Detect MCP, A2A Agents, and Open LLM Interfaces Using AgentScan

AgentScan extends traditional port scanning by identifying MCP servers, A2A agents, and open LLM interfaces, revealing available tools, agent capabilities, model lists, and authentication status, with detailed usage commands and configurable parameters.

Black & White Path
Black & White Path
Black & White Path
Detect MCP, A2A Agents, and Open LLM Interfaces Using AgentScan

Traditional port scanners only report that an HTTP service exists. AgentScan adds a second layer by determining whether the service is an MCP server, an A2A Agent, or an open LLM interface, and it outputs available tools, agent capabilities, model lists, and authentication status.

Capabilities

MCP Server : detects streamable HTTP, legacy HTTP+SSE, provides tool/resource/prompt lists, authentication status, and honeypot signals.

A2A Agent : extracts Agent Card, skills, interfaces, unauthenticated JSON‑RPC reachability, and private‑network address leakage.

LLM Open Interfaces : supports Ollama, vLLM, SGLang, TGI, llama.cpp, Xinference, LiteLLM, FastChat, LocalAI, LM Studio, LMDeploy.

Usage examples

# Scan a domain or IP
./agentscan scan example.com

# Scan an internal subnet
./agentscan scan 192.168.1.0/24

# Skip port scan, validate known host:port list
./agentscan scan -f targets.txt --skip-port-scan

Combined workflow with masscan:

# masscan discovers ports, AgentScan performs AI protocol identification
masscan 10.0.0.0/8 -p 80,443,8000,8080,11434 --rate 100000 -oL open_ports.txt
awk '/open/ {print $4 ":" $3}' open_ports.txt > targets.txt
agentscan scan -f targets.txt --skip-port-scan

# Re‑validate results from a mapping platform
agentscan scan -f fofa_export.txt --skip-port-scan --mcp-threads 200

Common parameters

-f, --file FILE          read targets from file (one per line)
-T, --threads N          TCP scan concurrency (default 500)
--timeout MS            TCP timeout (default 2000 ms)
--skip-port-scan        treat input as already open host:port
--proxy URL             socks5/socks4/https/http proxy
-o, --output FILE       write JSON; A2A/LLM automatically write _a2a.json / _llm.json
-v, --verbose           show detection details

Project repository: https://github.com/7anX/AgentScan

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LLMMCPNetwork ScanningSecurity ToolA2A AgentAgentScan
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.