Skip to content

Tool reference

Tools are grouped by tier. The pentest profile exposes read + scan; admin adds the rest. Start with get_target_overview, then page into detail.

read — target & asset data

ToolWhat it returns
get_target_overviewProgram + scopes + per-type asset counts. Call this first.
list_programs / get_programDiscover / fetch a target.
list_scopesScopes for a program.
list_domainsDomains for a target.
list_ip_addressesIPs for a target.
list_portsPorts (+ service) for a target or one IP (ipAddressId).
list_http_pathsHTTP paths for a target or domain — with statusCode, length, tool. The richest recon signal.
list_technologiesTechnologies across a target's assets.
get_http_path_technologies / get_port_technologiesTech on one asset.
list_mobiles / list_wildcards / list_cidrsMobile apps and scope boundaries.

read — scans & workflows

list_scans, get_scan, get_scan_tasks_statistics, list_workflows, get_workflow, export_workflow, list_workers, plus the AI-resolve read tools.

scan — author & run

ToolWhat it does
create_scanCreate and start a scan; parameters scope it to a target.
stop_scanHalt a running scan.
import_workflowDefine a workflow from a JSON document (shape: author-scan-workflow).
update_workflow / add_dependencyEdit an existing workflow.

Example — run an existing workflow against one wildcard, then poll it:

text
create_scan {
  workflowDefinitionId: "…uuid…",
  parameters: { "wildcard": "*.acme.com" }   // keys must match the workflow's declared PARAM/Secret names
}                                            // → returns the new scan's id
get_scan { id }                              // status + step progress
get_scan_tasks_statistics { id }             // per-step task counts, until Completed

parameters / secretValues keys must match the Parameter / Secret names the workflow declares — see author-scan-workflow. Omit parameters to scan all in-phase targets.

admin — not exposed to the pentest agent

delete_scan, delete_workflow, create_worker, trigger_ai_resolve, approve_resolve_item, decline_resolve_item. These require the admin profile.

write — reserved

The write tier (asset mutation) is currently empty — the seam exists for future tools that record or annotate assets an agent discovers, once backend write endpoints exist.


The paged read tools all accept programId / scopeId / platformName filters plus page / limit / search / updatedAfter. Pull cheaply and page — don't request huge result sets. The recon-target skill shows the intended sequence.