fingerprint-mcp
Detects Cloudflare WAF/CDN and can discover origin IP behind Cloudflare.
Detects Express.js web framework and its configuration via HTTP fingerprinting.
Identifies Google services such as Google Workspace and Google Analytics through DNS and HTTP analysis.
Detects Google Analytics integration on web pages.
Identifies websites using Let's Encrypt SSL/TLS certificates.
Detects NGINX web servers and version from HTTP/TLS fingerprints.
Detects React Single Page Applications via client-side fingerprinting.
Detects Slack workspaces through DNS CNAME/MX record enumeration.
Enriches threat intelligence by querying VirusTotal for malware and reputation data (optional API key).
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@fingerprint-mcpDo a deep recon on target.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
The Problem
Fingerprinting a server today means juggling a dozen disconnected tools. You run nmap for port scanning, testssl.sh for certificate analysis, curl -I for HTTP headers, dig for DNS, wafw00f for WAF detection, ssh-audit for SSH, a separate JARM tool, Wappalyzer for tech detection — and then you spend 30 minutes manually cross-referencing everything in a spreadsheet to figure out what's actually running.
Traditional fingerprinting workflow:
analyze TLS certificates -> testssl.sh / openssl s_client
grab HTTP headers -> curl -I
detect web technologies -> wappalyzer CLI
DNS reconnaissance -> dig / nslookup / dnsenum
port scanning -> nmap -sV
WAF detection -> wafw00f
SSH audit -> ssh-audit
service fingerprinting -> nmap scripts
JARM fingerprint -> jarm (separate tool)
check OSINT databases -> shodan CLI, censys CLI
correlate everything -> manually in a spreadsheet
──────────────────────────────
Total: 11 tools, 30+ minutes, manual correlationfingerprint-mcp gives your AI agent 13 composite tools wrapping 103 fingerprinting techniques across 21 providers via the Model Context Protocol. The agent runs multi-layer fingerprinting in parallel, correlates signals across TCP/TLS/HTTP/DNS/SSH layers, detects honeypots and C2 infrastructure, and presents a unified intelligence picture — in a single conversation.
With fingerprint-mcp:
You: "Do a deep recon on target.com"
Agent: -> recon {url: "https://target.com", depth: "deep"}
-> TLS: nginx/1.24.0 via JARM (3fd21b20d00000...),
Let's Encrypt cert, 2 SANs, TLS 1.2+1.3
-> HTTP: Express.js behind Cloudflare WAF,
React SPA, Google Analytics, 14 security headers analyzed
-> DNS: A/AAAA/MX/TXT records, SPF/DKIM/DMARC configured,
Slack + Google Workspace detected via CNAME/MX
-> Ports: 80, 443, 22 (OpenSSH 9.6), 8080 (dev server)
-> WAF: Cloudflare detected, origin IP discovered via direct-connect
-> Enumeration: 12 subdomains via CT logs, wildcard DNS detected
-> "target.com runs nginx/1.24.0 with Express.js behind
Cloudflare WAF. Origin IP 203.0.113.42 exposed on port 8080.
TLS is properly configured (A+ equivalent) but the dev server
on 8080 has no WAF protection. 3 subdomains point to
decommissioned infrastructure — potential takeover risk."Related MCP server: aegis
How It's Different
Existing tools give you raw data one layer at a time. fingerprint-mcp gives your AI agent the ability to reason across all fingerprinting layers simultaneously.
Quick Start
Option 1: npx (no install)
npx fingerprint-mcpAll 80+ active fingerprinting techniques work immediately. No API keys required for TCP, TLS, SSH, HTTP, DNS, WAF, path, service, timing, IoT, SMTP, infrastructure, and application fingerprinting.
