Recon
БесплатноНе проверенA comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and we
Описание
A comprehensive MCP server for web security reconnaissance, providing tools for passive and active information gathering, DNS analysis, network scanning, and web application analysis.
README
A comprehensive Model Context Protocol (MCP) server for web security reconnaissance and analysis. This toolkit provides cybersecurity professionals with essential reconnaissance capabilities through Python-native implementations, following the standard cybersecurity reconnaissance methodology.
🚀 Features
📊 1. Information Gathering (Passive Reconnaissance)
- WHOIS Information: Domain registration and ownership details
- Domain History: Reputation and historical data analysis
🔍 2. DNS Analysis (Infrastructure Discovery)
- DNS Records Lookup: Comprehensive DNS enumeration (A, AAAA, MX, NS, TXT, SPF, DMARC)
- Reverse DNS Lookup: IP to hostname resolution
- Passive Subdomain Enumeration: Certificate Transparency logs discovery via crt.sh (stealth)
- Active Subdomain Enumeration: DNS brute-force discovery using wordlist from subdomains.txt
🌐 3. Network Reconnaissance (Active Scanning)
- IP Information: Geolocation, ISP, and network details
- Alive Check: HTTP/HTTPS connectivity testing with response analysis
- Port Scanning: Advanced Nmap integration with multiple scan modes
🔒 4. Web Application Analysis (Application Layer)
- TLS Certificate Analysis: SSL/TLS certificate inspection and validation
- HTTP Headers Analysis: Security headers assessment and information disclosure detection
- Technology Detection: Web framework and technology fingerprinting
- URL Extraction: Web crawling and link discovery

🛠 Installation
Prerequisites
- Python 3.10+
- UV Package Manager (automatically installed by script)
- Nmap (automatically installed by script)
Quick Installation
Windows (PowerShell)
.\install.ps1
Linux/macOS
chmod +x install.sh
./install.sh
Claude Desktop Configuration
Add this configuration to your Claude Desktop settings to connect the MCP Web Reconnaissance Server:
Windows Configuration
{
"mcpServers": {
"recon": {
"command": "C:\\Users\\YOUR_USERNAME\\.local\\bin\\uv.exe",
"args": [
"--directory",
"C:\\Users\\YOUR_USERNAME\\path\\to\\MCP_Recon",
"run",
"python",
"main.py"
]
}
}
}
Linux/macOS Configuration
{
"mcpServers": {
"recon": {
"command": "/home/YOUR_USERNAME/.local/bin/uv",
"args": [
"--directory",
"/home/YOUR_USERNAME/path/to/MCP_Recon",
"run",
"python",
"main.py"
]
}
}
}
Replace the following placeholders:
YOUR_USERNAMEwith your actual usernamepath/to/MCP_Reconwith the actual path to your cloned repository
Configuration file locations:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json

🚀 Usage
Available Tools (Following Reconnaissance Methodology)
1. Information Gathering (Passive Reconnaissance)
whois_info- Get WHOIS informationdomain_history- Check domain reputation and history
2. DNS Analysis (Infrastructure Discovery)
dns_records- Get all DNS records for a domainreverse_dns- Perform reverse DNS lookupsubdomain_enum_passive- Passive subdomain discovery via Certificate Transparency (crt.sh)subdomain_enum_active- Active subdomain enumeration using DNS brute force
3. Network Reconnaissance (Active Scanning)
ip_information- Get comprehensive IP informationcheck_alive- Check if hosts respond via HTTP/HTTPSport_scan- Advanced port scanning with Nmap
4. Web Application Analysis (Application Layer)
tls_certificate- Analyze TLS certificateshttp_headers- Analyze HTTP security headersdetect_technologies- Detect web technologiesextract_urls- Extract URLs from web pages

🔧 Configuration
Custom User-Agent
For bug bounty programs requiring specific identification, HTTP-based tools support an optional user_agent parameter. When provided, it replaces the default User-Agent for all HTTP requests to the target.
Examples:
# Default User-Agent
http_headers("https://example.com")
# Custom User-Agent for bug bounty programs
http_headers("https://example.com", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 bug-bounty")
Tools supporting custom User-Agent:
http_headers- HTTP headers analysisdetect_technologies- Technology fingerprintingextract_urls- URL extraction/crawlingcheck_alive- Host connectivity check

🔧 Wordlists
Subdomain Wordlist Customization
You can customize subdomain enumeration in two ways:
1. Edit the wordlist file
Modify the subdomains.txt file in the project root to add/remove subdomains:
www
api
admin
test
dev
staging
# Add your custom subdomains here
2. Provide custom wordlist in Claude Desktop chat
Port Scanning Options
The port scanner supports various modes optimized for different scenarios:
"common": Common services (21,22,23,25,53,80,443,etc.)"top100": Top 100 most common ports (recommended for initial reconnaissance)"top1000": Top 1000 ports (comprehensive discovery)"80,443,8080": Specific ports (targeted scanning)"1-1000": Port range (internal network scanning)

🏗 Architecture
Project Structure
mcp-recon/
├── main.py # MCP server entry point with organized tool categories
├── subdomains.txt # Default subdomain wordlist (customizable)
├── tools/
│ ├── info_tools.py # Information gathering utilities (WHOIS, domain history)
│ ├── dns_tools.py # DNS and domain reconnaissance
│ ├── network_tools.py # Network scanning and analysis
│ └── web_tools.py # Web application analysis
├── install.ps1 # Windows installation script
├── install.sh # Linux/macOS installation script
├── pyproject.toml # Python project configuration
└── README.md # This documentation

📝 License
This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer
This tool is intended for legitimate security research, penetration testing, and bug bounty activities only. Users are responsible for ensuring they have proper authorization before scanning or testing any networks, systems, or applications. The authors are not responsible for any misuse of this tool.
Always follow responsible disclosure practices and respect scope limitations in bug bounty programs.
Установка Recon
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/sundayz-hunter/MCP_ReconFAQ
Recon MCP бесплатный?
Да, Recon MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Recon?
Нет, Recon работает без API-ключей и переменных окружения.
Recon — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Recon в Claude Desktop, Claude Code или Cursor?
Открой Recon на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Recon with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
