MoonMCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| MOONMCP_SCOPE | No | Comma/newline-separated in-scope entries: domains, *.wildcards, hosts, IPs, CIDRs. | |
| MOONMCP_TIMEOUT | No | Default request timeout (seconds). | 10 |
| MOONMCP_RATE_LIMIT | No | Max outbound requests/sec (token bucket; 0 = unlimited). | 20 |
| MOONMCP_USER_AGENT | No | User-Agent for HTTP probing. | MoonMCP/0.1 ... |
| MOONMCP_NVD_API_KEY | No | Raises the NVD CVE-lookup rate limit. | |
| MOONMCP_BLOCK_PRIVATE | No | SSRF guard: hard-block private/loopback/link-local/reserved IPs (incl. cloud metadata). Set 0 for authorised internal-network testing. | 1 |
| MOONMCP_ENFORCE_SCOPE | No | When on, active tools refuse targets not in scope. | 1 |
| MOONMCP_SCOPE_EXCLUDE | No | Out-of-scope entries that always override the allowlist. | |
| MOONMCP_SHODAN_API_KEY | No | Enables the full Shodan API (else free InternetDB). | |
| MOONMCP_ALLOW_INTRUSIVE | No | Gate for port_scan, content_discovery, vuln_scan. | 1 |
| MOONMCP_MAX_CONCURRENCY | No | Max concurrent outbound connections. | 20 |
| MOONMCP_EXTERNAL_TIMEOUT | No | Hard ceiling on any external CLI run (seconds). | 300 |
| MOONMCP_ALLOW_EXTERNAL_TOOLS | No | Allow shelling out to installed CLIs. | 1 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| server_statusA | Report MoonMCP's configuration and capabilities. Shows the active scope, whether enforcement/intrusive scanning are enabled, which optional enhancers (dnspython) are present, and which external security CLIs (nuclei, httpx, subfinder, nmap, ...) were detected on PATH. Call this first to understand what the server can do in the current environment. |
| scope_listA | List the current in-scope and out-of-scope entries. |
| scope_addA | Authorize a target for active testing. Accepts a domain ( |
| scope_excludeA | Mark a target as out-of-scope. Exclusions always override the allowlist. |
| scope_removeC | Remove a previously added scope entry (from allow or deny lists). |
| enumerate_subdomainsA | Passively enumerate subdomains of a domain via free OSINT sources. Queries certificate transparency (crt.sh), HackerTarget, AnubisDB and
AlienVault OTX in parallel and merges the results. Passive — no packets are
sent to the target itself. |
| wayback_urlsA | Fetch historical URLs for a domain from the Internet Archive (Wayback). Passive. Surfaces old endpoints, parameters and forgotten files. Flags 'interesting' URLs (backups, configs, .git, api, tokens, ...) separately. |
| cve_lookupA | Look up a single CVE by ID (e.g. CVE-2021-44228) from the NVD database. Returns description, CVSS score/severity/vector, CWE mappings and references. |
| cve_searchA | Keyword-search the NVD for CVEs (e.g. 'apache log4j 2.14'). Results are sorted most-severe first by CVSS base score. Use this to map a fingerprinted product/version to known vulnerabilities. |
| host_intelA | Look up an IP's exposure via Shodan. Uses Shodan's free InternetDB by default (open ports, hostnames, CPEs, known CVEs, tags); uses the full Shodan API automatically if a key is configured. Passive — queries Shodan, not the target. |
| dns_lookupA | Resolve a host's DNS records (A/AAAA, plus MX/NS/TXT/CNAME/SOA/CAA when dnspython is installed) and attempt a reverse PTR lookup on its A records. Requires the target to be in scope. |
| http_probeA | Send a single HTTP(S) request to an in-scope target and return a structured result: status, reason, response headers, timing, the full redirect chain, page title and body size. Accepts a bare host (defaults to https) or a full URL. The primary building block for web recon. |
| tls_inspectA | Inspect a host's TLS certificate: subject, issuer, validity window, days until expiry, negotiated protocol/cipher, and — most useful for recon — the Subject Alternative Names, which often reveal sibling hostnames. In scope only. |
| analyze_headersA | Fetch a URL and audit its HTTP security headers. Grades (A-F) the presence of HSTS, CSP, X-Frame-Options, X-Content-Type- Options, Referrer-Policy and Permissions-Policy; flags information-leaking headers (Server, X-Powered-By, ...) and risky Set-Cookie flags. In scope only. |
| fingerprintA | Fetch a URL and fingerprint its technology stack: web server, CDN/WAF, language/runtime, frameworks, CMS and front-end libraries, with version hints and the evidence for each match. In scope only. |
| well_knownA | Fetch and parse a host's disclosure files: robots.txt (extracting the referenced paths), sitemap.xml (extracting URLs), security.txt and humans.txt. A quick, low-noise way to discover structure. In scope only. |
| port_scanA | TCP connect-scan an in-scope host. |
| content_discoveryA | Probe an in-scope host for common sensitive paths (admin panels, API docs, .git/.env, backups, config files, ...) using a compact built-in wordlist or a caller-supplied one. Reports each path's status, size and content type. Intrusive: requires MOONMCP_ALLOW_INTRUSIVE and the host to be in scope. |
| recon_targetA | One-shot passive+light recon of an in-scope domain. Chains the safe tools into a single report: subdomain enumeration, DNS resolution, TLS certificate (with SANs), an HTTP probe, security-header grade, and a technology fingerprint of the apex. No intrusive scanning is performed. Ideal as the first call against a new target. |
| external_toolsA | List the external security CLIs MoonMCP knows about and whether each is installed on PATH, plus the native MoonMCP fallback for each. Use before calling run_scanner or vuln_scan to know what is available. |
| run_scannerA | Run an installed external security CLI and return its output.
|
| vuln_scanA | Run a nuclei template-based vulnerability scan against an in-scope target. Requires nuclei to be installed (there is no safe stdlib equivalent for
template-based scanning). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| recon_methodology | A guided, scope-safe reconnaissance methodology for a bug-bounty target. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| scope_resource | The current authorization scope (read-only view). |
| capabilities_resource | Detected optional enhancers and external CLI tools. |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Moonwuk/MoonMcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server