HackerNews中文版HackerNews CN
GitHubTwitter

Oscar Six 雷达 – 具有原生 A2A(代理到代理)支持的漏洞扫描器

1作者: oscarsixsecllc2 个月前原帖
大家好,我是 Randy,Oscar Six Security 的创始人。我们为小型企业和管理服务提供商(MSP)开发漏洞扫描工具。 今天我想分享一件让我非常兴奋的事情:我们在 Radar 扫描器中推出了对谷歌 A2A(Agent-to-Agent)协议的原生支持。以下是这在实际操作中意味着什么: 一个 AI 代理——无论是基于谷歌 ADK、LangChain、CrewAI 还是任何兼容 A2A 的框架——现在可以: 1. 通过我们的代理卡在 /.well-known/agent.json 发现 Radar 的功能 2. 通过 Stripe SPT 或已保存的支付方式发起支付(无需人工输入信用卡) 3. 提交域名进行扫描 4. 查询结果并接收结构化的漏洞报告 整个漏洞扫描生命周期,无需人工介入。 在任何扫描运行之前,我们会处理域名验证——DNS 挑战或基于网页的备用方案——代理可以通过编程方式解决。一级预验证域名完全跳过验证。 为什么现在要构建这个?我们认为安全工具即将快速转向代理原生。如果您的安全运营中心(SOC)自动化或合规流程依赖于 AI 代理,那么必须切换到浏览器门户进行扫描的体验是一个用户体验的悬崖。我们正在消除这个悬崖。 扫描费用为 99 美元。A2A 端点今天已上线。 技术细节:JSON-RPC 2.0,代理卡在 /.well-known/agent.json,分级域名验证(预验证 / DNS 挑战 / 网页备用)。 完整技术流程的博客文章: https://blog.oscarsixsecurityllc.com/blog/oscar-six-radar-a2a-agent-to-agent-vulnerability-scanning?utm_source=hackernews&utm_medium=social&utm_campaign=a2a_announcement 平台: https://radar.oscarsixsecurityllc.com/?utm_source=hackernews&utm_medium=social&utm_campaign=a2a_announcement 欢迎深入讨论实施细节、A2A 规范或域名验证设计。请随时提问。
查看原文
Hey HN,<p>I&#x27;m Randy, founder of Oscar Six Security. We build vulnerability scanning tools for small businesses and MSPs.<p>Today I&#x27;m sharing something I&#x27;m genuinely excited about: we shipped native support for Google&#x27;s A2A (Agent-to-Agent) protocol in our Radar scanner. Here&#x27;s what that actually means in practice:<p>An AI agent — anything built on Google ADK, LangChain, CrewAI, or any A2A-compatible framework — can now:<p>1. Discover Radar&#x27;s capabilities via our agent card at &#x2F;.well-known&#x2F;agent.json 2. Initiate payment via Stripe SPT or saved payment method (no human credit card entry) 3. Submit a domain for scanning 4. Poll for results and receive a structured vulnerability report<p>The entire vulnerability scanning lifecycle, with no human in the loop.<p>We handle domain verification before any scan runs — DNS challenge or web-based fallback — which an agent can resolve programmatically. Tier 1 pre-verified domains skip verification entirely.<p>Why build this now? We think security tooling is about to go agent-native fast. If your SOC automation or compliance pipeline runs on AI agents, having to context-switch to a browser portal to run a scan is a UX cliff. We&#x27;re removing that cliff.<p>Scans are $99. The A2A endpoint is live today.<p>Technical details: JSON-RPC 2.0, agent card at &#x2F;.well-known&#x2F;agent.json, tiered domain verification (pre-verified &#x2F; DNS challenge &#x2F; web fallback).<p>Blog post with full technical walkthrough: https:&#x2F;&#x2F;blog.oscarsixsecurityllc.com&#x2F;blog&#x2F;oscar-six-radar-a2a-agent-to-agent-vulnerability-scanning?utm_source=hackernews&amp;utm_medium=social&amp;utm_campaign=a2a_announcement<p>Platform: https:&#x2F;&#x2F;radar.oscarsixsecurityllc.com&#x2F;?utm_source=hackernews&amp;utm_medium=social&amp;utm_campaign=a2a_announcement<p>Happy to go deep on the implementation, the A2A spec, or the domain verification design. Ask anything.