Plug Defenso into Claude Code, Cursor, Windsurf, VS Code, or codex. Six deterministic tools return live signal — not model guesses. Your assistant uses them when it needs real data, and its own reasoning for everything else.
Each tool comes with explicit WHEN TO USE guidance so the assistant reaches for us only when it needs live data — and answers general security questions from its own knowledge. You save quota; we save inference.
Surface pentest against any URL — TLS, HSTS, CSP, cookie flags, exposed .env/.git, security headers. Per-check evidence.
Fetch the URL and return the current security-header set (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy) plus server banner.
Every site under the account with plan, connection method (SDK / CNAME), and verification status.
Every uptime monitor — current status, last checked, 24h uptime %.
Most recent WAF and honeypot events with rule, IP, path, and action. Pass hours to widen the window.
For a given rule or verdict ID, return the pattern, target, action, plan tier, and mitigation steps.
Same JSON works everywhere. Pick your editor.
~/.claude/mcp.json{
"mcpServers": {
"defen.so": {
"command": "npx",
"args": ["-y", "@defen.so/mcp"]
}
}
}
Name: defen.so Command: npx Args: -y @defen.so/mcp
{
"mcpServers": {
"defen.so": {
"command": "npx",
"args": ["-y", "@defen.so/mcp"]
}
}
}
Command: npx Args: -y @defen.so/mcp
npx -y @defen.so/mcp
The assistant sees your actual header state, actual attack log, actual monitor status — not what a model imagines they might be.
Every tool description tells the assistant when NOT to call us. General questions stay in-model. You save quota, we save inference.
Each tool returns structured JSON with raw evidence. Read-only by default. Write actions require Pro tier and explicit confirmation.
One command. No card. Free tier includes scan_domain, check_headers, list_sites, list_monitors, list_recent_attacks, and explain_verdict.