MCP Recon – Web Security Reconnaissance Server

MCP Recon is a fully‑featured Model Context Protocol server that equips AI assistants with deep web security reconnaissance capabilities. It consolidates a breadth of passive and active discovery tools into a single, Python‑native service that follows industry‑standard reconnaissance methodologies. By exposing its functions through MCP, Claude and other AI clients can request domain, DNS, network, and application‑layer intelligence on demand, turning an otherwise manual workflow into a rapid, repeatable process.

The server addresses the core challenge of information overload in early penetration testing: gathering accurate, up‑to‑date data about a target before any intrusive activity. With passive techniques such as WHOIS lookups, domain history analysis, and Certificate Transparency‑based subdomain discovery, users can profile a target’s ownership and exposure footprint without generating network traffic that could trigger alerts. Active components—DNS brute‑force enumeration, IP geolocation, HTTP/HTTPS connectivity checks, and Nmap‑powered port scans—provide the granular visibility needed to map infrastructure and surface attack vectors.

Key capabilities include:

• Comprehensive DNS enumeration: Pulls all standard records (A, AAAA, MX, NS, TXT, SPF, DMARC) and performs reverse lookups to link IPs back to hostnames.
• Subdomain discovery: Combines stealthy passive enumeration via crt.sh with a configurable active brute‑force engine using a wordlist.
• Network profiling: Retrieves geolocation, ISP data, and conducts alive checks to confirm service availability.
• Web application analysis: Inspects TLS certificates, evaluates security headers for misconfigurations, fingerprints web frameworks, and crawls URLs to surface internal links.

In practice, MCP Recon can be leveraged in several scenarios: a security researcher automating the initial target inventory for a bug bounty program, an internal red‑team conducting threat modeling, or a compliance auditor verifying that public-facing assets meet security baselines. Because the server exposes each function as an MCP tool, AI workflows can chain requests—e.g., first enumerate subdomains, then run port scans on the discovered hosts, and finally analyze any exposed web applications—all within a single conversational flow.

What sets MCP Recon apart is its tight integration with AI assistants. The server’s tools are lightweight, well‑documented, and designed to return concise JSON payloads that Claude can interpret directly. Developers can embed these capabilities into custom prompts or scripts, enabling dynamic decision‑making based on real‑time reconnaissance data. The result is a powerful, AI‑driven security workflow that reduces manual effort and accelerates the transition from data collection to actionable insights.