Skip to content

MCP overview

Sonar exposes its capabilities to AI agents through an MCP server (Model Context Protocol). The headline use case: give an external pentest agent a safe, capable surface to read a target and to author and run its own scans — without handing it the keys to the whole platform.

Least privilege by design

Every tool declares a tier, and a profile decides which tiers an agent actually sees:

ProfileTiers it exposesFor
adminread + scan + write + adminoperators / internal (stdio default)
pentestread + scanthe remote pentest agent (HTTP default)
readonlyreaddashboards / audits

The remote endpoint defaults to pentest: the agent can read every asset and author/run scans, but cannot delete workflows, approve scope items, or perform any destructive admin action. The write tier (asset mutation) is reserved and currently empty — the seam is in place for when it's needed.

Vocabulary

A target is a program (a bug-bounty program), optionally narrowed to a scope. Most read tools take a programId (and optionally scopeId). See Asset model for the full picture.

Your first recon (four calls)

text
1. list_programs { search: "acme" }          → find the target, note its programId
2. get_target_overview { programId }          → program + scopes + per-type asset counts
3. list_http_paths { programId, limit: 50 }   → live paths with statusCode + length
4. list_ports { programId }                   → open ports and services

Start with list_programs to discover a target — it's the entry point. Then page into the asset types the counts tell you are worth pulling. The recon-target skill walks this in depth.

What an agent can do

  • Read a targetget_target_overview gives program + scopes + per-type asset counts; then list_domains / list_ports / list_http_paths / list_technologies / … page into detail. See Tool reference.
  • Author & run scansimport_workflow to define a workflow, create_scan to run one (scoped to a target), get_scan / get_scan_tasks_statistics to monitor. Results from a finished scan land in the asset tables — read them back with the same list_* tools, scoped to the target.

The agent skills turn these tools into repeatable playbooks: recon a target, author a workflow, run a scan.

Two ways to connect

  • Remote (HTTP) — the pentest agent connects over HTTPS to a subdomain, gated by a secret token. This is the main path — see Setup.
  • Local (stdio) — a co-located agent / Claude Desktop launches the server as a subprocess. Defaults to the admin profile.