mcp-censys
by nickpending
mcp-censys is a MCP server that taps into the Censys Search API for real-time domain, IP, and FQDN reconnaissance, now with enhanced MCP Prompt Templates. It turns natural language prompts into targeted Censys queries — surfacing host, DNS, cert, and service information in real-time.
Last updated: N/A
What is mcp-censys?
mcp-censys is a lightweight container that exposes precise reconnaissance tools through Claude-friendly functions, built on the official Censys Python SDK. It allows users to perform domain, IP, and FQDN reconnaissance using natural language prompts that are translated into Censys queries.
How to use mcp-censys?
Users interact with mcp-censys through a Model Context Protocol (MCP) client like Claude Desktop. The server provides tools like lookup_domain, lookup_domain_detailed, lookup_ip, new_fqdns, and host_services that can be called using natural language prompts. The server then queries the Censys API and returns the results in a format suitable for Claude to interpret and present to the user.
Key features of mcp-censys
Conversational Queries
Domain and IP Lookup
New FQDN Discovery
MCP-Compatible Tools
MCP Prompt Templates
Dockerized with .env support
Lightweight API Client
Use cases of mcp-censys
Investigating the infrastructure behind a domain.
Enriching an IP address with DNS, ASN, service, and TLS information.
Discovering recently observed FQDNs for a domain.
Identifying open ports and service banners on a given domain or IP.
Performing reconnaissance using natural language prompts.
FAQ from mcp-censys
What if no results are returned?
What if no results are returned?
Make sure the target is publicly visible, check your API key and rate limits, and ensure that DNS-based results rely on recent Censys observations.
How can I improve performance?
How can I improve performance?
Scan a single domain or IP at a time for faster results and use lookup_domain or lookup_ip for focused data.
What should I do if I experience API response issues?
What should I do if I experience API response issues?
Ensure you're using the latest version. The tools handle pagination automatically - lookup_domain collects all available results, while lookup_domain_detailed shows a limited sample. For domains with many results, queries may take longer to complete due to multiple API requests.
What are the limitations of new_fqdns?
What are the limitations of new_fqdns?
new_fqdns does not represent true 'first seen' FQDNs; it filters by last observed timestamps.
Is this tool intended for batch scans?
Is this tool intended for batch scans?
No, this tool is intended for conversational, single-target analysis (not batch scans).