Option 2: Clone
git clone https://github.com/badchars/fingerprint-mcp.git
cd fingerprint-mcp
bun installEnvironment variables (optional)
# OSINT enrichment (all optional — active fingerprinting works without any keys)
export SHODAN_API_KEY=your-key # Enables osint_shodan, ssh_hostkey_lookup
export CENSYS_API_ID=your-id # Enables osint_censys (free: 250 queries/month)
export CENSYS_API_SECRET=your-secret # Censys API secret
export SECURITYTRAILS_API_KEY=your-key # Enables waf_origin, enum_passive_dns
export VIRUSTOTAL_API_KEY=your-key # Enables osint_virustotal (free: 500 queries/day)All API keys are optional. Without them, you still get full TCP/TLS/SSH/HTTP/DNS/WAF/path/service/timing/IoT/SMTP/infrastructure/application fingerprinting, correlation, passive analysis, enumeration, and meta tools — 80+ techniques that work by directly probing the target.
Connect to your AI agent
# With npx
claude mcp add fingerprint-mcp -- npx fingerprint-mcp
# With local clone
claude mcp add fingerprint-mcp -- bun run /path/to/fingerprint-mcp/src/index.tsAdd to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"fingerprint": {
"command": "npx",
"args": ["-y", "fingerprint-mcp"],
"env": {
"SHODAN_API_KEY": "optional",
"CENSYS_API_ID": "optional",
"CENSYS_API_SECRET": "optional",
"SECURITYTRAILS_API_KEY": "optional",
"VIRUSTOTAL_API_KEY": "optional"
}
}
}
}Same JSON config format. Point the command to npx fingerprint-mcp or your local installation path.
Start querying
You: "Fingerprint everything about target.com — TLS, HTTP stack, WAF, DNS, open ports"That's it. The agent handles multi-layer fingerprinting, signal correlation, and infrastructure analysis automatically.
What The AI Can Do
Quick Recon
You: "Quick recon on target.com"
Agent: -> recon {url: "https://target.com", depth: "quick"}
-> TCP: ports 80, 443, 22 open
-> TLS: Let's Encrypt RSA cert, TLS 1.2+1.3, nginx JARM signature
-> HTTP: nginx/1.24.0, Express.js, React, Cloudflare CDN
-> DNS: A 203.0.113.42, MX Google Workspace, SPF/DKIM configured
-> WAF: Cloudflare detected (cf-ray header)
-> "target.com is a React SPA on Express.js behind nginx/1.24.0,
served through Cloudflare CDN. TLS properly configured with
Let's Encrypt. SSH on port 22 running OpenSSH 9.6. Email
handled by Google Workspace with full SPF/DKIM/DMARC."Deep TLS Investigation
You: "Analyze the TLS configuration of suspicious-server.com in detail"
Agent: -> scan_tls {host: "suspicious-server.com"}
-> Certificate: self-signed, CN=localhost, expired 47 days ago
-> JARM: 2ad2ad0002ad2ad00042d42d00000069d641f34fe76acdc05c40262f8815e5
(matches Cobalt Strike default profile)
-> JA4X: fingerprint matches known C2 framework pattern
-> Cipher suites: accepts weak ciphers (RC4, 3DES)
-> SNI: responds identically to any SNI value
-> CT logs: certificate not logged (not publicly trusted)
-> "HIGH RISK: TLS configuration strongly indicates C2 infrastructure.
Self-signed expired cert, JARM fingerprint matches Cobalt Strike,
accepts weak ciphers, and responds to arbitrary SNI values.
Recommend immediate investigation and blocking."WAF Bypass & Origin Discovery
You: "target.com is behind a WAF. Can you find the origin server?"
Agent: -> scan_waf {url: "https://target.com"}
-> scan_dns {domain: "target.com"}
-> enumerate {domain: "target.com"}
-> WAF: Cloudflare (AS13335), challenge page on suspicious requests
-> DNS: A record points to Cloudflare IP 104.21.x.x
-> Subdomains: dev.target.com resolves to 203.0.113.42 (non-Cloudflare)
-> Direct connect to 203.0.113.42:443 returns same TLS cert
-> SecurityTrails historical: origin was 203.0.113.42 before Cloudflare
-> "Origin IP found: 203.0.113.42. Discovered via dev.target.com
subdomain which bypasses Cloudflare. The origin serves the same
TLS certificate and responds to the target.com Host header.
Origin has no WAF protection — direct access possible."Service Discovery on a Host
You: "What services are running on 10.0.1.50?"
