mcpindex.ai
← Index

io.github.cyanheads/attack-surface-mcp-server

io.github.cyanheads/attack-surface-mcp-server·v0.1.0·Maps & Location

Passive external attack-surface mapping: CT subdomains, DNS, TLS, HTTP posture, RDAP/WHOIS, Shodan.

Trust verdict · v1 advisory · method
NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables
SHODAN_API_KEY
secret

Optional Shodan API key. Enables attacksurface_lookup_host; absent → that one tool returns source_unavailable and the rest of the server works.

CERTSPOTTER_API_KEY
secret

Optional Certspotter API key. Raises CT-fallback rate limits; absent → free unauthenticated tier.

ATTACKSURFACE_DEFAULT_RESOLVERS

Comma-separated default DNS resolver IPs for attacksurface_resolve_dns.

ATTACKSURFACE_HTTP_USER_AGENT

Default User-Agent for attacksurface_probe_http (overridable per call).

ATTACKSURFACE_MAX_SUBDOMAINS

Cap on subdomains resolved during a map_domain run.

ATTACKSURFACE_RDAP_BOOTSTRAP_URL

RDAP bootstrap base URL; override for a private/mirrored RDAP.

ATTACKSURFACE_ALLOW_PRIVATE_TARGETS

Set true to disable the SSRF guard for internal-network assessment (local/trusted deployments only).

MCP_LOG_LEVEL

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').

MCP_HTTP_HOST

The hostname for the HTTP server.

MCP_HTTP_PORT

The port to run the HTTP server on.

MCP_HTTP_ENDPOINT_PATH

The endpoint path for the MCP server.

MCP_AUTH_MODE

Authentication mode to use: 'none', 'jwt', or 'oauth'.

MCP_LOG_LEVEL

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
10
installability
25
documentation
15
stability
5
Alternatives in Maps & Location
BittleBits GEO Assistant
ai.bittlebits/bittlebits

GEO scores and content-rewrite suggestions for any web page, as MCP tools.

ai.factori/mcp
ai.factori/mcp

Real-world location intelligence: foot traffic, trade areas, demographics, site scoring, and more.

ai.geodesiclabs/governance-platform
ai.geodesiclabs/governance-platform

Deterministic AI governance platform. Validates agent outputs, discovers patterns, solves math.