ExternalAttacker is an MCP server that combines automated external reconnaissance tools with a natural language interface. It integrates a suite of scanning and analysis capabilities (subdomain discovery, port scanning, HTTP analysis, CDN detection, TLS analysis, directory fuzzing, and DNS enumeration) so you can ask in plain English to perform specific checks on domains or targets, and the MCP server translates those requests into actionable tool invocations. This makes it easy to run comprehensive external attack surface assessments without manually orchestrating each tool.

To use it, start the MCP server using the Python script described in the Installation guide. Once running, you can issue queries such as: "Scan example.com for subdomains", "Check open ports on 192.168.1.1", "Analyze HTTP services on test.com", "Check if domain.com uses a CDN", "Analyze SSL configuration of site.com", or "Fuzz endpoints on target.com". The underlying tools (subfinder, naabu, httpx, cdncheck, tlsx, ffuf, gobuster, dnsx) will be invoked in sequence or as needed to fulfill your request, and results will be returned via the MCP interface.

The server exposes a natural language interface that maps to these toolchains, enabling rapid reconnaissance and reporting for external attack surface assessment projects. Be mindful of permissions and scope when scanning third-party domains.

Prerequisites:

• Python 3.8 or higher
• Go (for installing external tooling)
• MCP Client

Installation steps:

1. Clone the repository: git clone https://github.com/mordavid/ExternalAttacker-MCP.git cd ExternalAttacker

2. Install Python dependencies: pip install -r requirements.txt

3. Install required Go tools: go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest go install -v github.com/ffuf/ffuf@latest go install -v github.com/OJ/gobuster/v3@latest go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest

4. Run the MCP server script: python ExternalAttacker-App.py

   Access http://localhost:6991

5. Configure the MCP server (example): "mcpServers": { "ExternalAttacker-MCP": { "command": "python", "args": [ "<Your_Path>\ExternalAttacker-MCP.py" ] } }

Notes and tips:

• Ensure you have all required tools installed (subfinder, naabu, httpx, cdncheck, tlsx, ffuf, gobuster, dnsx) as listed in the setup steps.
• Run the MCP server from a location with access to the ExternalAttacker-MCP.py script and the dependencies.
• The MCP server is designed for external attack surface scanning; use within authorized environments only.
• The HTTP API or UI (if available) will relay results back to you; customize the queries to leverage the full range of scanning capabilities.
• If you encounter network or permission errors, verify PATH variables and ensure your environment has network access to the target domains.