Skip to main content
Glama
scottmartinanderson

Clearfront MCP Server

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
CENSYS_PATNoCensys Platform Personal Access Token
GITHUB_TOKENNoGitHub API token for search_github tool (raises rate limit)
HIBP_API_KEYNoHaveIBeenPwned API key for search_breach tool
IPINFO_TOKENNoipinfo.io token for higher rate limits on search_ip tool
OPENAI_MODELNoModel name to request from the OpenAI-compatible endpointgpt-4o-mini
CENSYS_ORG_IDNoCensys Organization ID
OPENAI_API_KEYNoAPI key for the OpenAI-compatible endpoint
SERPER_API_KEYNoSerper.dev Google SERP API key for search_dorks_live and search_footprint
SHODAN_API_KEYNoShodan API key for search_shodan tool
OPENAI_BASE_URLNoBase URL of an OpenAI-compatible endpoint (e.g., http://localhost:4000/v1)
ABUSEIPDB_API_KEYNoAbuseIPDB v2 API key for search_abuseipdb tool
ANTHROPIC_API_KEYNoAnthropic API key for AI agent (required if not using Ollama or OpenAI compatibility)
BRIGHTDATA_API_KEYNoBright Data API key for search_dorks_live and scrape_url
VIRUSTOTAL_API_KEYNoVirusTotal API v3 key for search_virustotal tool
IP2LOCATION_API_KEYNoIP2Location.io API key for search_ip2location tool
BRIGHTDATA_SERP_ZONENoBright Data SERP API zone name
BRIGHTDATA_UNLOCKER_ZONENoBright Data Web Unlocker zone name

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
search_emailA

Enumerate accounts linked to an email using holehe. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_usernameA

Enumerate and verify platforms where a username is registered, using sherlock plus a WhatsMyName subset of modern/niche sites. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_maigretA

Broad username/identity discovery across 3,000+ sites via maigret (also extracts profile details). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_breachA

Check if an email appears in data breaches via HaveIBeenPwned. Requires HIBP_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_gravatarA

Look up an email's public Gravatar profile: avatar, display name, bio, location, and linked/verified accounts. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_emailrepA

Email reputation and footprint summary via EmailRep.io (profiles seen, breach/abuse flags). Requires EMAILREP_API_KEY. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_cryptoA

Validate a Bitcoin or Ethereum address and return a keyless on-chain summary (balance, transactions, total received). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_harvesterA

Passive organisation/domain recon via theHarvester: emails, people, and subdomains from public sources (passive only, no active probing). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_whoisA

Retrieve WHOIS registration data for a domain. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_ipA

Retrieve geolocation and ASN data for an IP address via ipinfo.io. Omit 'ip' (or pass 'me') to auto-detect the caller's own public IP. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_exposureA

Risk-ranked IP exposure report (geolocation, ASN, reverse-DNS, DNS blocklists, VPN/Tor flags). Omit 'ip' (or pass 'me') to check the caller's own public IP. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_domainB

Enumerate subdomains of a target domain using sublist3r. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_crtA

Enumerate subdomains from certificate transparency logs via crt.sh. Keyless and purely passive (public CA logs), surfaces internal/staging hosts that never resolve publicly. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_waybackA

List URLs archived under a domain in the Internet Archive (Wayback Machine) via the keyless CDX API. Passive; recovers deleted, forgotten, or historical pages. Pairs with scrape_url to fetch a recovered page. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_greynoiseA

Check an IP against the GreyNoise Community API: internet background noise (mass scanner) vs. potentially targeted actor. Returns classification, noise/RIOT flags, org, and last-seen. Community tier is 50 lookups/week, so use selectively. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_hudsonrockA

Check whether an email or username appears in Hudson Rock's free Cavalier infostealer index (malware-stolen credentials). Reports exposure yes/no plus infection metadata (count, dates, OS, antivirus, malware file, affected-service counts). AUTHORIZED-USE ONLY: for your own or an authorized identifier's exposure so credentials can be rotated. Uses only the free masked tier; never returns passwords or login URLs. Keyless. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

generate_dorksA

Generate targeted Google dork URLs for any target (name, email, username, domain). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_pasteA

Search public paste sites for an email or username (HIBP paste index + search-engine dorking). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_phoneA

Gather carrier and geolocation data for a phone number using phoneinfoga. Use E.164 format. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_shodanA

Query Shodan for host intelligence or banner search. IP address → host lookup (open ports, org, CVEs). Any other string → keyword/service search. Requires SHODAN_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_virustotalA

Check IP, domain, URL, or file hash against VirusTotal's 70+ antivirus engines and threat intelligence. Auto-detects input type. Requires VIRUSTOTAL_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_censysA

Search Censys for internet-facing infrastructure data. IP address → open ports, services, ASN, country. Domain → certificate history, SANs, issuer, first/last seen. Requires CENSYS_PAT (free plan = IP lookups; domain search is paid). Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_ip2locationA

Enhanced IP intelligence using IP2Location Security Plan. Returns geolocation, ISP, ASN, and detects VPN, proxy, Tor exit nodes, and datacenter hosting. Sponsored integration. Requires IP2LOCATION_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_abuseipdbA

Check an IP address against the AbuseIPDB v2 API for abuse reputation. Returns abuse confidence score (0–100%), total reports, country, ISP, domain, and last reported timestamp. Shows a warning when score exceeds 50%. Requires ABUSEIPDB_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_githubA

Search GitHub for a username, email, or keyword. For exact username matches: returns full profile, recent repos, and emails discovered from commit history. For other queries: top 5 matching accounts. With a GITHUB_TOKEN it also searches public code for secrets/keys tied to the target, reported as exposure (location and type only, never the value). Optional GITHUB_TOKEN env var raises rate limit from 60 to 5000 req/h. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_dnsA

Comprehensive DNS record enumeration (A, AAAA, MX, NS, TXT, CNAME, SOA). Highlights email security misconfigurations: missing SPF, weak SPF policy, missing or unenforced DMARC, and absent DKIM across common selectors. No external API or credentials required. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_exifA

Extract embedded metadata (EXIF/IPTC/XMP) from a local file via exiftool, camera make/model, software, timestamps, author, and GPS coordinates. Flags embedded GPS location. Input is a local file path. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_dorks_liveA

Execute Google dork queries for a target via the Bright Data SERP API, returning live structured results (title, URL, snippet). Runs up to 5 dorks by default, each is a billable API call. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_SERP_ZONE env vars. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

scrape_urlA

Fetch any public URL through the Bright Data Web Unlocker API, bypassing Cloudflare, CAPTCHA, and bot-protection. Returns the page as clean Markdown. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_UNLOCKER_ZONE env vars. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

search_footprintA

Find a target's real public profiles by searching the web (entity-type-aware: email, username, domain, phone, full name). Returns structured results and Entity Correlation Graph nodes/edges. Works free via DuckDuckGo; uses Bright Data SERP (Google) automatically if configured. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

investigate_multiA

Investigate multiple targets in parallel using the full OSINT tool chain. Each target gets its own report file. A summary report is also generated. Maximum 10 targets. Requires ANTHROPIC_API_KEY env var. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/scottmartinanderson/clearfront'

If you have feedback or need assistance with the MCP directory API, please join our Discord server