fingerprint-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| CENSYS_API_ID | No | Censys API ID for OSINT enrichment. Paired with CENSYS_API_SECRET. | |
| SHODAN_API_KEY | No | Shodan API key for OSINT enrichment. Enables osint_shodan, ssh_hostkey_lookup. | |
| CENSYS_API_SECRET | No | Censys API secret for OSINT enrichment. Paired with CENSYS_API_ID. | |
| VIRUSTOTAL_API_KEY | No | VirusTotal API key for OSINT enrichment. Enables osint_virustotal. | |
| SECURITYTRAILS_API_KEY | No | SecurityTrails API key for OSINT enrichment. Enables waf_origin, enum_passive_dns. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| reconA | Full target reconnaissance. Runs HTTP headers, TLS certificate, DNS records, web technology detection, WAF/CDN, and infrastructure analysis in a single call. Use depth parameter to control scope: quick (~5 techniques, fast overview), standard (~20 techniques, balanced), deep (~50+ techniques, comprehensive). |
| scan_portsA | TCP port scanning with banner grabbing and automatic service detection. Probes specified ports, reads initial banners, detects protocols (SSH, MySQL, Redis, FTP, SMTP, HTTP, PostgreSQL, VNC, RDP), and runs targeted service fingerprinting on detected services. |
| scan_tlsB | Complete TLS/SSL analysis: handshake probe, JARM fingerprint, certificate deep inspection, JA4X generation fingerprint, cipher suite enumeration, SNI probing, certificate cross-referencing, and CT subdomain discovery. 8 techniques in a single call. |
| scan_dnsB | Comprehensive DNS intelligence: full record enumeration, email infrastructure (MX/SPF/DKIM/DMARC), SaaS inventory from TXT records, nameserver fingerprinting, MTA-STS/DANE analysis, subdomain takeover detection, and reverse DNS. 7 techniques in a single call. |
| scan_httpB | Comprehensive HTTP and web fingerprinting: header ordering, favicon hash, ETag analysis, error pages, cookies, HTTP methods, CORS, compression, caching, security headers, timing, redirect chains, web technology detection, analytics, source maps, API discovery, CMS/framework/ecommerce detection, and HTTP/2 analysis. ~29 techniques with smart skipping. |
| scan_pathsA | Path intelligence: sensitive file/directory probing (200+ paths across 11 categories), robots.txt/sitemap/security.txt parsing, version control and secret exposure detection, debug endpoint discovery with severity ratings, and API version probing. 5 techniques in a single call. |
| scan_wafB | WAF and CDN analysis: WAF identification via attack payload probing, CDN provider detection from headers/DNS, deep WAF technology fingerprinting from block pages, and origin IP discovery behind CDN. 4 techniques with conditional origin discovery. |
| scan_servicesA | Service-level fingerprinting for databases, caches, remote desktop, SSH, SMTP, and IoT. Supports auto-detection from port numbers or explicit service selection. Probes: MySQL, PostgreSQL, Redis, FTP, VNC/RDP, SSH (with full audit), SMTP (with TLS check), and IoT device detection. |
| enumerateA | Scope expansion: subdomain enumeration (SecurityTrails/HackerTarget), wildcard DNS detection, TLD/ccTLD expansion, related domain discovery via certificate transparency, ASN neighbor enumeration, passive DNS history, and attack surface summary. 8 techniques across 3 phases. |
| osintA | OSINT enrichment: Shodan host lookup, Censys search, reverse IP lookup, WHOIS information, Wayback Machine historical snapshots, and VirusTotal intelligence. Supports both IP and domain targets with auto-detection. 6 techniques in a single call. |
| analyzeA | Passive analysis of pre-collected data. No network calls. Supports three modes: headers (HTTP header fingerprinting), html (HTML source analysis), banner (service banner identification). |
| correlateC | Cross-layer correlation engine. Validates fingerprint consistency, detects honeypots, identifies spoofing, compares profiles, reconstructs infrastructure topology, detects C2 frameworks, and looks up fingerprint hashes. |
| metaA | Server info: lists all providers, tools, configuration, and known signature databases in a single response. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/fingerprint-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server