Agent: -> scan_ports {host: "10.0.1.50"}
-> scan_services {host: "10.0.1.50", ports: [22, 80, 3306, 5432, 6379, 8080]}
-> Port 22: OpenSSH 8.9p1 Ubuntu, ED25519 host key
-> Port 80: Apache/2.4.57, PHP/8.2, WordPress 6.4
-> Port 3306: MySQL 8.0.36, authentication required
-> Port 5432: PostgreSQL 16.1, SSL required
-> Port 6379: Redis 7.2.4, NO authentication (open)
-> Port 8080: Node.js Express dev server, CORS: *
-> "CRITICAL: Redis on port 6379 has no authentication — anyone on
the network can read/write data. The Express dev server on 8080
has wildcard CORS. MySQL and PostgreSQL properly require auth.
WordPress is 2 minor versions behind. Immediate action needed
on Redis and the dev server exposure."Tools Reference (13 tools, 103 techniques)
Parameter | Type | Description |
| string | Target URL to fingerprint |
|
| Scan depth: quick=5 techniques, standard=20, deep=50+ |
Orchestrates techniques from all providers based on depth level. Quick mode gives a fast overview; deep mode runs exhaustive fingerprinting including enumeration, OSINT, and correlation.
Parameter | Type | Description |
| string | Target host (IP or domain) |
| number[] | Optional — specific ports to scan (defaults to common ports) |
Technique | Description |
| TCP connect scan to detect open ports |
| Banner grabbing on open ports for service identification |
| Port combination analysis and service inference |
Parameter | Type | Description |
| string | Target host (IP or domain) |
| number | Optional — TLS port (default: 443) |
Technique | Description |
| X.509 certificate parsing — subject, issuer, SANs, validity, chain |
| JARM active fingerprinting — 10 TLS Client Hello probes, 62-char hash |
| JA4X passive TLS fingerprinting from certificate properties |
| Cipher suite enumeration and strength analysis |
| Supported TLS protocol version detection (SSLv3 through TLS 1.3) |
| SNI behavior testing — default cert vs. requested hostname |
| Certificate Transparency log lookup via crt.sh |
| OCSP stapling and revocation status check |
Parameter | Type | Description |
| string | Target domain |
Technique | Description |
| Full record enumeration — A, AAAA, MX, NS, TXT, CNAME, SOA |
| SPF, DKIM, and DMARC record analysis |
| SaaS/service detection via CNAME and MX patterns (Slack, Zendesk, etc.) |
| DNS server fingerprinting (BIND, PowerDNS, Cloudflare, etc.) |
| Subdomain takeover detection via dangling CNAME analysis |
| Zone transfer attempt (AXFR) |
| CAA record analysis for certificate authority restrictions |
Parameter | Type | Description |
| string | Target URL |
Technique | Provider | Description |
| HTTP | Response header analysis and server identification |
| HTTP | Header ordering fingerprint (server software signature) |
| HTTP | Security header audit (CSP, HSTS, X-Frame-Options, etc.) |
| HTTP | Cookie analysis — flags, prefixes, framework detection |
| HTTP | Allowed HTTP method enumeration (OPTIONS) |
| HTTP | CORS policy analysis and misconfiguration detection |
| HTTP | Supported compression algorithms (gzip, br, zstd) |
| HTTP | Cache header analysis (CDN, reverse proxy detection) |
| HTTP | ETag format analysis for backend identification |
| HTTP | Error page fingerprinting (custom vs. default error pages) |
| HTTP | Redirect chain analysis |
| HTTP | Response timing baseline for server performance profiling |
| HTTP | Favicon hash (MurmurHash3) for technology identification |
| HTTP | robots.txt parsing and disallowed path extraction |
| HTTP | Sitemap discovery and URL extraction |
| HTTP | .well-known endpoint discovery (security.txt, openid, etc.) |
| Web | Technology detection via HTML/JS/CSS patterns |
| Web | Analytics and tracking service detection |
| Web | Source map file discovery |
| Web | WebSocket endpoint detection |
| Web | GraphQL endpoint detection and introspection |
| Web | Single-page application framework detection |
| Web | CDN detection via response headers and DNS |
| Web | HTML meta tag analysis (generator, framework hints) |
| Web | RSS/Atom feed discovery |
