External Attacker

v1.0.0Securitystable

A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.

bug-bountybugbountybugbounty-tooldnsxexternalattacker
Share:
77
Stars
0
Downloads
0
Weekly
0/5

What is External Attacker?

External Attacker is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.

A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A modular external attack surface mapping tool integrating t

Use Cases

Automate external attack surface mapping for reconnaissance.
Execute bug bounty and security assessment workflows.
MorDavid

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx externalattacker-mcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use External Attacker

ExternalAttacker MCP is a Python-based MCP server that brings automated external attack surface management directly into AI assistants via natural language. It orchestrates a suite of leading open-source security tools — subfinder for subdomain discovery, naabu for port scanning, httpx for HTTP service analysis, cdncheck for CDN detection, tlsx for TLS/SSL analysis, ffuf and gobuster for directory fuzzing, and dnsx for DNS enumeration — all driven through a plain English interface. Security researchers and bug bounty hunters can ask questions like 'scan example.com for subdomains' and have the AI translate the request into the correct tool invocations, aggregate results, and present findings. It is intended for use only on systems you have explicit authorization to test.

Prerequisites

  • Python 3.8 or later
  • Go (for installing the required ProjectDiscovery and other scanning tools)
  • The following Go tools installed and on PATH: subfinder, naabu, httpx, cdncheck, tlsx, ffuf, gobuster, dnsx
  • An MCP-compatible client such as Claude Desktop
  • Written authorization to test any target systems
1

Clone the repository

Clone the ExternalAttacker-MCP repository to your local machine.

git clone https://github.com/MorDavid/ExternalAttacker-MCP.git
cd ExternalAttacker-MCP
2

Install Python dependencies

Install the required Python packages from the requirements file.

pip install -r requirements.txt
3

Install required Go scanning tools

Install all the external scanning tools that ExternalAttacker orchestrates. These must be on your PATH when the MCP server starts.

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest
go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest
go install -v github.com/ffuf/ffuf@latest
go install github.com/OJ/gobuster/v3@latest
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
4

Configure the MCP server in your client

Add ExternalAttacker to your MCP client configuration. The server runs as a Python script — replace <Your_Path> with the absolute path to the cloned repository.

{
  "mcpServers": {
    "ExternalAttacker-MCP": {
      "command": "python",
      "args": ["<Your_Path>/ExternalAttacker-MCP.py"]
    }
  }
}
5

Optionally start the web UI

ExternalAttacker also ships a web application for viewing results. Run it separately if you want a browser-based interface alongside the MCP server.

python ExternalAttacker-App.py
# Then open http://localhost:6991 in your browser
6

Restart your MCP client and run your first scan

Restart Claude Desktop. You can now ask Claude to perform reconnaissance tasks against authorized targets using natural language commands.

External Attacker Examples

Client configuration

MCP configuration for ExternalAttacker running as a local Python script.

{
  "mcpServers": {
    "ExternalAttacker-MCP": {
      "command": "python",
      "args": ["/Users/you/ExternalAttacker-MCP/ExternalAttacker-MCP.py"]
    }
  }
}

Prompts to try

Natural language security reconnaissance prompts — only use against systems you have explicit permission to test.

- "Scan example.com for subdomains and list what you find"
- "Check what ports are open on 192.168.1.100"
- "Analyze HTTP services running on test.example.com"
- "Check if target.example.com is behind a CDN"
- "Analyze the SSL/TLS configuration of secure.example.com"
- "Enumerate DNS records for example.com using dnsx"

Troubleshooting External Attacker

Scanning tools not found — 'subfinder: command not found' or similar errors

Ensure Go is installed and the Go bin directory (usually ~/go/bin) is on your PATH. Run 'echo $PATH' and 'which subfinder' to verify. You may need to add 'export PATH=$PATH:$(go env GOPATH)/bin' to your shell profile and restart your terminal.

The MCP server fails to start with Python import errors

Run 'pip install -r requirements.txt' inside the cloned repository directory to ensure all Python dependencies are installed. If using a virtual environment, activate it before installing and ensure the MCP config's command uses the venv Python path.

Scans return no results or time out

Some tools (especially naabu for port scanning) require root/administrator privileges to send raw packets. Try running with sudo or check your firewall settings. Also verify the target domain/IP is reachable from your machine with a basic ping or curl before scanning.

Frequently Asked Questions about External Attacker

What is External Attacker?

External Attacker is a Model Context Protocol (MCP) server that modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install External Attacker?

Follow the installation instructions on the External Attacker GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with External Attacker?

External Attacker works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is External Attacker free to use?

Yes, External Attacker is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

External Attacker Alternatives — Similar Security Servers

Looking for alternatives to External Attacker? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "externalattacker-mcp": { "command": "npx", "args": ["-y", "externalattacker-mcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use External Attacker?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides