Schema | attack-surface-mcp-server

attack-surface-mcp-server

Describes the environment variables required to run the server.

Name	Required	Description	Default
`OTEL_ENABLED`	No	Enable OpenTelemetry instrumentation.	false
`MCP_AUTH_MODE`	No	Auth mode: none, jwt, or oauth.	none
`MCP_HTTP_PORT`	No	Port for HTTP server.	3010
`MCP_LOG_LEVEL`	No	Log level (RFC 5424).	info
`SHODAN_API_KEY`	No	Enables attacksurface_lookup_host. Absent → that tool returns source_unavailable; every other tool keeps working.
`MCP_TRANSPORT_TYPE`	No	Transport: stdio or http.	stdio
`CERTSPOTTER_API_KEY`	No	Raises Certspotter rate limits for the CT-log subdomain fallback. Absent → free unauthenticated tier (rate-limited but functional).
`ATTACKSURFACE_MAX_SUBDOMAINS`	No	Cap on subdomains resolved during a map_domain run — bounds fan-out cost.	200
`ATTACKSURFACE_HTTP_USER_AGENT`	No	Default User-Agent for attacksurface_probe_http (overridable per call).
`ATTACKSURFACE_DEFAULT_RESOLVERS`	No	Comma-separated default DNS resolver IPs for attacksurface_resolve_dns.	8.8.8.8,1.1.1.1,9.9.9.9
`ATTACKSURFACE_RDAP_BOOTSTRAP_URL`	No	RDAP bootstrap base URL; override for a private/mirrored RDAP.	https://rdap.org
`ATTACKSURFACE_ALLOW_PRIVATE_TARGETS`	No	Set true to disable the SSRF guard for internal-network assessment. Leave false on any public deployment — it is the safety boundary that keeps the server from being pointed at internal infrastructure.	false

Server capabilities have not been inspected yet.

Functions exposed to the LLM to take actions

Name	Description
No tools

Interactive templates invoked by user choice

Name	Description
No prompts

Contextual data attached and managed by the client

Name	Description
No resources

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cyanheads/attack-surface-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server