security_scan
Scan domains for DNS misconfigurations, missing SPF/DKIM/DMARC records, cookie security issues, and other web vulnerabilities. Returns findings with severity levels from critical to informational.
Instructions
Run a security scan on a domain to detect DNS misconfigurations, missing SPF/DKIM/DMARC records, cookie security issues, and other web security vulnerabilities. Returns findings with severity levels (critical, high, medium, low, info).
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain name to security scan (e.g. example.com) |
Implementation Reference
- src/tools.ts:272-298 (registration)The security_scan tool is defined and registered here, directly invoking the API.
server.tool( "security_scan", "Run a security scan on a domain to detect DNS misconfigurations, missing SPF/DKIM/DMARC records, cookie security issues, and other web security vulnerabilities. Returns findings with severity levels (critical, high, medium, low, info).", { domain: z.string().describe("Domain name to security scan (e.g. example.com)"), }, async ({ domain }) => { try { const result = await apiPost( "/v1/security-scan", { domain }, { prefix: "/scanner-api", timeout: 60000 } ); return { content: [{ type: "text", text: formatJson(result) }] }; } catch (error) { return { content: [ { type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}`, }, ], isError: true, }; } } );