| HTTP/2 | HTTP/2 protocol support detection |
| HTTP/2 | HTTP/2 server fingerprinting (SETTINGS, WINDOW_UPDATE) |
| HTTP/2 | HTTP/3 (QUIC) support detection via Alt-Svc header |
| Application | CMS detection (WordPress, Drupal, Joomla, etc.) |
Parameter | Type | Description |
| string | Target URL |
| string[] | Optional — categories to check (sensitive, git, debug, api, config) |
Technique | Description |
| Sensitive file discovery (backup files, config files, database dumps) |
| robots.txt and sitemap.xml analysis for hidden paths |
| Git repository leak detection (.git/HEAD, .git/config) |
| Debug endpoint discovery (phpinfo, server-status, debug consoles) |
| API version and documentation endpoint discovery |
Parameter | Type | Description |
| string | Target URL |
Technique | Description |
| WAF presence detection via response header and behavior analysis |
| CDN provider identification (Cloudflare, Akamai, Fastly, etc.) |
| WAF product identification and version detection |
| Origin IP discovery behind WAF/CDN (requires |
Parameter | Type | Description |
| string | Target host (IP or domain) |
| number[] | Optional — specific ports to probe |
| string | Optional — specific service to probe (mysql, postgres, redis, ftp, ssh, smtp, vnc, iot) |
Technique | Provider | Description |
| SSH | SSH protocol version and software detection |
| SSH | SSH algorithm audit (KEX, ciphers, MACs, host key types) |
| SSH | SSH host key lookup via Shodan (requires |
| Service | MySQL version detection and capability fingerprinting |
| Service | PostgreSQL version detection and SSL support check |
| Service | Redis version detection and authentication status |
| Service | FTP banner analysis and anonymous login check |
| Service | VNC/RDP service detection and security assessment |
| SMTP | SMTP banner analysis and MTA identification |
| SMTP | SMTP STARTTLS support and certificate inspection |
| IoT | IoT device detection via banner patterns and default pages |
| IoT | UPnP/SSDP device discovery on local network |
Parameter | Type | Description |
| string | Target domain |
Technique | Description |
| Subdomain enumeration via multiple methods |
| Wildcard DNS detection |
| TLD expansion (target.com -> target.net, target.org, etc.) |
| Related domain discovery via shared infrastructure |
| ASN neighbor discovery — other domains on same network |
| Certificate Transparency log subdomain extraction |
| Passive DNS history (requires |
| Scope summary and attack surface overview |
Parameter | Type | Description |
| string | IP address or domain to enrich |
|
| Optional — target type (auto-detected if omitted) |
Technique | Auth | Description |
|
| Shodan host lookup — open ports, banners, vulns, OS |
|
| Censys host data — services, TLS, autonomous system |
| None | Reverse IP lookup — other domains on same IP |
| None | WHOIS registration data — registrar, dates, nameservers |
| None | Web Archive history — first/last snapshot, change frequency |
|
| VirusTotal domain/IP report — detections, categories, DNS |
Parameter | Type | Description |
|
| Type of data to analyze |
| string | Raw data to analyze (paste headers, HTML, or banner output) |
Mode | Description |
| Passive HTTP header analysis — server, framework, proxy detection without sending traffic |
| Passive HTML analysis — technology detection, framework identification from source |
| Passive banner analysis — service identification from raw banner text |
Parameter | Type | Description |
|
| Correlation mode |
| object | Fingerprint signals to correlate (varies by mode) |
Mode | Description |
| Cross-layer signal consistency check — do TCP, TLS, HTTP, and DNS fingerprints agree? |
| Honeypot detection — checks for impossible service combinations and behavioral anomalies |
| Spoofing detection — identifies mismatched server headers vs. actual behavior |
| Side-by-side comparison of two hosts' fingerprint profiles |
| Infrastructure topology mapping — CDN, load balancer, reverse proxy chain |
| C2 framework detection via JARM, TLS, HTTP, and timing correlation |
