Self-hosted attack-surface recon — point it at a domain you own and map subdomains, DNS, TLS, HTTP, CDN, and historical URLs in one dashboard. The same tools run over MCP, so AI agents (Claude Code, Cline) can drive recon too.
- capability exposureinferred+6
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 13m ago · see ecosystem CVEs →
no known CVEs for this server.
No tool-safety findings — heuristic detectors run on the compute-risk cadence; a finding appears when a tool trips a rule.
analyzed commit 4652f1b · analyzer v17 · 22h ago
skills & prompt files 2
[](https://mcpobservatory.com/servers/github:iksnerd/hopper-recon/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of iksnerd.