Censys MCP. Map an entire network's attack surface, not just one IP.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Censys connects to the world's largest internet scanning platform. It lets you search exposed services, track SSL certificates, and map an organization's attack surface through natural conversation.
Find open ports, see which hosts share a certificate, or compare two IP addresses to spot infrastructure changes. This is for deep network security analysis.
What your AI agents can do
Aggregate hosts
Groups host search results by a field (like country or port) and returns the count for each group.
Get account info
Checks your remaining API quota and account limits.
Get certificate
Gets full, parsed details for a specific SSL/TLS certificate using its fingerprint.
Find internet-facing IP addresses by specifying services, ports, operating systems, or geographic location.
Retrieve all open ports, running services, geo-location, and OS detection for a specific IP address.
Identify all hosts that share a specific SSL/TLS certificate, returning their IPs and ports.
Fetch full parsed data for a certificate using its unique fingerprint.
Analyze the differences between two specified IP addresses to spot changes or similarities.
Group search results by a field (like country or port) and count how many hosts fall into each group.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
019d8423aggregate hosts
Groups host search results by a field (like country or port) and returns the count for each group.
019d8423get account info
Checks your remaining API quota and account limits.
019d8423get certificate
Gets full, parsed details for a specific SSL/TLS certificate using its fingerprint.
019d8423get certificate hosts
Finds all hosts that use a specific certificate, listing their IPs and ports.
019d8423get host
Retrieves all open ports, services, OS, and geo-location data for a single IP address.
019d8423get host history
Shows how a host's services, ports, and certificates changed over time, providing a timeline of changes.
019d8423search certificates
Searches for SSL/TLS certificates using criteria like issuer name, validity date, or key algorithm.
019d8423search hosts
Searches for internet-connected hosts using powerful queries like service name, port, or geographic location.
019d8423view host diff
Compares two specific hosts to pinpoint the differences in their services and infrastructure.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Censys, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Censys MCP Server - Map Network Attack Surface
This server lets you dig into the world's biggest internet scanning platform using your AI client. You can search for exposed services, track SSL/TLS certs, and map out an organization's attack surface just by talking to it. You're looking for deep network security analysis, period.
Search for Hosts
You can find internet-facing IP addresses by specifying services, ports, operating systems, or geographic location using the search_hosts tool. Get Detailed Host Info
With get_host, you pull all the open ports, running services, geo-location, and OS detection data for any single IP address. View Host History
get_host_history shows you how a host's services, ports, and certs changed over time, giving you a full timeline of infrastructure shifts. Track Certificate Usage
If you know a certificate, get_certificate_hosts finds every host using it, listing their IPs and ports. View Certificate Details
You grab full, parsed data for a specific SSL/TLS certificate using its unique fingerprint with get_certificate. Search for Certificates
You can search for SSL/TLS certs using criteria like the issuer name, validity date, or key algorithm through search_certificates. Compare Infrastructure
view_host_diff compares two specific hosts, pointing out exactly what's different in their services and infrastructure. Analyze Data Distribution
Use aggregate_hosts to group host search results by a field—like country or port—and count how many hosts fall into each group. Check Your Account
get_account_info checks your remaining API quota and account limits.
How Censys MCP Works
- 1 First, subscribe to the Censys server and input your API ID and Secret.
- 2 Next, talk to your AI client (Claude, Cursor, etc.) and ask it to run a query (e.g., 'Find all web servers using Nginx in Germany').
- 3 The client runs the tool, and you get back structured data showing the hosts, services, or certificates that match the criteria.
The bottom line is: you talk to your AI client, it uses the Censys tools, and you get back structured data about internet exposure.
Who Is Censys MCP For?
Security researchers, system administrators, and threat hunters. If you spend your day mapping an organization's digital footprint or trying to find an overlooked misconfiguration, this is for you. Stop clicking through dashboards to piece together a picture; let your agent run the full query.
Discover exposed services, track vulnerabilities, and analyze a target's full attack surface.
Monitor their organization's external exposure, identify misconfigurations, and check if a host changed since the last scan.
What Changes When You Connect
- See what's exposed right now: Use
get_hostto instantly pull all open ports, services, and OS details for a specific IP address. - Track certificate sprawl: Use
get_certificate_hoststo find every single host that shares a suspicious certificate, even if you don't know the IP. - Spot infrastructure drift: Run
view_host_diffto compare two hosts and instantly see what services or ports changed between scans. - See historical changes:
get_host_historyprovides a timeline, letting you know exactly when a host opened or closed a service. - Analyze global patterns:
aggregate_hostscounts how many hosts use a certain port or are located in a specific country. - Manage credentials:
get_account_infolets you check your API quota before running a massive search.
Real-World Use Cases
Investigating a suspicious domain
A threat hunter finds a suspicious domain. Instead of just checking the IP, they ask their agent to use get_host to see all open ports and services. Then, they use search_certificates to find all other domains using that certificate, mapping the full related infrastructure.
