Agentic security testing

Give agents project context without giving them reckless network power.

Crusader exposes captured traffic, scope, identities, findings, project memory, read-only SQL, plugins, and selected workflows through MCP and a JSON CLI. Agents can inspect and plan first; active or write-capable behavior stays scoped and human-gated.

MCP tool surface JSON CLI Read-only SQL and FTS Plugin tools

The agent loop Crusader supports

Good security agents need more than a prompt. They need target scope, project history, safe read surfaces, explicit proof steps, and a clear boundary between analysis and actions that touch the target.

Guide

Start with agent.guide

The MCP guide tells the agent what tools exist, what is read-only, what requires scope, and how to avoid surprise active testing.

Read

Inspect local project history

Agents can search captured traffic, findings, scope, endpoint metadata, and project memory without sending new requests.

Plan

Draft proof steps

Use the agent to propose IDOR candidates, OAST probes, scanner triage, or replay plans before a human approves execution.

Extend

Expose plugins as tools

JavaScript extensions can add targeted helpers and expose safe tools over MCP for repeatable workflows.

Local-first context for agents

The project database is the shared source of truth: exchanges, findings, endpoint metadata, Beacon events, imported traffic, and full-text search. Crusader's SQL surface is read-only and accepts only safe statement families.

crusader mcp tools
crusader sql tables
crusader sql schema exchanges
crusader sql query "SELECT host, COUNT(*) n FROM exchanges GROUP BY host ORDER BY n DESC LIMIT 20"

What agents are good at here

Use agents for the repetitive work that benefits from complete context: summarizing large captures, ranking likely authorization candidates, turning endpoint metadata into a test plan, checking findings for evidence quality, and generating reports from verified proof.

Triage

Rank captured surface

Find hosts, endpoints, parameters, object IDs, auth transitions, and response patterns worth manual review.

IDOR

Suggest replay candidates

Agents can identify object-bearing routes and propose safe identity replay plans before humans run them.

Plugins

Automate domain-specific checks

Package repeatable logic as extensions, expose them as MCP tools, and keep install preview visible.

Reports

Write from evidence

Turn confirmed findings into concise reports while preserving the request, response, actor, and proof chain.

Related topic hubs

Agentic workflows become stronger when tied to concrete proxy, mobile, fingerprint, and authorization testing loops.

Let agents inspect. Keep control of execution.

Download Crusader free for the local proxy, history, read-only MCP, SQL, and plugins. Start Hunter Pro in-app for active proof, full automation, hosted Beacon, identity replay, mobile, and reports.

Download Crusader