| Hash-based identification against known signature database |
Parameter | Type | Description |
| string | Optional — filter by category |
Mode | Description |
| List all available data sources with configuration and API key status |
| Server configuration — version, loaded providers, technique count |
| Signature database listing — JARM, banner, WAF, application signatures |
CLI Usage
# List all available tools and techniques
npx fingerprint-mcp --list
# Run any tool directly
npx fingerprint-mcp --tool recon '{"url":"https://example.com","depth":"quick"}'
npx fingerprint-mcp --tool scan_tls '{"host":"example.com"}'
npx fingerprint-mcp --tool scan_ports '{"host":"10.0.1.50","ports":[22,80,443,3306,8080]}'
npx fingerprint-mcp --tool scan_dns '{"domain":"example.com"}'
npx fingerprint-mcp --tool scan_http '{"url":"https://example.com"}'
npx fingerprint-mcp --tool scan_waf '{"url":"https://example.com"}'
npx fingerprint-mcp --tool scan_services '{"host":"10.0.1.50","service":"redis"}'
npx fingerprint-mcp --tool enumerate '{"domain":"example.com"}'
npx fingerprint-mcp --tool analyze '{"type":"headers","data":"Server: nginx/1.24.0\nX-Powered-By: Express"}'
npx fingerprint-mcp --tool correlate '{"type":"honeypot","signals":{"jarm":"...","banner":"..."}}'
npx fingerprint-mcp --tool meta '{}'
# OSINT tools (require API keys)
SHODAN_API_KEY=your-key npx fingerprint-mcp --tool osint '{"target":"203.0.113.42","type":"ip"}'Data Sources (21)
Source | Auth | What it provides |
TCP probing | None | Port scanning, banner grabbing, service detection |
TLS/SSL analysis | None | Certificate parsing, JARM fingerprinting, JA4X, cipher enumeration, SNI testing |
SSH probing | None | Protocol version, algorithm audit, software detection |
HTTP analysis | None | Header fingerprinting, favicon hashing, cookie analysis, method enumeration, CORS |
Web detection | None | Technology detection, analytics, source maps, WebSocket, GraphQL, SPA frameworks |
Path discovery | None | Sensitive files, git leaks, debug endpoints, API versions, robots.txt |
DNS resolution | None | Record enumeration, email auth analysis, SaaS detection, server fingerprinting |
WAF/CDN detection | None | WAF identification, CDN detection, WAF fingerprinting |
Timing analysis | None | Response timing baseline, clock skew detection |
HTTP/2 & HTTP/3 | None | HTTP/2 detection and fingerprinting, HTTP/3 Alt-Svc discovery |
SMTP probing | None | SMTP banner analysis, STARTTLS inspection |
IoT/Embedded | None | IoT device detection, UPnP/SSDP discovery |
Application detection | None | CMS, framework, and e-commerce platform identification |
Service probing | None | MySQL, PostgreSQL, Redis, FTP, VNC/RDP fingerprinting |
Infrastructure detection | None | Cloud provider, hosting provider, CDN identification |
Correlation engine | None | Signal consistency, honeypot detection, spoofing detection, topology mapping |
Identification engine | None | Hash-based identification, C2 detection, signature matching |
| Host intelligence — open ports, banners, vulnerabilities, OS detection | |
| Host data — services, TLS certificates, autonomous system info | |
| WAF origin discovery, passive DNS history, historical records | |
| Domain/IP reputation, detection results, DNS history, categories |
Architecture
src/
index.ts # CLI entrypoint (--help, --list, --tool, stdio server)
protocol/
mcp-server.ts # MCP server setup (stdio transport)
tools.ts # Tool registry — all 13 composite tools registered here
types/
index.ts # Shared types (ToolDef, ToolContext, ToolResult)
utils/
rate-limiter.ts # Per-provider rate limiter
cache.ts # TTL cache for API responses
require-key.ts # API key validation helper
murmurhash3.ts # MurmurHash3 for favicon hashing
composite/ # 13 composite tool orchestrators
recon.ts # Full recon orchestrator (quick/standard/deep)
scan-ports.ts # Port scanning composite
scan-tls.ts # TLS analysis composite
scan-dns.ts # DNS intelligence composite
scan-http.ts # HTTP fingerprinting composite
scan-paths.ts # Path discovery composite
