162 MCP tools
The proxy, scanner, intruder, decoder, crawler and Oastify — all callable over the open Model Context Protocol.
Set a budget, hit explore, and an autonomous agent drives every tool over 162 MCP tools — or wire Claude Code, Cursor or your own agent straight in.
The proxy, scanner, intruder, decoder, crawler and Oastify — all callable over the open Model Context Protocol.
Give it a scope and a budget; it drives the tools, follows leads and reports findings.
Claude Code, Cursor, Codex or your own tooling — one JSON block of config.
MCP Activity shows each tool call the agent makes, live — nothing happens off-screen.
Burp and Caido have no native MCP surface; AI use means plugins or copy-paste. In Hugin the tools you drive by hand ARE the agent's tools — the same surface, exposed once.
Every request your browser makes, on your terms — pause it, rewrite it, release it. HTTP/1.1, HTTP/2, HTTP/3 and WebSocket, with on-the-fly TLS.
An active and passive scanner that ships free — OWASP and API Top 10, with blind out-of-band detection.
Send it once. Change one field. Send it again. The careful, hand-driven probe — request and response side by side, over and over.
Automated payload attacks at full speed — four modes, 21 generators, 32 processors, and a Turbo mode with raw-TCP batching.
Beat check-then-act windows the proxy can't reach — single-packet attacks, last-byte sync and barrier coordination.
Extend the scanner without trusting the code — community modules compiled to WebAssembly and run in a hard sandbox.