← MCPLookup
Packageactivev0.1.1

io.github.cyanheads/attack-surface-mcp-server

io.github.cyanheads/attack-surface-mcp-server

Passive external attack-surface mapping: CT subdomains, DNS, TLS, HTTP posture, RDAP/WHOIS, Shodan.

No blockers found

assessed on 1 of 4 dimensions

  • ProvenanceOrigin linked to a public source repository.Official MCP Registry · as of Jun 14, 2026
    Pass
  • MaintenanceRepository maintenance signals not yet ingested.
    Pending
  • Manifest integrityLive manifest not yet captured — the rug-pull baseline begins at first probe.
    Pending
  • Supply chainPackage vulnerability scan not yet run.
    Pending
  • Behavioral trustNo live endpoint to observe.
    Not applicable

Connect

npm package
npx -y @cyanheads/attack-surface-mcp-server

Requires SHODAN_API_KEY, CERTSPOTTER_API_KEY, ATTACKSURFACE_DEFAULT_RESOLVERS, ATTACKSURFACE_HTTP_USER_AGENT, ATTACKSURFACE_MAX_SUBDOMAINS, ATTACKSURFACE_RDAP_BOOTSTRAP_URL, ATTACKSURFACE_ALLOW_PRIVATE_TARGETS, MCP_LOG_LEVEL.

npm package
npx -y @cyanheads/attack-surface-mcp-server

Requires MCP_HTTP_HOST, MCP_HTTP_PORT, MCP_HTTP_ENDPOINT_PATH, MCP_AUTH_MODE, MCP_LOG_LEVEL.

Provenance

  • Official MCP Registry · as of Jun 14, 2026 · registry-tos

Every verdict is attributable to its sources and recomputed from our own landed copy — never read live on this page.