Enterprise DNA
M MCP Servers Developer low

Perufitlife/web-exposure-mcp

by Various

MCP server that points an AI agent at a live URL and confirms publicly-served secret files — exposed .git, .env, JS source maps, backup/SQL dumps, directory listing, dotfiles — by

P

MCP

Perufitlife/web-exposure-mcp

Added 26 June 2026

#ai-agents #attack-surface-management #devsecops #dotenv-security #exposed-git #mcp #model-context-protocol #secrets-detection

Overview

MCP server that directs an AI agent to scan a live URL for publicly accessible secret files like .git, .env, and source maps. It fetches the actual bytes to confirm exposure, operates read-only with zero dependencies.

Best for

Best for
Security auditors and developers checking for accidental public exposure of sensitive files on live web servers.

Use cases

  • Scanning a website for exposed .git directories
  • Checking for publicly accessible environment files
  • Verifying directory listing vulnerabilities

Notes

MCP server that directs an AI agent to scan a live URL for publicly accessible secret files like .git, .env, and source maps. It fetches the actual bytes to confirm exposure, operates read-only with zero dependencies.

0 stars on GitHub. Last updated 2026-06-21. Licensed MIT.

Use cases

  • Scanning a website for exposed .git directories
  • Checking for publicly accessible environment files
  • Verifying directory listing vulnerabilities

Pros

  • Zero dependencies makes it easy to deploy
  • Read-only operation reduces risk during scanning
  • Simple JavaScript implementation fits into MCP ecosystem

Cons

  • Only confirms by fetching bytes, may miss files blocked by IP restrictions
  • No stars yet indicates limited community validation
  • As MCP server, requires an AI agent to drive it

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Zero dependencies makes it easy to deploy
  • Read-only operation reduces risk during scanning
  • Simple JavaScript implementation fits into MCP ecosystem

Cons

  • Only confirms by fetching bytes, may miss files blocked by IP restrictions
  • No stars yet indicates limited community validation
  • As MCP server, requires an AI agent to drive it