Perufitlife/web-exposure-mcp
БесплатноНе проверенPoints an AI agent at a live URL and confirms publicly-served secret files by fetching the bytes — exposed .git, .env, JS source maps, backup/SQL dumps, directo
Описание
Points an AI agent at a live URL and confirms publicly-served secret files by fetching the bytes — exposed .git, .env, JS source maps, backup/SQL dumps, directory listing, and dotfiles. Zero dependencies, read-only.
README
An MCP server that lets an AI agent point at a live deployed URL and confirm whether sensitive files are actually being served to the public — exposed
.git,.envsecrets, JavaScript source maps, backup/SQL dumps, directory listing, and dotfiles — by fetching the bytes and validating the content. Other tools give you a checklist of maybes; this reports only what is genuinely reachable, with evidence.
⚡ Run it in one line, no install, no API key:
npx web-exposure-mcp # MCP server (stdio) for your AI client npx -p web-exposure-mcp web-exposure-scan --url https://your-site.com # one-shot CLI
🤝 Want it done for you? Fixed-scope external-exposure audit — $99 / 24h: I verify every finding live and send a written report with the exact fixes and which credentials to rotate.
$ npx -p web-exposure-mcp web-exposure-scan --url https://demo.example.com
2 critical, 2 high, 1 medium — 5 CONFIRMED via anonymous fetch (39 requests)
CRITICAL /.git/config valid .git served — full source history downloadable
CRITICAL /.env 5 env vars served — API_KEY, DATABASE_URL, JWT_SECRET…
HIGH /main.js.map valid source map — 142 original sources reconstructable
HIGH /backup.sql SQL dump content served
MEDIUM /uploads/ directory listing enabled (Index of /uploads)
Why this exists
Publicly-served .git and .env files are routinely called one of the most
common high-impact findings in external attack-surface management — Acunetix,
Invicti and Legba all ship dedicated detections, and live HackerOne reports for
exposed .git/.env are filed continuously. June 2026 saw record
leaked-credential dumps, a large share sourced from live, misconfigured
servers rather than breached databases.
The MCP ecosystem already covers SSL, CORS, security-headers, SEO audits, and code/commit secret scanning (GitHub MCP, GitGuardian) — but no MCP server probes a deployed URL for publicly-served secret files. This fills that gap: your agent can audit the live edge of any deployment, the way an attacker actually sees it.
The hard part isn't requesting /.env — it's avoiding false positives. Most
modern sites answer 200 OK with index.html for every unknown path (SPA
catch-all). web-exposure-mcp therefore reads the bytes and fingerprints the
content (e.g. .git/config must parse as a git config, .env must contain
KEY=VALUE secret lines, an archive must start with the real magic bytes) —
so it flags facts, not guesses.
Tools (MCP)
| Tool | What it does |
|---|---|
scan_web_exposure |
Probe a live URL and return only the secret files genuinely served, with evidence. Args: url (required), only (optional check filter), timeout_ms. |
list_exposure_checks |
List every check id, severity and the paths it probes — feed ids into only. |
What it confirms
| Check id | Severity | Confirmed by |
|---|---|---|
git_exposed |
critical | /.git/config parses as a git config, or /.git/HEAD is a valid ref/sha |
env_exposed |
critical | dotenv served with ≥2 KEY=VALUE secret lines (not HTML) |
source_map |
high | .js.map parses as a source map with a sources[] array |
backup_artifact |
high | SQL-dump fingerprints, or ZIP/gzip magic bytes in the body |
directory_listing |
medium | the autoindex signature (Index of /…) is returned |
dotfile_served |
high | .htpasswd hashes, .npmrc/.netrc tokens, .aws/credentials, .ssh/id_rsa, .DS_Store, docker auth |
Every check fires at most once and only when the served bytes prove it. Read-only: the scanner never writes anything to the target, follows no redirects into other hosts, and reads at most 64 KB per file (so it fingerprints a multi-GB backup without downloading it).
Add to your AI client
Claude Desktop / Cursor / any MCP client — add to your mcpServers config:
{
"mcpServers": {
"web-exposure": {
"command": "npx",
"args": ["-y", "web-exposure-mcp"]
}
}
}
Then ask your agent: “Scan https://staging.myapp.com for publicly exposed secret files.”
CLI usage
# Probe a live deployment
npx -p web-exposure-mcp web-exposure-scan --url https://your-site.com
# Run only specific checks
npx -p web-exposure-mcp web-exposure-scan --url https://your-site.com --only git_exposed,env_exposed
# Tighter per-request timeout
npx -p web-exposure-mcp web-exposure-scan --url https://your-site.com --timeout 8000
Output is JSON on stdout (pipe into CI) and a one-line summary on stderr.
Install (optional)
npm i -g web-exposure-mcp
web-exposure-mcp # start the MCP server (stdio)
web-exposure-scan --url https://site.com # one-shot scan
Zero dependencies, pure Node ≥18. Every request goes straight from the tool to the target you name — nothing leaves your machine.
Sister tools
Same active-probe philosophy — confirm the real issue by fetching it, not by trusting a checklist. All MIT:
supabase-security · strapi-security · pocketbase-security · firebase-security · appwrite-security · nhost-security
License
MIT © Renzo Madueno
📚 Part of Awesome Backend Security Auditors — the full collection of keyless active-probe auditors.
Установка Perufitlife/web-exposure-mcp
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Perufitlife/web-exposure-mcpFAQ
Perufitlife/web-exposure-mcp MCP бесплатный?
Да, Perufitlife/web-exposure-mcp MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Perufitlife/web-exposure-mcp?
Нет, Perufitlife/web-exposure-mcp работает без API-ключей и переменных окружения.
Perufitlife/web-exposure-mcp — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Perufitlife/web-exposure-mcp в Claude Desktop, Claude Code или Cursor?
Открой Perufitlife/web-exposure-mcp на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
wenb1n-dev/SmartDB_MCP
A universal database MCP server supporting simultaneous connections to multiple databases. It provides tools for database operations, health analysis, SQL optim
автор: wenb1n-devPostgres Server
This server enables interaction with PostgreSQL databases through the Model Context Protocol, optimized for the AWS Bedrock AgentCore Runtime. It provides tools
автор: madhurprashPostgres
Query your database in natural language
автор: AnthropicPostgreSQL
Read-only database access with schema inspection.
автор: modelcontextprotocolCompare Perufitlife/web-exposure-mcp with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории data
