attack-surface-mcp-server

Optional Shodan API key. Enables attacksurface_lookup_host; absent → that one tool returns source_unavailable and the rest of the server works.

Optional Certspotter API key. Raises CT-fallback rate limits; absent → free unauthenticated tier.

Comma-separated default DNS resolver IPs for attacksurface_resolve_dns.

Default User-Agent for attacksurface_probe_http (overridable per call).

Cap on subdomains resolved during a map_domain run.

RDAP bootstrap base URL; override for a private/mirrored RDAP.

Set true to disable the SSRF guard for internal-network assessment (local/trusted deployments only).

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').

The hostname for the HTTP server.

The port to run the HTTP server on.

The endpoint path for the MCP server.

Authentication mode to use: 'none', 'jwt', or 'oauth'.

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').