attack_surface_monitor
ActiveTool of @gapup/mcp-knowledge
Surveillance surface d'attaque — Gapup agent-payable C-suite expertise (RISK). Returns a structured, audited deliverable. Answers: Which Internet-facing assets of <domain> combine a critical CVE, an exposed service, and no WAF — top findings to fix in 14 days? · What is the attack surface of <domain>: subdomains, open ports, SSL/TLS grades, and associated CVEs? · Give me a CISO-ready ASM report with blast radius estimate and SLA-driven remediation plan for <domain>. · What is the email phishing risk for <domain>? Assess SPF/DMARC posture and recommend improvements. · During M&A due diligence, what are the top cyber exposures on <domain>'s Internet-facing infrastructure? Reference case: Velora Payments — 8 assets exposés · 2 critiques (CVE-2023-44487 HTTP/2 RapidReset, Admin panel ouvert) · . Inputs are validated server-side — send the documented case fields.
Parameters schema
{
"type": "object",
"required": [
"domain",
"include_email_surface"
],
"properties": {
"async": {
"type": "boolean",
"description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
},
"focus": {
"type": "string",
"maxLength": 500
},
"domain": {
"type": "string",
"maxLength": 253,
"minLength": 4
},
"exclusions": {
"type": "array",
"items": {
"type": "string",
"maxLength": 253
},
"maxItems": 20
},
"scope_cidrs": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 5
},
"include_email_surface": {
"type": "boolean",
"default": true
}
},
"additionalProperties": true
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
@gapup/mcp-knowledge
https://github.com/getgapup/gapup-mcp
2/7 registries