MCP.so
Sign In
Servers

Cybersecurity Intelligence

@apifyforge

Cybersecurity intelligence for AI agents — search 200,000+ CVEs, check the CISA Known Exploited Vulnerabilities catalog, enumerate subdomains via Certificate Transparency, audit DNS and email security, scan internet-exposed hosts via Censys, and investigate domain registration —

Overview

What is Cybersecurity Intelligence?

A Model Context Protocol server that consolidates six authoritative cybersecurity data sources—NIST NVD, CISA KEV, Censys, crt.sh, DNS/email security, and WHOIS/RDAP—into a single tool interface. Designed for security engineers, penetration testers, and AI agents to investigate CVEs, attack surface, domain reputation, and exposed hosts without manual tab-switching.

How to use Cybersecurity Intelligence?

Add the server’s URL and your Apify bearer token to any MCP-compatible client (Claude Desktop, Cursor, Windsurf) using the Streamable HTTP transport configuration. Alternatively, call tools directly via HTTP POST to https://cybersecurity-intelligence-mcp.apify.actor/mcp with an Authorization header and a JSON-RPC payload. Each request is stateless; spend controls halt execution if a budget limit is reached.

Key features of Cybersecurity Intelligence

  • Search 200,000+ CVEs from NIST NVD by keyword, severity, or CPE
  • Query CISA KEV catalog for actively exploited vulnerabilities
  • Enumerate subdomains passively via crt.sh Certificate Transparency logs
  • Audit DNS records and email security (SPF, DMARC, DKIM)
  • Perform WHOIS/RDAP lookups with domain age and expiry
  • Run unified domain intelligence with auto-generated risk indicators

Use cases of Cybersecurity Intelligence

  • Vulnerability management and patch prioritization via parallel NVD + KEV cross‑reference
  • Attack surface and subdomain discovery using passive CT log enumeration
  • Phishing domain and brand protection investigation with risk scoring
  • Vendor and third‑party risk assessment without internal system access
  • Security‑aware AI agent workflows that autonomously triage CVEs and domains

FAQ from Cybersecurity Intelligence

What data sources does the server use?

NIST NVD for CVE details, CISA KEV for exploited vulnerabilities, Censys for internet host scanning, crt.sh for certificate transparency, system DNS for records and email security, and WHOIS/RDAP for domain registration data.

How do I authenticate to the server?

Include an Authorization: Bearer YOUR_APIFY_TOKEN header in all requests. The token is obtained from your Apify console account.

What runtime does this server require?

Any MCP-compatible client (Claude Desktop, Cursor, Windsurf) with support for the Streamable HTTP transport. No local installation or Docker is needed; the server runs on Apify’s platform.

Are there any usage limits or costs?

Censys queries require free-tier API credentials (250 queries/month); without credentials the tool returns demo data. Apify per‑run spending controls are enforced via a budget gate that halts execution when the limit is reached.

Can I call the tools programmatically?

Yes. Each tool is accessible via HTTP POST with a standard JSON‑RPC 2.0 payload to the same endpoint, using your bearer token. Eight tools are available, from cyber_search_vulnerabilities to cyber_domain_intelligence.

More from Other