Perufitlife/web-exposure-mcp

Overview

MCP server that directs an AI agent to scan a live URL for publicly accessible secret files like .git, .env, and source maps. It fetches the actual bytes to confirm exposure, operates read-only with zero dependencies.

Best for

Best for
Security auditors and developers checking for accidental public exposure of sensitive files on live web servers.

Use cases

• Scanning a website for exposed .git directories
• Checking for publicly accessible environment files
• Verifying directory listing vulnerabilities

Notes

MCP server that directs an AI agent to scan a live URL for publicly accessible secret files like .git, .env, and source maps. It fetches the actual bytes to confirm exposure, operates read-only with zero dependencies.

0 stars on GitHub. Last updated 2026-06-21. Licensed MIT.

Use cases

• Scanning a website for exposed .git directories
• Checking for publicly accessible environment files
• Verifying directory listing vulnerabilities

Pros

• Zero dependencies makes it easy to deploy
• Read-only operation reduces risk during scanning
• Simple JavaScript implementation fits into MCP ecosystem

Cons

• Only confirms by fetching bytes, may miss files blocked by IP restrictions
• No stars yet indicates limited community validation
• As MCP server, requires an AI agent to drive it

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.