MCP Server

Use the Platform Model Context Protocol (MCP) Server to give your AI agents and workflows secure, governed, and direct access to the entire Censys Internet Map and Platform APIs, empowering you to hunt, triage, and respond at machine speed.

MCP is an open standard designed by Anthropic to help AI agents leverage trusted external data and tools.

The MCP Server is a service hosted by Censys. The server is a beta feature that can be used by any Censys user with access to the API. API calls executed via integration with the server count against your credit balance.

Prerequisites

Obtain or set up a Platform Personal Access Token (PAT).
- You must have the API Access role to create a PAT.
Obtain your Platform organization ID. This is shown in URLs when you access the Platform web UI.

Integrate with the Censys hosted MCP Server

Use the instructions below to integrate the Censys hosted MCP Server with your tools.

Add the following to your Cursor MCP configuration file (~/.cursor/mcp.json). You can access this file in the UI by going to Cursor Settings > Tools & Integrations and clicking + New MCP Server.

{
  "mcpServers": {
    "censys-platform": {
      "url": "https://mcp.platform.censys.io/platform/mcp/",
      "headers": {
        "X-Organization-ID": "your-organization-id",
        "Authorization": "Bearer your-censys-personal-access-token"
      }
    }
  }
}

After configuring your integration, test it by prompting your agent with a question like What services are running on 8.8.8.8?

The output may depend on your specific configuration, but your agent should use a GET HOST Platform API endpoint to retrieve information about the host and provide a human-readable summary.

Endpoints and workflows

The MCP Server can utilize all of the publicly available Platform API endpoints. In addition to those endpoints, the server features several additional workflows to help it interpret input and output useful information. These are primarily used to analyze the Platform data schemas and help you understand the types of data you can query. Additionally, there are other "helper" tools built into the server for contextual use cases, such as looking up web assets affected by a particular CVE.

Example use cases

The MCP Server currently works best for retrieving and summarizing information about individual or bulk web assets and pivoting from information obtained from those lookups.

Investigate and pivot from a suspicious IP or web property

Use your AI agent to look up details about the host or web property a system in your environment has connected to using input like what services are running on 1.1.1.1?
If the asset appears unremarkable in its current state, instruct your agent to investigate the asset's history in a time frame that interests you.
If you obtain values of interest, instruct your agent to perform additional searches using those values to find related infrastructure. For example, prompt it to find other host services or web properties running the same certificates that you found on your first host or web property.
If you are able to identify indicators of interest, instruct your agent to build a collection targeting those indicators. Then, set up alerts to receive notifications about changes to the collection.

Gain visibility into exposed assets

Instruct your agent to search your organization's CIDR.
Identify host services associated with your organization that should not be exposed.
Use your agent to investigate the history of a host with an exposed service to identify when the service was exposed.
Remediate the exposure and consider using your agent to build a collection monitor for additional exposures.