Appearance
MCP overview
Sonar exposes its capabilities to AI agents through an MCP server (Model Context Protocol). The headline use case: give an external pentest agent a safe, capable surface to read a target and to author and run its own scans — without handing it the keys to the whole platform.
Least privilege by design
Every tool declares a tier, and a profile decides which tiers an agent actually sees:
| Profile | Tiers it exposes | For |
|---|---|---|
admin | read + scan + write + admin | operators / internal (stdio default) |
pentest | read + scan | the remote pentest agent (HTTP default) |
readonly | read | dashboards / audits |
The remote endpoint defaults to pentest: the agent can read every asset and author/run scans, but cannot delete workflows, approve scope items, or perform any destructive admin action. The write tier (asset mutation) is reserved and currently empty — the seam is in place for when it's needed.
Vocabulary
A target is a program (a bug-bounty program), optionally narrowed to a scope. Most read tools take a programId (and optionally scopeId). See Asset model for the full picture.
Your first recon (four calls)
text
1. list_programs { search: "acme" } → find the target, note its programId
2. get_target_overview { programId } → program + scopes + per-type asset counts
3. list_http_paths { programId, limit: 50 } → live paths with statusCode + length
4. list_ports { programId } → open ports and servicesStart with list_programs to discover a target — it's the entry point. Then page into the asset types the counts tell you are worth pulling. The recon-target skill walks this in depth.
What an agent can do
- Read a target —
get_target_overviewgives program + scopes + per-type asset counts; thenlist_domains/list_ports/list_http_paths/list_technologies/ … page into detail. See Tool reference. - Author & run scans —
import_workflowto define a workflow,create_scanto run one (scoped to a target),get_scan/get_scan_tasks_statisticsto monitor. Results from a finished scan land in the asset tables — read them back with the samelist_*tools, scoped to the target.
The agent skills turn these tools into repeatable playbooks: recon a target, author a workflow, run a scan.
Two ways to connect
- Remote (HTTP) — the pentest agent connects over HTTPS to a subdomain, gated by a secret token. This is the main path — see Setup.
- Local (stdio) — a co-located agent / Claude Desktop launches the server as a subprocess. Defaults to the
adminprofile.