Security Scanning Tools

Security scanning tools enable agents to assess network security, analyze SSL/TLS configurations, check DNS records, and detect potential vulnerabilities.

These tools should only be used on systems you own or have explicit permission to test. Unauthorized scanning may be illegal.

Port Scanner

port_scan

Scan TCP ports and detect exposed services.

host

string

required

Hostname or IP address to scan

ports

string

default:"top20"

Ports to scan: “top20”, “top100”, or comma-separated list

timeout

integer

default:"3"

Connection timeout in seconds (1-10)

grab_banner

boolean

default:"true"

Attempt to grab service banners

result = port_scan(
    host="example.com",
    ports="top20"
)

if result["success"]:
    print(f"Host: {result['host']}")
    print(f"Open ports: {result['open_count']}")
    
    for port in result["open_ports"]:
        print(f"Port {port['port']}: {port['service']}")
        if port.get('banner'):
            print(f"  Banner: {port['banner']}")

Risk Categories

Ports are categorized by risk level:

High Risk
Medium Risk
Low Risk

Database Ports (should not be exposed):

3306 - MySQL
5432 - PostgreSQL
1433 - MSSQL
6379 - Redis
27017/27018 - MongoDB
9200/9300 - Elasticsearch

Admin Interfaces:

3389 - RDP
5900 - VNC
10000 - Webmin

Common Port Mappings

PORT_SERVICE_MAP = {
"FTP",
"SSH",
"Telnet",
"SMTP",
"HTTP",
"HTTPS",
"MySQL",
"RDP",
"PostgreSQL",
"Redis",
"HTTP-Alt",
"MongoDB"
}

SSL/TLS Scanner

ssl_tls_scan

Analyze SSL/TLS configuration and certificate.

host

string

required

Hostname to scan

port

integer

default:"443"

Port to scan (default: 443)

Example

result = ssl_tls_scan(
    host="example.com",
    port=443
)

if result["success"]:
    cert = result["certificate"]
    print(f"Subject: {cert['subject']}")
    print(f"Issuer: {cert['issuer']}")
    print(f"Valid from: {cert['not_before']}")
    print(f"Valid until: {cert['not_after']}")
    print(f"Days remaining: {cert['days_remaining']}")
    
    config = result["tls_config"]
    print(f"\nTLS Version: {config['version']}")
    print(f"Cipher Suite: {config['cipher']}")
    print(f"Key Size: {config['key_size']} bits")
    
    if result["vulnerabilities"]:
        print("\nVulnerabilities:")
        for vuln in result["vulnerabilities"]:
            print(f"  - {vuln['name']}: {vuln['severity']}")

Checks Performed

Certificate validity and expiration
Certificate chain verification
Hostname verification
TLS protocol version support
Cipher suite strength
Common vulnerabilities:
- Expired certificates
- Self-signed certificates
- Weak ciphers (RC4, 3DES)
- SSLv3/TLS 1.0 support
- Missing intermediate certificates

DNS Security Scanner

dns_security_scan

Check DNS security records (SPF, DMARC, DKIM, DNSSEC).

domain

string

required

Domain to scan

Example

result = dns_security_scan(domain="example.com")

if result["success"]:
    print(f"Domain: {result['domain']}")
    
    # SPF Record
    spf = result["spf"]
    print(f"\nSPF: {spf['status']}")
    if spf['record']:
        print(f"Record: {spf['record']}")
        print(f"Valid: {spf['valid']}")
    
    # DMARC Record
    dmarc = result["dmarc"]
    print(f"\nDMARC: {dmarc['status']}")
    if dmarc['record']:
        print(f"Policy: {dmarc['policy']}")
        print(f"Aggregate Reports: {dmarc['rua']}")
    
    # DKIM
    dkim = result["dkim"]
    print(f"\nDKIM: {dkim['status']}")
    
    # DNSSEC
    dnssec = result["dnssec"]
    print(f"\nDNSSEC: {dnssec['enabled']}")
    
    # Security Score
    print(f"\nSecurity Score: {result['security_score']}/100")
    
    if result["recommendations"]:
        print("\nRecommendations:")
        for rec in result["recommendations"]:
            print(f"  - {rec}")

DNS Records Checked

SPF (Sender Policy Framework)

Prevents email spoofing by specifying authorized mail servers.Example SPF record:

v=spf1 ip4:192.0.2.0/24 include:_spf.google.com ~all

Checks:

Record exists
Syntax is valid
No more than 10 DNS lookups
Ends with -all or ~all

DMARC (Domain-based Message Authentication)

Provides policy for handling SPF/DKIM failures.Example DMARC record:

v=DMARC1; p=reject; rua=mailto:[email protected]

Checks:

Record exists
Policy is set (none, quarantine, reject)
Aggregate reporting configured

DKIM (DomainKeys Identified Mail)

Cryptographically signs emails to verify authenticity.Checks:

Common selectors exist (default, google, mail)
Public key is published

DNSSEC

Cryptographically signs DNS records to prevent tampering.Checks:

DNSSEC is enabled
DS records exist in parent zone
Chain of trust is valid

HTTP Headers Scanner

http_headers_scan

Check security-related HTTP response headers.

url

string

required

URL to scan

follow_redirects

boolean

default:"true"

Follow HTTP redirects

Example

result = http_headers_scan(
    url="https://example.com",
    follow_redirects=True
)

if result["success"]:
    print(f"URL: {result['url']}")
    print(f"Status: {result['status_code']}")
    
    headers = result["security_headers"]
    print("\nSecurity Headers:")
    for name, info in headers.items():
        status = "✓" if info['present'] else "✗"
        print(f"{status} {name}: {info['value'] or 'Not set'}")
    
    print(f"\nSecurity Score: {result['security_score']}/100")
    
    if result["missing_headers"]:
        print("\nMissing Headers:")
        for header in result["missing_headers"]:
            print(f"  - {header['name']}: {header['recommendation']}")

Security Headers

Header	Purpose	Recommendation
`Strict-Transport-Security`	Force HTTPS	`max-age=31536000; includeSubDomains`
`Content-Security-Policy`	Prevent XSS	`default-src 'self'`
`X-Frame-Options`	Prevent clickjacking	`DENY` or `SAMEORIGIN`
`X-Content-Type-Options`	Prevent MIME sniffing	`nosniff`
`Referrer-Policy`	Control referrer info	`strict-origin-when-cross-origin`
`Permissions-Policy`	Control browser features	`geolocation=(), camera=()`

Subdomain Enumeration

subdomain_enumerate

Enumerate subdomains via DNS.

domain

string

required

Domain to enumerate

method

string

default:"dns"

Enumeration method: “dns”, “brute”, or “all”

wordlist

string

Path to wordlist for brute force

Example

result = subdomain_enumerate(
    domain="example.com",
    method="dns"
)

if result["success"]:
    print(f"Domain: {result['domain']}")
    print(f"Subdomains found: {result['count']}")
    
    for subdomain in result["subdomains"]:
        print(f"{subdomain['name']}: {subdomain['ip']}")

Technology Stack Detection

tech_stack_detect

Detect technologies used by a website.

url

string

required

URL to analyze

Example

result = tech_stack_detect(url="https://example.com")

if result["success"]:
    print(f"URL: {result['url']}")
    
    if result["web_server"]:
        print(f"\nWeb Server: {result['web_server']}")
    
    if result["frameworks"]:
        print("\nFrameworks:")
        for fw in result["frameworks"]:
            print(f"  - {fw['name']} {fw['version']}")
    
    if result["cms"]:
        print(f"\nCMS: {result['cms']}")
    
    if result["analytics"]:
        print("\nAnalytics:")
        for tool in result["analytics"]:
            print(f"  - {tool}")

Detection Methods

HTTP response headers
HTML meta tags
JavaScript libraries
CSS frameworks
Cookie names
URL patterns
Favicon hashes

Risk Scoring

risk_score

Compute overall security risk grade.

host

string

required

Hostname or domain to assess

include_port_scan

boolean

default:"true"

Include port scan in assessment

include_ssl_check

boolean

default:"true"

Include SSL/TLS check

include_dns_check

boolean

default:"true"

Include DNS security check

include_headers_check

boolean

default:"true"

Include HTTP headers check

Example

result = risk_score(
    host="example.com",
    include_port_scan=True,
    include_ssl_check=True,
    include_dns_check=True,
    include_headers_check=True
)

if result["success"]:
    print(f"Host: {result['host']}")
    print(f"Overall Grade: {result['grade']}")
    print(f"Risk Score: {result['score']}/100")
    
    print("\nCategory Scores:")
    for category, score in result["category_scores"].items():
        print(f"  {category}: {score}/100")
    
    if result["critical_issues"]:
        print("\nCritical Issues:")
        for issue in result["critical_issues"]:
            print(f"  - {issue['description']}")
            print(f"    Remediation: {issue['remediation']}")
    
    if result["recommendations"]:
        print("\nRecommendations:")
        for rec in result["recommendations"]:
            print(f"  - {rec}")

