Entity Attack Surface
@apifyforge
Entity attack surface mapping for any domain — via the Model Context Protocol.
Overview
What is Entity Attack Surface?
Entity Attack Surface is an MCP server that orchestrates 11 passive reconnaissance sources to map an organization’s digital exposure for any domain. It is designed for MSSPs, cyber insurers, SOC teams, and M&A due diligence analysts who need structured, AI-ready security intelligence without active scanning.
How to use Entity Attack Surface?
Add the endpoint URL https://ryanclinton--entity-attack-surface-mcp.apify.actor/mcp to your MCP client (Claude Desktop, Cursor, Windsurf) with your Apify API token as the Bearer token. Then ask your AI assistant to run an assessment using one of eight MCP tools, such as discover_attack_surface or attack_vector_report. The server operates in standby mode on Apify’s infrastructure with no additional setup required.
Key features of Entity Attack Surface
- 8 specialized MCP tools for passive reconnaissance
- 11-actor parallel orchestration across sources
- Exposure Score (0-100) with five letter grades
- CISA KEV cross-referencing with remediation deadlines
- Passive reconnaissance only — no active scanning
- Pay-per-event pricing per tool call
Use cases of Entity Attack Surface
- MSSP client portfolio assessments: Automate monthly external exposure sweeps across 50–500 clients, surfacing new CISA KEV matches and dangerous ports.
- Cyber insurance underwriting: Generate composite A-F cyber ratings with dimensional breakdowns during pre-bind to tier applicants and justify pricing.
- SOC continuous monitoring: Schedule daily or weekly assessments to detect infrastructure changes, new subdomains, or certificate expirations via webhooks to SIEM.
- M&A technical due diligence: Run full attack vector reports and code exposure scans on acquisition targets to quantify security liability before signing.
- Vendor risk management: Rate third-party vendors on email security, SSL hygiene, network exposure, and tech complexity; flag missing SPF/DMARC or expired certificates.
FAQ from Entity Attack Surface
What data sources does Entity Attack Surface use?
It combines 11 passive sources: DNS records, crt.sh Certificate Transparency, WHOIS, Censys host search, IP geolocation, NVD CVEs, CISA KEV, web technology fingerprinting, Wayback Machine, GitHub repo search, and website change monitoring.
How is the Exposure Score calculated?
The score (0–100) is computed across four weighted dimensions: Infrastructure Exposure (0–30), Vulnerability Exposure (0–30), Code & Data Exposure (0–20), and Historical Drift (0–20), then mapped to a grade (MINIMAL, LOW, MODERATE, HIGH, CRITICAL EXPOSURE).
Does Entity Attack Surface perform active scanning?
No, it is entirely passive reconnaissance. No packets are sent to the target; all data is gathered from public sources and APIs.
What authentication and pricing model does Entity Attack Surface use?
Requests require an Apify API token passed as a Bearer token. Pricing is pay-per-event, charged only when a tool is called, not per actor run or data row. Tool event prices range from $2.00 to $4.00.
How can I integrate Entity Attack Surface results into other tools?
Results are returned as structured JSON. They can be routed to Slack, email, Google Sheets, Zapier, Make, HubSpot, or custom SIEM pipelines via Apify webhooks and integrations.