CounterAgent is organized into subcommands. The top-level entry point is counteragent.
audit
Security scanner for MCP servers. Maps findings to the OWASP MCP Top 10.
audit scan
Scan an MCP server for security vulnerabilities.
counteragent audit scan [OPTIONS]
| Option | Required | Description |
|---|
--transport | Yes | Transport type: stdio, sse, or streamable-http |
--command | When --transport stdio | Server command to spawn (e.g., "python my_server.py") |
--url | When --transport sse or streamable-http | Server URL to connect to |
--checks | No | Comma-separated scanner list (e.g., "injection,auth") |
--output | No | Output file path (default: results/scan.json) |
--format | No | Output format: json or sarif (default: json) |
--verbose / -v | No | Enable debug logging |
counteragent audit scan \
--transport stdio \
--command "python my_server.py"
counteragent audit scan \
--transport stdio \
--command "python my_server.py" \
--checks injection,auth \
--output results/my-scan.json
Use --format sarif with audit scan or audit report to generate SARIF 2.1.0 reports compatible with GitHub Code Scanning.
audit enumerate
Enumerate MCP server capabilities without running security checks.
counteragent audit enumerate [OPTIONS]
| Option | Required | Description |
|---|
--transport | Yes | Transport type: stdio, sse, or streamable-http |
--command | When --transport stdio | Server command to spawn |
--url | When --transport sse or streamable-http | Server URL to connect to |
counteragent audit enumerate \
--transport stdio \
--command "python my_server.py"
audit list-checks
List all available scanner modules and their OWASP mappings.
counteragent audit list-checks
audit report
Generate a report from saved scan results.
counteragent audit report [OPTIONS]
| Option | Required | Description |
|---|
--input | Yes | Path to saved scan results JSON file |
--format | No | Report format: html, json, or sarif (default: html) |
--output | No | Output file path (defaults to input path with new extension) |
Report generation is coming soon. The command is defined but not yet fully implemented.
proxy
Interactive MCP traffic interceptor — “Burp Suite for MCP.” Sits between client and server, intercepting JSON-RPC messages for inspection, modification, and replay.
proxy start
Start the proxy with the interactive TUI.
counteragent proxy start [OPTIONS]
| Option | Required | Description |
|---|
--transport | Yes | Transport type: stdio, sse, or streamable-http |
--target-command | When --transport stdio | Server command to proxy |
--target-url | When --transport sse or streamable-http | Server URL to proxy |
--intercept | No | Start in intercept mode (default: off) |
--listen-port | No | Local port for SSE/HTTP (default: 8888) |
--session-file | No | Auto-save session to this file |
counteragent proxy start \
--transport stdio \
--target-command "python my_server.py"
proxy replay
Replay a captured session against a live server.
counteragent proxy replay [OPTIONS]
| Option | Required | Description |
|---|
--session-file | Yes | Path to a saved session file |
--target-command | Yes* | Server command for replay (stdio) |
--target-url | No | Server URL for replay (not yet implemented) |
--output | No | Save replay results to JSON |
--timeout | No | Per-message response timeout in seconds (default: 10.0) |
--no-handshake | No | Skip auto-handshake if session already includes initialize |
counteragent proxy replay \
--session-file session.json \
--target-command "python my_server.py"
proxy export
Export a session to JSON.
counteragent proxy export [OPTIONS]
| Option | Required | Description |
|---|
--session-file | Yes | Path to a saved session file |
--output | Yes | Output file path |
--output-format | No | Export format (default: json) |
counteragent proxy export \
--session-file session.json \
--output report.json
proxy inspect
Print session contents to stdout (non-interactive).
counteragent proxy inspect [OPTIONS]
| Option | Required | Description |
|---|
--session-file | Yes | Path to a saved session file |
--verbose / -v | No | Show full JSON payloads |
counteragent proxy inspect --session-file session.json -v
Future modules
counteragent inject --help # Tool poisoning & prompt injection [Phase 2]
counteragent chain --help # Multi-agent attack chains [Phase 3]