Public

ExternalAttacker-MCP

Try Now

2025-04-07

A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.

3 years

Works with Finder

1

Github Watches

7

Github Forks

25

Github Stars

ExternalAttacker MCP Server

Model Context Protocol (MCP) Server for External Attack Surface Management

ExternalAttacker is a powerful integration that brings automated scanning capabilities with natural language interface for comprehensive external attack surface management and reconnaissance.

🔍 Automated Attack Surface Management with AI!
Scan domains, analyze infrastructure, and discover vulnerabilities using natural language.

🔍 What is ExternalAttacker?

ExternalAttacker combines the power of:

Automated Scanning: Comprehensive toolset for external reconnaissance
Model Context Protocol (MCP): An open protocol for creating custom AI tools
Natural Language Processing: Convert plain English queries into scanning commands

📱 Community

Join our Telegram channel for updates, tips, and discussion:

Telegram: https://t.me/root_sec

✨ Features

Natural Language Interface: Run scans using plain English
Comprehensive Scanning Categories:
- 🌐 Subdomain Discovery (subfinder)
- 🔢 Port Scanning (naabu)
- 🌍 HTTP Analysis (httpx)
- 🛡️ CDN Detection (cdncheck)
- 🔐 TLS Analysis (tlsx)
- 📁 Directory Fuzzing (ffuf, gobuster)
- 📝 DNS Enumeration (dnsx)

📋 Prerequisites

Python 3.8 or higher
Go (for installing tools)
MCP Client

🔧 Installation

Clone this repository:

git clone https://github.com/mordavid/ExternalAttacker-MCP.git
cd ExternalAttacker

Install Python dependencies:
```
pip install -r requirements.txt
```

Install required Go tools:

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest
go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest
go install -v github.com/ffuf/ffuf@latest
go install github.com/OJ/gobuster/v3@latest
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest

Run ExternalAttacker-App.py

python ExternalAttacker-App.py
# Access http://localhost:6991

Configure the MCP Server

"mcpServers": {
    "ExternalAttacker-MCP": {
        "command": "python",
        "args": [
            "<Your_Path>\\ExternalAttacker-MCP.py"
        ]
    }
}

🚀 Usage

Example queries you can ask through the MCP:

"Scan example.com for subdomains"
"Check open ports on 192.168.1.1"
"Analyze HTTP services on test.com"
"Check if domain.com uses a CDN"
"Analyze SSL configuration of site.com"
"Fuzz endpoints on target.com"

📜 License

MIT License

🙏 Acknowledgments

The ProjectDiscovery team for their excellent security tools
The MCP community for advancing AI-powered tooling

Note: This is a security tool. Please use responsibly and only on systems you have permission to test.

Reviews

5 (1)

user_lEURjRFz

2025-04-17

I've been using ExternalAttacker-MCP by MorDavid and it's truly impressive. The tool is well-crafted, delivering excellent performance in external attack simulations. The documentation is clear, and the welcome info gets you started quickly. Great job, MorDavid! Highly recommend checking it out: [ExternalAttacker-MCP](https://github.com/MorDavid/ExternalAttacker-MCP).