Nmap Development mailing list archives
Re: NSE submission: detect & enumerate AI infrastructure (MCP servers + LLM inference APIs)
From: "Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>
Date: Tue, 30 Jun 2026 15:37:55 -0300
Hi, nice work! This may also be useful, I mentioned it to Fyodor privately a couple weeks ago and forgot to mention here: https://github.com/buanzo/lua-mcp https://github.com/buanzo/lua-mcp/blob/liblua-mcp-latest/examples/nmap/mcp-listen.nse Cheers! On Sat, 20 Jun 2026 at 15:59, Ben Williams via dev <dev () nmap org> wrote:
Hi, I've opened a PR adding three NSE scripts and two shared nselibs to detect and enumerate two classes of AI infrastructure that nmap doesn't currently cover: - mcp-info (discovery, safe, version) + mcp-enum (discovery, safe): MCP server detection (initialize handshake over Streamable HTTP + legacy SSE), OAuth 2.1 protected-resource discovery (RFC 9728), and read-only tools/resources/prompts enumeration with schema-based risk flagging. - llm-info (discovery, safe): LLM inference API detection across the common frameworks (OpenAI-compatible/vLLM/SGLang, Ollama, HF TGI/TEI, llama.cpp, KoboldCpp, Triton/KServe, TorchServe, Anthropic) plus common AI web UIs, with order-independent identification, auth-state and model enumeration, and information-leak flagging. - nselib/mcp.lua + nselib/llm.lua: shared transports / detectors / enumeration. Read-only by default (MCP never calls tools/call; llm-info sends at most one minimal "hello" completion, disabled with llm.probe=false). Field-tested against FastMCP, server-everything, live public MCP servers (incl. OAuth-gated GitHub/Sentry/Linear), and real Ollama, KoboldCpp, and Open WebUI instances. Bundled mocks + regression matrices (23 MCP, 57 inference) in the standalone repo: https://github.com/insidetrust/nmap-ai-recon Offered under the NPSL with the standard contribution terms. Happy to revise per review. Thanks, Ben Williams (NCC Group) ------------------------------ This email and any attachments may contain confidential or legally privileged information. If you are not the intended recipient, please notify the sender and delete it. Do not copy, disclose, or use it for any purpose. NCC Group accepts no liability for any damage caused by viruses or unauthorized access. NCC Group plc (Registered in England, CRN: 4627044, VAT No: GB 974 8583 64). A full list of NCC Group companies and their registered details is available here <https://www.nccgroup.com/terms-and-conditions/affiliates/> Privacy notices: NCC Group <https://www.nccgroup.com/privacy-notice/>, Fox-IT <https://www.fox-it.com/nl-en/privacy-notice/>. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
Current thread:
- NSE submission: detect & enumerate AI infrastructure (MCP servers + LLM inference APIs) Ben Williams via dev (Jun 20)
- Re: NSE submission: detect & enumerate AI infrastructure (MCP servers + LLM inference APIs) Arturo 'Buanzo' Busleiman (Jun 30)
