Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Recon

FreeNot checked

A comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and we

GitHubEmbed

About

A comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and web application analysis.

README

A comprehensive Model Context Protocol (MCP) server for web security reconnaissance and analysis. This toolkit provides cybersecurity professionals with essential reconnaissance capabilities through Python-native implementations, following the standard cybersecurity reconnaissance methodology.

🚀 Features

📊 1. Information Gathering (Passive Reconnaissance)

  • WHOIS Information: Domain registration and ownership details
  • Domain History: Reputation and historical data analysis

🔍 2. DNS Analysis (Infrastructure Discovery)

  • DNS Records Lookup: Comprehensive DNS enumeration (A, AAAA, MX, NS, TXT, SPF, DMARC)
  • Reverse DNS Lookup: IP to hostname resolution
  • Passive Subdomain Enumeration: Certificate Transparency logs discovery via crt.sh (stealth)
  • Active Subdomain Enumeration: DNS brute-force discovery using wordlist from subdomains.txt

🌐 3. Network Reconnaissance (Active Scanning)

  • IP Information: Geolocation, ISP, and network details
  • Alive Check: HTTP/HTTPS connectivity testing with response analysis
  • Port Scanning: Advanced Nmap integration with multiple scan modes

🔒 4. Web Application Analysis (Application Layer)

  • TLS Certificate Analysis: SSL/TLS certificate inspection and validation
  • HTTP Headers Analysis: Security headers assessment and information disclosure detection
  • Technology Detection: Web framework and technology fingerprinting
  • URL Extraction: Web crawling and link discovery

-----------------------------------------------------

🛠 Installation

Prerequisites

  • Python 3.10+
  • UV Package Manager (automatically installed by script)
  • Nmap (automatically installed by script)

Quick Installation

Windows (PowerShell)

.\install.ps1

Linux/macOS

chmod +x install.sh
./install.sh

Claude Desktop Configuration

Add this configuration to your Claude Desktop settings to connect the MCP Web Reconnaissance Server:

Windows Configuration

{
  "mcpServers": {
    "recon": {
      "command": "C:\\Users\\YOUR_USERNAME\\.local\\bin\\uv.exe",
      "args": [
        "--directory",
        "C:\\Users\\YOUR_USERNAME\\path\\to\\MCP_Recon",
        "run",
        "python",
        "main.py"
      ]
    }
  }
}

Linux/macOS Configuration

{
  "mcpServers": {
    "recon": {
      "command": "/home/YOUR_USERNAME/.local/bin/uv",
      "args": [
        "--directory",
        "/home/YOUR_USERNAME/path/to/MCP_Recon",
        "run",
        "python",
        "main.py"
      ]
    }
  }
}

Replace the following placeholders:

  • YOUR_USERNAME with your actual username
  • path/to/MCP_Recon with the actual path to your cloned repository

Configuration file locations:

  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

-----------------------------------------------------

🚀 Usage

Available Tools (Following Reconnaissance Methodology)

1. Information Gathering (Passive Reconnaissance)

  • whois_info - Get WHOIS information
  • domain_history - Check domain reputation and history

2. DNS Analysis (Infrastructure Discovery)

  • dns_records - Get all DNS records for a domain
  • reverse_dns - Perform reverse DNS lookup
  • subdomain_enum_passive - Passive subdomain discovery via Certificate Transparency (crt.sh)
  • subdomain_enum_active - Active subdomain enumeration using DNS brute force

3. Network Reconnaissance (Active Scanning)

  • ip_information - Get comprehensive IP information
  • check_alive - Check if hosts respond via HTTP/HTTPS
  • port_scan - Advanced port scanning with Nmap

4. Web Application Analysis (Application Layer)

  • tls_certificate - Analyze TLS certificates
  • http_headers - Analyze HTTP security headers
  • detect_technologies - Detect web technologies
  • extract_urls - Extract URLs from web pages

-----------------------------------------------------

🔧 Configuration

Custom User-Agent

For bug bounty programs requiring specific identification, HTTP-based tools support an optional user_agent parameter. When provided, it replaces the default User-Agent for all HTTP requests to the target.

Examples:

# Default User-Agent
http_headers("https://example.com")

# Custom User-Agent for bug bounty programs
http_headers("https://example.com", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 bug-bounty")

Tools supporting custom User-Agent:

  • http_headers - HTTP headers analysis
  • detect_technologies - Technology fingerprinting
  • extract_urls - URL extraction/crawling
  • check_alive - Host connectivity check

-----------------------------------------------------

🔧 Wordlists

Subdomain Wordlist Customization

You can customize subdomain enumeration in two ways:

1. Edit the wordlist file

Modify the subdomains.txt file in the project root to add/remove subdomains:

www
api
admin
test
dev
staging
# Add your custom subdomains here

2. Provide custom wordlist in Claude Desktop chat

Port Scanning Options

The port scanner supports various modes optimized for different scenarios:

  • "common": Common services (21,22,23,25,53,80,443,etc.)
  • "top100": Top 100 most common ports (recommended for initial reconnaissance)
  • "top1000": Top 1000 ports (comprehensive discovery)
  • "80,443,8080": Specific ports (targeted scanning)
  • "1-1000": Port range (internal network scanning)

-----------------------------------------------------

🏗 Architecture

Project Structure

mcp-recon/
├── main.py                 # MCP server entry point with organized tool categories
├── subdomains.txt          # Default subdomain wordlist (customizable)
├── tools/
│   ├── info_tools.py       # Information gathering utilities (WHOIS, domain history)
│   ├── dns_tools.py        # DNS and domain reconnaissance
│   ├── network_tools.py    # Network scanning and analysis
│   └── web_tools.py        # Web application analysis
├── install.ps1            # Windows installation script
├── install.sh             # Linux/macOS installation script
├── pyproject.toml          # Python project configuration
└── README.md              # This documentation

-----------------------------------------------------

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

-----------------------------------------------------

⚠️ Disclaimer

This tool is intended for legitimate security research, penetration testing, and bug bounty activities only. Users are responsible for ensuring they have proper authorization before scanning or testing any networks, systems, or applications. The authors are not responsible for any misuse of this tool.

Always follow responsible disclosure practices and respect scope limitations in bug bounty programs.

from github.com/sundayz-hunter/MCP_Recon

Install Recon in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install mcp-recon

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add mcp-recon -- uvx mcp-recon

FAQ

Is Recon MCP free?

Yes, Recon MCP is free — one-click install via Unyly at no cost.

Does Recon need an API key?

No, Recon runs without API keys or environment variables.

Is Recon hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Recon in Claude Desktop, Claude Code or Cursor?

Open Recon on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Recon with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs