Start with agent.guide
The MCP guide tells the agent what tools exist, what is read-only, what requires scope, and how to avoid surprise active testing.
Crusader exposes captured traffic, scope, identities, findings, project memory, read-only SQL, plugins, and selected workflows through MCP and a JSON CLI. Agents can inspect and plan first; active or write-capable behavior stays scoped and human-gated.
Good security agents need more than a prompt. They need target scope, project history, safe read surfaces, explicit proof steps, and a clear boundary between analysis and actions that touch the target.
The MCP guide tells the agent what tools exist, what is read-only, what requires scope, and how to avoid surprise active testing.
Agents can search captured traffic, findings, scope, endpoint metadata, and project memory without sending new requests.
Use the agent to propose IDOR candidates, OAST probes, scanner triage, or replay plans before a human approves execution.
JavaScript extensions can add targeted helpers and expose safe tools over MCP for repeatable workflows.
The project database is the shared source of truth: exchanges, findings, endpoint metadata, Beacon events, imported traffic, and full-text search. Crusader's SQL surface is read-only and accepts only safe statement families.
crusader mcp tools
crusader sql tables
crusader sql schema exchanges
crusader sql query "SELECT host, COUNT(*) n FROM exchanges GROUP BY host ORDER BY n DESC LIMIT 20"
Use agents for the repetitive work that benefits from complete context: summarizing large captures, ranking likely authorization candidates, turning endpoint metadata into a test plan, checking findings for evidence quality, and generating reports from verified proof.
Find hosts, endpoints, parameters, object IDs, auth transitions, and response patterns worth manual review.
Agents can identify object-bearing routes and propose safe identity replay plans before humans run them.
Package repeatable logic as extensions, expose them as MCP tools, and keep install preview visible.
Turn confirmed findings into concise reports while preserving the request, response, actor, and proof chain.
Agentic workflows become stronger when tied to concrete proxy, mobile, fingerprint, and authorization testing loops.
Download Crusader free for the local proxy, history, read-only MCP, SQL, and plugins. Start Hunter Pro in-app for active proof, full automation, hosted Beacon, identity replay, mobile, and reports.
Download Crusader →