Home Products
Tools
mpx-scan mpx-api mpx-db mpx-secrets-audit Pricing Docs About GitHub

mpx-scan

Security scanning that doesn't require a PhD or a $200/mo subscription.

npm version monthly downloads GitHub stars
npm i -g mpx-scan

What it does

Point it at any URL. Get a security score, detailed findings, and auto-generated fix configs for your web server. Done.

Header Analysis

Checks CSP, HSTS, X-Frame-Options, and 15+ critical security headers. Tells you what's missing and why it matters.

SSL/TLS Testing

Validates certificates, protocol versions, cipher suites. Catches expiring certs before your users do.

Cookie Security

Finds cookies missing Secure, HttpOnly, and SameSite flags. The kind of stuff that leads to session hijacking.

DNS Validation

SPF, DMARC, DKIM โ€” the email security trifecta. Plus DNS security extensions.

Auto-Fix Configs

Run with --fixes and get ready-to-paste configs for nginx, Apache, or Cloudflare. No Googling required.

AI-Native

MCPMCP (Model Context Protocol) โ€” lets AI assistants like Claude and GPT use CLI tools directly. server mode, --json output, --schema discovery. Tell your AI "scan this site" and it just works.

Basic scan
$ mpx-scan https://example.com

๐Ÿ”’ Scanning https://example.com...

โœ“ SSL Certificate: Valid (expires in 87 days)
โœ— HSTS Header: Missing
โœ— CSP Header: Not configured
โœ“ X-Frame-Options: SAMEORIGIN
โš  Cookies: 2 missing Secure flag
โœ“ DNS: SPF record found

Security Score: 68/100
Grade: C+

Run with --fixes to generate server config
JSON output for CI/CD & AI agents
$ mpx-scan https://example.com --json
{
  "url": "https://example.com",
  "score": 68,
  "grade": "C+",
  "checks": {
    "ssl": { "status": "pass", "details": "Valid, expires in 87 days" },
    "hsts": { "status": "fail", "fix": "add Strict-Transport-Security header" },
    "csp": { "status": "fail", "fix": "add Content-Security-Policy header" }
  }
}
MCP Integration โ€” Let your AI scan websites
// Add to your MCP config (claude_desktop_config.json, etc.)
{
  "mcpServers": {
    "mpx-scan": {
      "command": "npx",
      "args": ["-y", "mpx-scan", "mcp"]
    }
  }
}

// Then just tell your AI:
// "Scan example.com for security issues"
// It discovers mpx-scan via MCP and runs the scan automatically.

Free vs Pro

FeatureFreePro
Security header analysisโœ“โœ“
SSL/TLS validationโœ“โœ“
JSON output & MCP serverโœ“โœ“
Scans per day10Unlimited
Fix configuration generatorโ€”โœ“
Batch scanning (multiple URLs)โ€”โœ“
Historical tracking & alertsโ€”โœ“
View on GitHub โ†’ View on npm โ†’ Documentation โ†’
โ† View All Tools

โš ๏ธ mpx-scan is a helpful security assessment tool but is not a substitute for professional security audits.