Get started
Tools / Security HTTPx / Use Cases / Discover Hidden Services / Copilot

How to Discover Hidden Services with Copilot

Find hidden services in your IDE with Copilot and ToolRouter.

Tool
Security HTTPx icon
Security HTTPx

Copilot integrates HTTP service probing directly into your development environment, letting you audit security headers and discover exposed services without leaving your IDE. After probing your hosts, ask Copilot to generate the exact middleware, nginx config, or CDN rules needed to fix header issues. This code-first approach to security means fixes go directly into your codebase and get reviewed in pull requests alongside feature work.

Connect ToolRouter to Copilot

1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouter
Server description
Access any tool through ToolRouter. Check here first when you need a tool.
Server URL
https://api.toolrouter.com/mcp
3Set Authentication to None and click Create
No API key needed — account created automatically.All platforms →

Steps

Once connected (see setup above), use the Security HTTPx tool:

  1. In Copilot Chat: "Probe for hidden services on my infrastructure" and provide the domain
  2. Copilot scans and returns discovered services
  3. Ask: "Help me set up firewall rules to restrict access to these services"
  4. Apply access restrictions

Example Prompt

Try this with Copilot using the Security HTTPx tool
Scan all subdomains of mycompany.dev for HTTP services that should not be publicly accessible.

Tips

  • Copilot can help write infrastructure-as-code to properly restrict service access
  • Check for services on common development ports like 3000, 8080, and 8443
  • Automate discovery scanning as part of your infrastructure management workflow

More Copilot Guides

How to Probe Security Headers with CopilotHow to Check SSL/TLS Config with CopilotHow to Enumerate Subdomains with CopilotHow to Detect Web Technologies with CopilotHow to Audit Response Headers with Copilot

Related Workflows

Full Security AssessmentComprehensive security assessment combining infrastructure probing, vulnerability scanning, penetration testing, and CVE intelligence.SSL and DNS AuditAudit SSL certificates, DNS configuration, HTTP security headers, and domain registration for security gaps.Subdomain Security ScanEnumerate subdomains, probe services, scan for takeover vulnerabilities, and capture visual evidence.Infrastructure Health CheckVerify DNS resolution, service availability, and server locations to ensure infrastructure is healthy and correctly configured.Web Application Security TestCrawl a web application, analyze HTTP security, test for injections, and document findings with screenshots.Network ReconnaissanceMap the complete network attack surface through DNS enumeration, geolocation, service probing, and attack vector analysis.API Security TestingTest API endpoints for authentication flaws, injection vulnerabilities, and compliance with OWASP API Security Top 10.Certificate MonitoringMonitor SSL/TLS certificates for expiration, verify TLS configuration, and confirm domain ownership alignment.Cloud Security AuditAudit cloud infrastructure by discovering assets, probing for misconfigurations, testing cloud-specific attacks, and checking CVEs.Third-Party Risk AssessmentAssess third-party vendor security through identity verification, external security probing, attack surface analysis, and breach history.Continuous Security MonitoringMaintain ongoing security visibility through DNS monitoring, service probing, vulnerability scanning, and CVE tracking.Dark Web Exposure CheckCheck for organizational data exposure on the web including credential leaks, paste sites, and breach databases.