MCP Tool · Discovery
http_fingerprint
Inspect a URL's HTTP response: server/CDN detection, security headers audit (HSTS, CSP, X-Frame-Options…), and HTML <title> capture. Passive — sends only HEAD + GET with a browser-like user agent.
Input
| Name | Type | Required | Description |
|---|---|---|---|
| url | string | yes | Full URL to probe (e.g. https://example.com). Must include protocol. |
REST API
curl -H "Authorization: Bearer sic_..." \
-H "Content-Type: application/json" \
-X POST https://sicenter.io/api/tools/http_fingerprint \
-d '{"url":"<string>"}'MCP server
# MCP — call from Claude Desktop, Cursor, or any MCP client
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "http_fingerprint",
"arguments": {
"url": "<string>"
}
}
}Endpoint: https://sicenter.io/api/mcp. See /mcp for connection guides for Claude Desktop, Cursor, and custom orchestrators.
More tools in Discovery
- subdomain_enumPassively enumerate subdomains of a domain by querying certificate transparency logs (crt.sh). Fully passive — does not touch the target's authoritative DNS.
- port_scanRun a TCP connect scan on a host. By default probes the top ~40 common ports; an explicit port list or limit can be supplied. Returns open ports with best-effort service names.
- dns_recordsQuery authoritative DNS records (A/AAAA/MX/TXT/NS/CNAME/SOA) for a domain using the serverless resolver. No network beyond DNS.
- whois_lookupFetch domain registration metadata (registrar, registrant, creation / expiry dates, nameservers) via RDAP. HTTPS-based — does not use legacy port-43 WHOIS.
- tls_auditConnect once over TLS, capture the certificate chain + negotiated protocol/cipher, and surface findings (expired, expiring-soon, self-signed, weak protocol, weak cipher).
- email_postureInspect a domain's email-auth posture: SPF at apex, DMARC at _dmarc, and DKIM-presence across common selectors. DNS-only — no outbound HTTP.
Browse the full MCP server documentation or jump to the API key management page in your dashboard.