Recon
FreeNot checkedA comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and we
About
A comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and web application analysis.
README
A comprehensive Model Context Protocol (MCP) server for web security reconnaissance and analysis. This toolkit provides cybersecurity professionals with essential reconnaissance capabilities through Python-native implementations, following the standard cybersecurity reconnaissance methodology.
🚀 Features
📊 1. Information Gathering (Passive Reconnaissance)
- WHOIS Information: Domain registration and ownership details
- Domain History: Reputation and historical data analysis
🔍 2. DNS Analysis (Infrastructure Discovery)
- DNS Records Lookup: Comprehensive DNS enumeration (A, AAAA, MX, NS, TXT, SPF, DMARC)
- Reverse DNS Lookup: IP to hostname resolution
- Passive Subdomain Enumeration: Certificate Transparency logs discovery via crt.sh (stealth)
- Active Subdomain Enumeration: DNS brute-force discovery using wordlist from subdomains.txt
🌐 3. Network Reconnaissance (Active Scanning)
- IP Information: Geolocation, ISP, and network details
- Alive Check: HTTP/HTTPS connectivity testing with response analysis
- Port Scanning: Advanced Nmap integration with multiple scan modes
🔒 4. Web Application Analysis (Application Layer)
- TLS Certificate Analysis: SSL/TLS certificate inspection and validation
- HTTP Headers Analysis: Security headers assessment and information disclosure detection
- Technology Detection: Web framework and technology fingerprinting
- URL Extraction: Web crawling and link discovery

🛠 Installation
Prerequisites
- Python 3.10+
- UV Package Manager (automatically installed by script)
- Nmap (automatically installed by script)
Quick Installation
Windows (PowerShell)
.\install.ps1
Linux/macOS
chmod +x install.sh
./install.sh
Claude Desktop Configuration
Add this configuration to your Claude Desktop settings to connect the MCP Web Reconnaissance Server:
Windows Configuration
{
"mcpServers": {
"recon": {
"command": "C:\\Users\\YOUR_USERNAME\\.local\\bin\\uv.exe",
"args": [
"--directory",
"C:\\Users\\YOUR_USERNAME\\path\\to\\MCP_Recon",
"run",
"python",
"main.py"
]
}
}
}
Linux/macOS Configuration
{
"mcpServers": {
"recon": {
"command": "/home/YOUR_USERNAME/.local/bin/uv",
"args": [
"--directory",
"/home/YOUR_USERNAME/path/to/MCP_Recon",
"run",
"python",
"main.py"
]
}
}
}
Replace the following placeholders:
YOUR_USERNAMEwith your actual usernamepath/to/MCP_Reconwith the actual path to your cloned repository
Configuration file locations:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json

🚀 Usage
Available Tools (Following Reconnaissance Methodology)
1. Information Gathering (Passive Reconnaissance)
whois_info- Get WHOIS informationdomain_history- Check domain reputation and history
2. DNS Analysis (Infrastructure Discovery)
dns_records- Get all DNS records for a domainreverse_dns- Perform reverse DNS lookupsubdomain_enum_passive- Passive subdomain discovery via Certificate Transparency (crt.sh)subdomain_enum_active- Active subdomain enumeration using DNS brute force
3. Network Reconnaissance (Active Scanning)
ip_information- Get comprehensive IP informationcheck_alive- Check if hosts respond via HTTP/HTTPSport_scan- Advanced port scanning with Nmap
4. Web Application Analysis (Application Layer)
tls_certificate- Analyze TLS certificateshttp_headers- Analyze HTTP security headersdetect_technologies- Detect web technologiesextract_urls- Extract URLs from web pages

🔧 Configuration
Custom User-Agent
For bug bounty programs requiring specific identification, HTTP-based tools support an optional user_agent parameter. When provided, it replaces the default User-Agent for all HTTP requests to the target.
Examples:
# Default User-Agent
http_headers("https://example.com")
# Custom User-Agent for bug bounty programs
http_headers("https://example.com", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 bug-bounty")
Tools supporting custom User-Agent:
http_headers- HTTP headers analysisdetect_technologies- Technology fingerprintingextract_urls- URL extraction/crawlingcheck_alive- Host connectivity check

🔧 Wordlists
Subdomain Wordlist Customization
You can customize subdomain enumeration in two ways:
1. Edit the wordlist file
Modify the subdomains.txt file in the project root to add/remove subdomains:
www
api
admin
test
dev
staging
# Add your custom subdomains here
2. Provide custom wordlist in Claude Desktop chat
Port Scanning Options
The port scanner supports various modes optimized for different scenarios:
"common": Common services (21,22,23,25,53,80,443,etc.)"top100": Top 100 most common ports (recommended for initial reconnaissance)"top1000": Top 1000 ports (comprehensive discovery)"80,443,8080": Specific ports (targeted scanning)"1-1000": Port range (internal network scanning)

🏗 Architecture
Project Structure
mcp-recon/
├── main.py # MCP server entry point with organized tool categories
├── subdomains.txt # Default subdomain wordlist (customizable)
├── tools/
│ ├── info_tools.py # Information gathering utilities (WHOIS, domain history)
│ ├── dns_tools.py # DNS and domain reconnaissance
│ ├── network_tools.py # Network scanning and analysis
│ └── web_tools.py # Web application analysis
├── install.ps1 # Windows installation script
├── install.sh # Linux/macOS installation script
├── pyproject.toml # Python project configuration
└── README.md # This documentation

📝 License
This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer
This tool is intended for legitimate security research, penetration testing, and bug bounty activities only. Users are responsible for ensuring they have proper authorization before scanning or testing any networks, systems, or applications. The authors are not responsible for any misuse of this tool.
Always follow responsible disclosure practices and respect scope limitations in bug bounty programs.
Install Recon in Claude Desktop, Claude Code & Cursor
unyly install mcp-reconInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add mcp-recon -- uvx mcp-reconFAQ
Is Recon MCP free?
Yes, Recon MCP is free — one-click install via Unyly at no cost.
Does Recon need an API key?
No, Recon runs without API keys or environment variables.
Is Recon hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Recon in Claude Desktop, Claude Code or Cursor?
Open Recon on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Recon with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