scan-waf.ts # WAF/CDN detection composite
scan-services.ts # Service probing composite
analyze.ts # Passive analysis composite
correlate.ts # Correlation engine composite
enumerate.ts # Scope expansion composite
osint.ts # OSINT enrichment composite
meta.ts # Server meta composite
helpers.ts # Shared composite helpers
tcp/ # TCP probing techniques (3)
tls/ # TLS/SSL analysis techniques (8)
ssh/ # SSH probing techniques (3)
http/ # HTTP fingerprinting techniques (16)
web/ # Web technology detection techniques (9)
path/ # Path discovery techniques (5)
dns/ # DNS intelligence techniques (7)
waf/ # WAF/CDN detection techniques (4)
timing/ # Timing analysis techniques (2)
h2/ # HTTP/2 & HTTP/3 techniques (3)
smtp/ # SMTP probing techniques (2)
iot/ # IoT/embedded detection techniques (2)
app/ # Application detection techniques (3)
service/ # Service probing techniques (5)
infra/ # Infrastructure detection techniques (3)
correlation/ # Correlation engine (5)
identify/ # Identification engine (3)
passive/ # Passive analysis (3)
osint/ # OSINT enrichment techniques (6)
enum/ # Enumeration techniques (8)
meta/ # Meta tools (3)
data/ # Signature databases and pattern libraries
jarm-signatures.ts # Known JARM fingerprints (C2, servers, CDNs)
waf-signatures.ts # WAF detection signatures
service-banners.ts # Service banner patterns
tech-patterns.ts # Technology detection patterns
favicon-hashes.ts # Known favicon MurmurHash3 values
c2-signatures.ts # C2 framework signatures
... # 15+ signature/pattern databasesDesign decisions:
13 composite tools, 103 techniques — The agent calls high-level tools (
recon,scan_tls,scan_http). Each composite orchestrates multiple low-level techniques and returns correlated results. This reduces tool-call overhead while maintaining granularity.21 providers, 1 server — Every fingerprinting layer is an independent module. The composite orchestrator selects techniques based on context and depth.
Active-first, OSINT-optional — 80+ techniques work by directly probing the target with zero API keys. OSINT providers (Shodan, Censys, VirusTotal, SecurityTrails) add enrichment but are never required.
Per-provider rate limiters — Each provider has its own
RateLimiterinstance. Active probing is rate-limited to avoid detection; OSINT APIs are calibrated to their quotas.TTL caching — DNS records (10min), OSINT results (15min), CT logs (30min) are cached to avoid redundant lookups during multi-tool workflows.
Graceful degradation — Missing API keys don't crash the server. OSINT tools return descriptive messages: "Set SHODAN_API_KEY to enable Shodan host lookup."
3 dependencies —
@modelcontextprotocol/sdk,zod, andcheerio. All network I/O via nativefetch()and Node.jsnet/tls/dnsmodules. No nmap, no external binaries.
Limitations
OSINT tools (Shodan, Censys, VirusTotal, SecurityTrails) require API keys for their respective techniques
Censys free tier limited to 250 queries/month
VirusTotal free tier limited to 500 queries/day
Port scanning uses TCP connect (not SYN scan) — less stealthy than nmap but requires no root privileges
JARM fingerprinting requires direct TCP access to the target (may be blocked by firewalls)
UPnP/SSDP discovery only works on local networks
Service probing (MySQL, PostgreSQL, Redis) connects but does not authenticate
Subdomain enumeration relies on CT logs and passive sources (no brute-force)
macOS / Linux tested (Windows not tested)
Part of the MCP Security Suite
Project | Domain | Tools |
Browser-based security testing | 39 tools, Firefox, injection testing | |
Cloud security (AWS/Azure/GCP) | 38 tools, 60+ checks | |
GitHub security posture | 39 tools, 45 checks | |
Vulnerability intelligence | 23 tools, 5 sources | |
OSINT & reconnaissance | 37 tools, 12 sources | |
Dark web & threat intelligence | 66 tools, 16 sources | |
fingerprint-mcp | Universal digital fingerprinting | 13 tools, 103 techniques, 21 providers |
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/fingerprint-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server