dist/src/transports/stdio.js CHANGED Viewed

@@ -1,8 +1,15 @@
 import { spawn } from "child_process";
 import { createInterface } from "readline";
 export async function runStdioProxy(proxy, upstreamCommand, upstreamArgs = []) {
-    const upstream = spawn(upstreamCommand, upstreamArgs, {
+    // On Windows, commands like "npx" are .cmd wrappers that require shell
+    // resolution, and paths may contain spaces (e.g. "C:\Program Files\...").
+    // Build a single quoted command string and use shell: true with no args
+    // array to avoid ENOENT, EINVAL, and DEP0190 issues.
+    const quote = (s) => (s.includes(" ") ? `"${s}"` : s);
+    const cmdString = [quote(upstreamCommand), ...upstreamArgs.map(quote)].join(" ");
+    const upstream = spawn(cmdString, {
         stdio: ["pipe", "pipe", "inherit"],
+        shell: true,
     });
     if (!upstream.stdin || !upstream.stdout) {
         throw new Error("Failed to open stdio pipes to upstream MCP server");

package/dist/src/transports/stdio.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/transports/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAA4B,EAC5B,eAAuB,EACvB,eAAyB,EAAE;IAE3B,MAAM,QAAQ,~~GAAiB~~,KAAK,CAAC,eAAe,EAAE,YAAY,EAAE;~~QAClE~~,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;~~KACnC~~,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,cAAc,EAAE,CAAC;IAC3C,WAAW,CAAC,KAAK,EAAE,CAAC;IAEpB,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;IAExF,2BAA2B;IAC3B,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;YAC/C,QAAQ,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACjC,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
1	+ {"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/transports/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAA4B,EAC5B,eAAuB,EACvB,eAAyB,EAAE;IAE3B,uEAAuE;IACvE,0EAA0E;IAC1E,wEAAwE;IACxE,qDAAqD;IACrD,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjF,MAAM,QAAQ,GAAiB,KAAK,CAAC,SAAS,EAAE;QAC9C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;QAClC,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,cAAc,EAAE,CAAC;IAC3C,WAAW,CAAC,KAAK,EAAE,CAAC;IAEpB,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;IAExF,2BAA2B;IAC3B,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;YAC/C,QAAQ,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACjC,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/examples/claude-desktop-config.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "mcpServers": {
-    "kali-mcp-scoped": {
+    "turbopentest-scoped": {
       "command": "npx",
       "args": ["-y", "@integsec/agentic-pentest-proxy"],
       "env": {
         "SCOPE_MANIFEST_PATH": "/path/to/scope.json",
         "MCP_TRANSPORT": "stdio",
         "UPSTREAM_MCP_COMMAND": "npx",
-        "UPSTREAM_MCP_ARGS": "-y,@anthropic/kali-mcp",
+        "UPSTREAM_MCP_ARGS": "-y,@turbopentest/mcp-server",
         "AUDIT_LOG_PATH": "./audit/"
       }
     }

package/examples/scope-test-integsec.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "engagement_id": "ENG-2026-TEST-001",
+  "client": "IntegSec Internal",
+  "operator": "security@integsec.com",
+  "authorized_targets": {
+    "ip_ranges": [],
+    "domains": [
+      "turbopentest.com",
+      "*.turbopentest.com",
+      "integsec.com",
+      "*.integsec.com",
+      "lfo.pw",
+      "*.lfo.pw",
+      "pentestprepper.com",
+      "*.pentestprepper.com"
+    ],
+    "urls": [
+      "https://turbopentest.com",
+      "https://integsec.com",
+      "https://lfo.pw",
+      "https://pentestprepper.com"
+    ],
+    "cloud_accounts": []
+  },
+  "excluded_targets": [],
+  "authorized_techniques": ["recon", "web_app", "api_testing", "ssl_tls"],
+  "excluded_techniques": ["dos", "destructive", "social_engineering"],
+  "engagement_window": {
+    "start": "2026-03-27T00:00:00Z",
+    "end": "2026-04-27T23:59:59Z"
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@integsec/agentic-pentest-proxy",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "IntegSec Agentic Pentest MCP Proxy — enforce penetration testing engagement scope for AI agents",
   "type": "module",
   "bin": {