Auditing internal network changes
A sysadmin needs to know if a critical server changed its public-facing services. They use view_host_diff to compare the current host state against a baseline host, immediately flagging any unauthorized port openings or service changes.
Mapping certificate dependencies
A researcher gets a certificate fingerprint. They use get_certificate_hosts to find every single host using it. This quickly reveals the full scope of assets tied to that single credential.
Profiling an industry segment
An analyst wants to know how many companies in a specific region run Nginx. They use search_hosts with filters for 'nginx' and 'location:country' to quickly build a statistical profile of the industry.
The Tradeoffs
Checking IP one by one
Running get_host for 100 different IPs sequentially to build a picture. This is slow, hits rate limits, and is a huge waste of time.
→
Use search_hosts first to narrow down the list of IPs. Then, use aggregate_hosts on that result set to count service distributions across the whole group. Don't check IPs individually.
When It Fits, When It Doesn't
Use this if you need to know the external attack surface, not the internal one. It's best for discovery and risk assessment. Use search_hosts when you don't know the target IP, but know the criteria (e.g., 'port 80' or 'service nginx'). Use get_host when you have the specific IP and need all its current details. Use view_host_diff only when you need to compare two known IPs. Don't use this if you only need to check internal corporate assets—it's for the public internet. If you only need to check certificate expiry, use search_certificates alone.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Censys. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 9 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Figuring out a network's exposure shouldn't be a manual, 10-step process.
Before, mapping an organization's public footprint meant clicking into a few dashboards, running multiple queries, and manually cross-referencing certificate IDs with host IPs. You'd spend hours just trying to piece together the relationships between services, hosts, and certificates.
Now, your agent handles the whole sequence. You ask it to map the attack surface, and it runs the necessary tools (`search_hosts`, `get_certificate_hosts`, `get_host`) and gives you a structured report of every exposed service and every related asset.
Censys MCP Server: Map network exposure with full automation.
You don't have to remember which tool tracks history, which finds certificate owners, or which searches by port. Your agent orchestrates it all. It runs `get_host_history` and `get_certificate_hosts` in a single, complex query based on your simple request.
It's not just a list of tools; it's a fully automated investigation engine. You get the complete picture, every time.
Common Questions About Censys MCP
How do I find all hosts using a specific certificate with Censys MCP Server? +
Use the get_certificate_hosts tool. You feed it the certificate fingerprint, and it returns all associated IP addresses and ports, regardless of how many hosts are involved.
What's the difference between `search_hosts` and `get_host`? +
search_hosts finds potential targets based on criteria (e.g., 'port 80'). get_host requires a specific IP address and gives all known details about that one machine.
Can I track changes to a host's services over time? +
Yes, use get_host_history. You provide the IP, and it returns a timeline detailing when services, ports, and certificates changed.
How do I find related assets using a certificate? +
Run get_certificate_hosts. This tool links a certificate fingerprint to all associated IPs and ports, helping you map the full dependency tree.
What is the best way to find hosts running a specific service like Nginx? +
Use search_hosts. You can query by service name, which is much faster and broader than trying to guess the exact port number.
How do I check my remaining quota using the `get_account_info` tool? +
You use get_account_info to view your current usage. This tool reports your remaining API quota and account limits, so you never hit an unexpected paywall.
What kind of data does `get_host` return for a specific IP? +
get_host returns a full profile for an IP address. You get open ports, service banners, OS detection, geolocation, and ASN details all in one place.
How do I compare the infrastructure between two different IPs using `view_host_diff`? +
view_host_diff identifies the differences between two hosts. It shows you exactly what services, ports, or configurations changed when comparing the two IP addresses.
How do I get Censys API credentials? +
Sign up for a free account at censys.io, go to your account page and generate API credentials. Free tier includes limited queries per day.
What kind of hosts can I find? +
Censys scans the entire IPv4 space regularly. You can find web servers, databases, SSH servers, mail servers, IoT devices, industrial control systems and any internet-facing service.
What query syntax is supported? +
Censys supports powerful query syntax: service name (services.service_name: HTTP), port (services.port:443), certificate fields (parsed.subject.country: US), OS detection (metadata.os: Linux), ASN, geographic location and boolean operators (AND, OR, NOT).
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
IBM QRadar
Connect IBM QRadar to any AI agent via MCP.
Nmap Online
Perform network discovery and security auditing via Nmap — track port scans, DNS lookups, and traceroutes directly from your AI agent.
CyberArk Privilege Cloud
Manage privileged access via CyberArk — audit secure safes, checkout vaulted account passwords, monitor users, and terminate sessions directly from any AI agent.
You might also like
IBGE Full Access — Dados Brasileiros
The ultimate Brazil data Mega-Server: 15 tools spanning census, cities, CNAE economy, name trends, survey indicators, IBGE news, and country comparisons — all of Brazil's official statistics in one zero-auth integration.
Winston AI
Detect AI-generated content in essays, articles, and documents with high accuracy for educational institutions and publishers.
Hexometer
Automate website monitoring via Hexometer — monitor uptime, performance, and health directly from any AI agent.