Model Context Protocol server for DNS and email security scanning using basicsec
Project description
BasicSec MCP Server
A Model Context Protocol (MCP) server that provides DNS and email security scanning capabilities using the basicsec library.
Features
- MCP Integration: Full Model Context Protocol support for AI assistants
- DNS Security Analysis: SPF, DMARC, DNSSEC validation
- Email Security Checks: MX record analysis and SMTP testing
- Batch Processing: Scan multiple domains efficiently
- Passive & Active Modes: Choose between DNS-only or full SMTP testing
- Performance Optimized: Designed to work within MCP timeout constraints
Installation
pip install basicsec-mcp
MCP Server Usage
Running the Server
basicsec-mcp
The server will start and listen for MCP connections on the default interface.
MCP Tools Available
The server provides the following MCP tools:
Domain Scanning Tools
passive_scan(domain, dns_timeout=5.0)- DNS-only security scanactive_scan(domain, dns_timeout=5.0, smtp_timeout=3.0, smtp_ports=[25,465,587])- Full scan with SMTP testsscan_multiple_domains(domains, scan_type="active", dns_timeout=3.0, smtp_timeout=2.0)- Batch domain scanningquick_domain_check(domains, check_types=["live","mx","spf","dmarc"])- Fast batch checks
Individual Record Tools
get_mx_records(domain, timeout=5.0)- Get MX recordsget_spf_record(domain, timeout=5.0)- Get and validate SPF recordget_dmarc_record(domain, timeout=5.0)- Get and validate DMARC recordcheck_dnssec_status(domain, timeout=5.0)- Check DNSSEC statusvalidate_dnssec_chain(domain, timeout=5.0)- Validate DNSSEC chain of trusttest_smtp_connection(hostname, port=25, timeout=3.0)- Test SMTP connectivity
Claude Desktop Integration
Add to your Claude Desktop configuration:
{
"mcpServers": {
"basicsec": {
"command": "basicsec-mcp",
"args": []
}
}
}
Or using uvx:
{
"mcpServers": {
"basicsec": {
"command": "uvx",
"args": ["--refresh","basicsec-mcp"]
}
}
}
Usage Examples
Once connected via MCP, you can use the tools through your AI assistant:
"Scan example.com for email security issues"
-> Uses passive_scan() or active_scan()
"Check SPF and DMARC records for google.com"
-> Uses get_spf_record() and get_dmarc_record()
"Test SMTP connectivity for mail.example.com"
-> Uses test_smtp_connection()
"Quick check these domains: example.com, google.com, github.com"
-> Uses quick_domain_check()
Security Checks Performed
DNS Records
- MX Records: Mail server configuration
- SPF Records: Sender Policy Framework validation
- DMARC Records: Domain-based Message Authentication
- DNSSEC: DNS Security Extensions status and chain validation
SMTP Tests (Active Scans)
- Connection Testing: Verify mail server accessibility
- STARTTLS Support: Check encryption capability
- Multiple Ports: Test common SMTP ports (25, 465, 587)
Performance Considerations
The MCP server is optimized for responsiveness:
- Timeout Management: Reduced timeouts for batch operations
- Domain Limits: Automatic limiting of batch sizes
- Quick Checks: Minimal DNS lookups for fast results
- Error Handling: Graceful degradation on failures
Configuration
Environment Variables
BASICSEC_MCP_LOG_LEVEL: Set logging level (DEBUG, INFO, WARNING, ERROR)BASICSEC_MCP_DNS_TIMEOUT: Default DNS timeout in secondsBASICSEC_MCP_SMTP_TIMEOUT: Default SMTP timeout in seconds
Programmatic Usage
You can also use the server components directly:
from basicsec_mcp.server import passive_scan, active_scan
# Direct function calls
result = passive_scan("example.com")
print(f"SPF Valid: {result['spf_valid']}")
result = active_scan("example.com")
print(f"SMTP Working: {result['has_smtp_connection']}")
Requirements
- Python 3.8+
- basicsec>=1.0.0
- mcp>=1.0.0
Development
# Install development dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run server locally
python -m basicsec_mcp.server
License
MIT License - see LICENSE file for details.
Security Considerations
This MCP server is designed for defensive security analysis only:
✅ Allowed Operations:
- DNS record lookups
- Standard SMTP protocol tests
- Public security record validation
❌ Not Performed:
- Vulnerability exploitation
- Unauthorized access attempts
- Aggressive scanning techniques
Always ensure you have permission to scan target domains.
Contributing
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure MCP compatibility
- Submit a pull request
Related Projects
- basicsec - Core security scanning library
- Model Context Protocol - Protocol specification
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file basicsec_mcp-1.0.0.tar.gz.
File metadata
- Download URL: basicsec_mcp-1.0.0.tar.gz
- Upload date:
- Size: 8.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
363640d95cc16af2c09e261df59f72b4e3e6fcd631bb261ba6b897b17ea3a117
|
|
| MD5 |
dfca4a8f2450b3599baa707a59715f2c
|
|
| BLAKE2b-256 |
d9babe1f1c11073709a400cd86fc74dca4722144e19f946c1889e128732cd49d
|
File details
Details for the file basicsec_mcp-1.0.0-py3-none-any.whl.
File metadata
- Download URL: basicsec_mcp-1.0.0-py3-none-any.whl
- Upload date:
- Size: 7.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
82ac35611fdfa1ef898e547af6191fe80c33cd1cf52e23a8031f42d3ddddd4dd
|
|
| MD5 |
9b93db78b2ec3bd7ab44ce7b8713fa09
|
|
| BLAKE2b-256 |
a5cd93e70058626844a6cb05763e2eeac6ea7724d9c68f343b90b75e2fde4ad3
|