Risk Grades

Grade	Score Range	Description
A+	95-100	Excellent security posture
A	85-94	Strong security
B	70-84	Good security with minor issues
C	50-69	Moderate security concerns
D	30-49	Significant security issues
F	0-29	Critical security problems

Best Practices

Legal Compliance

Only scan systems you own or have permission to test
Check local laws regarding security testing
Respect robots.txt and security.txt
Use appropriate scan timing to avoid disruption

Rate Limiting

Avoid overwhelming target systems:

import time

# Scan multiple hosts with delays
hosts = ["host1.com", "host2.com", "host3.com"]
for host in hosts:
    result = port_scan(host=host, ports="top20")
    time.sleep(5)  # 5 second delay between scans

Interpreting Results

Not all findings are vulnerabilities:

Open port 80/443 is normal for web servers
Self-signed certs are acceptable for internal use
Missing SPF is only an issue for mail domains

Prioritize by:

Critical: Exposed databases, weak SSL
High: Missing security headers, legacy protocols
Medium: Missing DNS records, outdated software
Low: Informational findings

Remediation Priority

Fix vulnerabilities in this order:

Exposed sensitive services - Close database ports
SSL/TLS issues - Update certs, disable weak ciphers
Email security - Configure SPF, DMARC, DKIM
HTTP headers - Add security headers
Legacy protocols - Disable FTP, Telnet

Example: Complete Security Audit

Security Audit Script

def security_audit(host: str) -> dict:
    """Perform comprehensive security audit."""
    
    print(f"Starting security audit for {host}...\n")
    
    # Overall risk score
    risk = risk_score(
        host=host,
        include_port_scan=True,
        include_ssl_check=True,
        include_dns_check=True,
        include_headers_check=True
    )
    
    print(f"Overall Grade: {risk['grade']}")
    print(f"Risk Score: {risk['score']}/100\n")
    
    # Critical issues
    if risk["critical_issues"]:
        print("CRITICAL ISSUES:")
        for issue in risk["critical_issues"]:
            print(f"  - {issue['description']}")
            print(f"    Fix: {issue['remediation']}\n")
    
    return risk

# Run audit
result = security_audit("example.com")

Overview

Built-in Tools

MCP Integration

Security Scanning Tools

Security Scanning Tools

Port Scanner

port_scan

Risk Categories

Common Port Mappings

SSL/TLS Scanner

ssl_tls_scan

Checks Performed

DNS Security Scanner

dns_security_scan

DNS Records Checked

HTTP Headers Scanner

http_headers_scan

Security Headers

Subdomain Enumeration

subdomain_enumerate

Technology Stack Detection

tech_stack_detect

Detection Methods

Risk Scoring

risk_score

Risk Grades

Best Practices

Example: Complete Security Audit

Next Steps

MCP Server Setup

Creating Tools

Build docs developers (and LLMs) love

Overview

Built-in Tools

MCP Integration

​Security Scanning Tools

​Port Scanner

​port_scan

​Risk Categories

​Common Port Mappings

​SSL/TLS Scanner

​ssl_tls_scan

​Checks Performed

​DNS Security Scanner

​dns_security_scan

​DNS Records Checked

​HTTP Headers Scanner

​http_headers_scan

​Security Headers

​Subdomain Enumeration

​subdomain_enumerate

​Technology Stack Detection

​tech_stack_detect

​Detection Methods

​Risk Scoring

​risk_score

​Risk Grades

​Best Practices

​Example: Complete Security Audit

​Next Steps

MCP Server Setup

Creating Tools

Build docs developers (and LLMs) love

Security Scanning Tools

Port Scanner

port_scan

Risk Categories

Common Port Mappings

SSL/TLS Scanner

ssl_tls_scan

Checks Performed

DNS Security Scanner

dns_security_scan

DNS Records Checked

HTTP Headers Scanner

http_headers_scan

Security Headers

Subdomain Enumeration

subdomain_enumerate

Technology Stack Detection

tech_stack_detect

Detection Methods

Risk Scoring

risk_score

Risk Grades

Best Practices

Example: Complete Security Audit

Next Steps