firmis pentest - Dynamic Security Probing
Synopsis
Section titled “Synopsis”firmis pentest [path] [options]Description
Section titled “Description”Static analysis finds what is written in the code. firmis pentest finds what happens when you actually call the tool.
firmis scan reads your MCP server configuration and flags suspicious patterns. firmis pentest connects to your running MCP servers, sends controlled security probes, and reports on how each server behaves under attack conditions. The difference is reading a lock specification versus actually trying to pick it.
The pentest engine discovers MCP servers from your config files (claude_desktop_config.json, .vscode/mcp.json, and others), attempts to connect to each one, and runs up to 10 probe types per server. Probes cover prompt injection, tool output manipulation, exfiltration vectors, permission boundary enforcement, and path traversal. All probes are local and controlled - no traffic leaves your environment. Results are reported per-server with pass/fail and severity per probe, plus an aggregate summary.
Use firmis scan in CI on every pull request for fast static coverage. Use firmis pentest before major releases or when a new MCP server is being added to production.
Examples
Section titled “Examples”Run pentest against the current directory
Section titled “Run pentest against the current directory”npx firmis pentest .Run pentest with a JSON report saved to file
Section titled “Run pentest with a JSON report saved to file”npx firmis pentest . --output pentest-report.jsonRun only specific probe types
Section titled “Run only specific probe types”npx firmis pentest . --probes prompt-injection,path-traversalStatic analysis only - no live connections
Section titled “Static analysis only - no live connections”npx firmis pentest . --skip-connectIncrease timeout for slow servers and show verbose output
Section titled “Increase timeout for slow servers and show verbose output”npx firmis pentest . --timeout 30000 --verboseOptions
Section titled “Options”| Flag | Type | Default | Description |
|---|---|---|---|
--timeout <ms> | number | 10000 | Connection timeout per server in milliseconds. Increase for slow or remote servers. |
--max-probes <n> | number | 50 | Maximum number of probes to run per server. |
--output <file> | string | - | Save the full JSON report to a file. |
--skip-connect | boolean | false | Skip live connections and run static analysis only. Useful when servers are not running. |
--probes <types> | string | all | Comma-separated list of probe types to run. Omit to run all available probes. |
--verbose | boolean | false | Show detailed probe payloads, raw server responses, and per-probe evidence. |
Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | All probes passed. No confirmed vulnerabilities. |
0 | No MCP servers found in the target path. |
1 | One or more probes failed. Vulnerabilities confirmed. |
See Also
Section titled “See Also”- scan - static analysis, no running server required
- discover - find MCP servers and other AI platforms before running pentest
- MCP Servers - MCP-specific threat detection rules and what they catch