Entity Attack Surface MCP Server

Corporate cyber exposure intelligence via MCP. Orchestrates 11 data sources to discover and score an organization's digital attack surface — from DNS and SSL infrastructure to technology vulnerabilities and CISA Known Exploited Vulnerabilities. Produces Exposure Scores (0-100).

Tools

Tool	Price	Description
discover_attack_surface	$2.00	Full attack surface discovery via DNS, SSL certificates, WHOIS, and Censys
tech_stack_vulnerability_map	$2.00	Map technology stack to known CVEs and CISA KEV catalog
cisa_kev_exposure_check	$2.00	Check if detected technologies have CISA Known Exploited Vulnerabilities
infrastructure_sprawl_analysis	$2.00	Analyze infrastructure sprawl across IP ranges and hosting providers
historical_drift_detection	$2.00	Detect changes in digital footprint over time via Wayback Machine
exposed_code_secrets_scan	$2.00	Search for exposed code repositories and potential secrets on GitHub
third_party_cyber_rating	$4.00	Generate a composite third-party cyber risk rating
attack_vector_report	$4.00	Comprehensive attack surface report with prioritized remediation

Data Sources

This MCP orchestrates 11 Apify actors:

• DNS Lookup — DNS record enumeration (A, AAAA, MX, TXT, CNAME, NS)
• SSL/crt.sh Certificate — Certificate transparency log search for subdomain discovery
• WHOIS Lookup — Domain registration and ownership data
• Censys Host Search — Internet-wide host and service enumeration
• IP Geolocation — IP address location and ASN mapping
• NVD CVE Search — NIST National Vulnerability Database
• CISA KEV Catalog — Known Exploited Vulnerabilities catalog
• Tech Stack Detector — Website technology identification (frameworks, CDNs, analytics)
• Wayback Machine — Historical web page snapshots for drift detection
• GitHub Repo Search — Public repository and code search
• Website Change Monitor — Website content change tracking

Scoring Models

• Exposure Score (0-100): Composite score based on infrastructure sprawl, technology vulnerability density, CISA KEV exposure, certificate hygiene, and historical drift. Higher = more exposed.

How to Connect

Claude Desktop

{
  "mcpServers": {
    "entity-attack-surface": {
      "url": "https://entity-attack-surface-mcp.apify.actor/mcp"
    }
  }
}

Programmatic (HTTP)

curl -X POST https://entity-attack-surface-mcp.apify.actor/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"discover_attack_surface","arguments":{"domain":"example.com"}},"id":1}'

Use Cases

• MSSPs: Automated external attack surface assessments for client portfolios
• Cyber Insurers: Pre-binding technical risk assessment for underwriting decisions
• SOC Teams: Continuous attack surface monitoring with vulnerability prioritization
• M&A Due Diligence: Technical risk assessment of acquisition targets' digital infrastructure

FAQ

Q: Does this perform active scanning? A: No. This MCP only uses passive reconnaissance from public data sources (DNS records, certificate transparency logs, WHOIS, Censys index, NVD). No packets are sent to the target.

Q: How does the tech-to-CVE pipeline work? A: The Tech Stack Detector identifies technologies and versions. These are cross-referenced against NVD CVE data, then checked against the CISA KEV catalog to prioritize actively exploited vulnerabilities.

Q: Is it legal to use this? A: This tool accesses only publicly available data. See Apify's guide on web scraping legality.

Related MCPs

• ryanclinton/digital-infrastructure-exposure-mcp — Passive infrastructure recon and misconfiguration detection
• ryanclinton/counterparty-due-diligence-mcp — Corporate KYB with digital presence verification