Skip to main content

An MCP server that gives AI coding agents (Claude Code, Codex, Cline) safe, structured network & security reconnaissance tools — DNS, WHOIS, TLS, HTTP headers, and port scanning. For authorized testing and education only.

Project description

recon-mcp

English | 繁體中文

CI PyPI Python License: MIT

An MCP server that gives AI coding agents — Claude Code, Codex, Cline, and any MCP client — safe, structured network and security reconnaissance tools.

Most MCP servers wrap CRUD APIs. recon-mcp instead exposes the kind of read-only recon an engineer reaches for when investigating an asset, and returns clean JSON — with a graded verdict — so the agent can reason over results instead of parsing console output.

⚠️ Authorized use only. These tools are for security testing of assets you own or have explicit written permission to assess, for CTF practice, and for education. Do not point them at third-party infrastructure without authorization. You are responsible for how you use this software.

Tools

Tool What it does
recon_report Start here. One call → DNS, TLS, and HTTP headers checked together, with an overall grade
dns_recon DNS + WHOIS + email security (SPF/DMARC/DKIM), graded
subdomain_enum Discover subdomains via DNS brute-force and/or Certificate Transparency logs
subdomain_takeover Check subdomains for a dangling-CNAME takeover risk against known services
tls_check Certificate, protocols, ciphers, and known TLS vulnerabilities, graded
http_headers_audit HTTP security headers (CSP, HSTS, X-Frame-Options, …), graded
cookie_audit Redirect chain + cookie flags (Secure / HttpOnly / SameSite), graded
cors_check CORS policy probe — flags arbitrary-Origin reflection and wildcard misuse
tech_detect Fingerprint the web stack (server, CDN/WAF, language, framework, CMS, JS) from one GET
http_methods_audit Report which HTTP methods a server allows and grade the risk (TRACE/PUT/DELETE)
well_known_audit Fetches & parses security.txt (RFC 9116) and robots.txt
ip_info Resolves the host and enriches its IP via RDAP (owner, country, CIDR, abuse)
port_scan TCP port scan of one host (≤1024 ports/call), open ports + services

Example

Just ask your agent: "run a security recon report on example.com." It calls recon_report once and gets a graded overview it can act on:

{
  "domain": "example.com",
  "overall_grade": "F",
  "summary": "Overall posture F: email A, TLS B, headers F; 13 actionable issue(s).",
  "components": {
    "email":   { "grade": "A", "issues": [] },
    "tls":     { "grade": "B", "issues": [] },
    "headers": { "grade": "F", "issues": [
      { "severity": "high", "label": "Missing Content-Security-Policy", "detail": "CSP not set; cannot restrict resource load sources" }
    ] }
  }
}

Need more detail on one area? The agent can call dns_recon, subdomain_enum, subdomain_takeover, tls_check, http_headers_audit, cookie_audit, cors_check, tech_detect, http_methods_audit, well_known_audit, ip_info, or port_scan directly.

Install

Requires Python ≥ 3.10. Runs on Linux, macOS, and Windows (tested in CI).

Recommended — no clone, via uv:

uvx recon-kit-mcp

Or from source (for development):

git clone https://github.com/nan786521/recon-mcp
cd recon-mcp
python -m venv .venv
# Windows
.venv\Scripts\activate
# macOS / Linux
source .venv/bin/activate
pip install -e .

Use with Claude Code

Add the server (stdio transport). With uvx you don't need an absolute path:

claude mcp add recon -- uvx recon-kit-mcp

Or add it manually to any MCP client config:

{
  "mcpServers": {
    "recon": {
      "command": "uvx",
      "args": ["recon-kit-mcp"]
    }
  }
}

(From a source checkout, point the command at /absolute/path/to/.venv/bin/recon-kit-mcp instead.)

Then just ask: "run a security recon report on example.com" — or target one area, e.g. "check the email security of example.com."

The server also ships a security_recon prompt: pick it from your client's prompt menu and pass a domain for a guided, severity-sorted audit.

Tool reference

recon_report(domain, timeout?) -> dict

Runs DNS/email, TLS, HTTP-header, web-stack (tech_detect), and apex subdomain-takeover checks together and returns overall_grade (as weak as the weakest component, capped at F if a live takeover is found), a one-line summary, components (email / tls / headers, each with its grade and actionable issues), a tech section (detected technologies + any version disclosure), and a takeover section when the apex is at risk. Uses a fast single-handshake TLS check for speed — call tls_check for the full cipher/vulnerability analysis. The best starting point; use the tools below for raw detail.

dns_recon(domain, checks?, timeout?) -> dict

  • records — A, AAAA, MX, NS, TXT, SOA, CNAME, CAA records
  • whois — parsed registration fields + raw WHOIS text
  • email — SPF, DMARC, and DKIM posture, plus advisory MTA-STS, TLS-RPT, BIMI, and DNSSEC signals, and a graded assessment (letter grade A–F, a summary, and per-check findings with severity and a recommended fix). The advisory signals surface as findings but don't move the core SPF/DKIM/DMARC grade.

checks is any subset of ["records", "whois", "email"]; omit it to run all.

subdomain_enum(domain, wordlist?, source="dns", timeout?) -> dict

Discovers subdomains from two complementary sources:

  • source="dns" (default) — resolves candidate labels via DNS. wordlist is comma-separated labels ("www,api,dev"); omit it for a built-in common list. Capped at 512 candidates per call. Returns resolved ips.
  • source="ct" — queries public Certificate Transparency logs (crt.sh) for every name ever certified for the domain. Fully passive; finds real hosts no wordlist would guess.
  • source="both" — runs both and merges, recording which source(s) saw each host.

Returns sources, found_count, and found (each with subdomain, the sources that saw it, and ips when resolved).

subdomain_takeover(hosts, timeout?) -> dict

Checks subdomains for a dangling-CNAME takeover — a subdomain that CNAMEs to a third-party service (GitHub Pages, S3, Heroku, Azure, Fastly, Shopify, …) whose resource was deleted or never claimed, letting anyone who registers that resource serve content on the victim's subdomain. For each host it resolves the CNAME, recognizes known takeover-prone services, fetches the page, and flags the provider's "unclaimed resource" fingerprint and/or a CNAME target that no longer resolves. hosts is one hostname or a comma-separated list (capped at 100). Read-only — DNS lookups plus one HTTP GET per host. Pair it with subdomain_enum: enumerate first, then check the interesting hosts.

Returns checked, vulnerable_count, and results (each with host, cname, service, status, vulnerable, severity, and detail). status is one of not_applicable, not_vulnerable, potential, dangling_cname, or vulnerable.

tls_check(host, port=443, timeout?) -> dict

Returns grade, certificate (validity / expiry / key algorithm), protocols (flags legacy SSLv3 / TLS 1.0 / 1.1), cipher info, forward_secrecy, hsts, vulnerabilities (each with a vulnerable flag), and a findings list.

http_headers_audit(host, port?, use_ssl=True, timeout?) -> dict

Returns grade, score, the observed security headers, and a findings list with a recommendation per header. Defaults to HTTPS (port 443).

cookie_audit(host, port?, use_ssl=True, timeout?) -> dict

Follows the redirect chain from the host (capped at 10 hops, flagging any HTTPS→HTTP downgrade) and audits every Set-Cookie seen for the Secure, HttpOnly, and SameSite flags. Returns redirect_chain, final_url, cookies (flags only — values are never returned), cookie_grade, cookie_score, and a findings list.

cors_check(host, port?, use_ssl=True, timeout?) -> dict

Sends one GET with an untrusted Origin and inspects the Access-Control-Allow-Origin / -Allow-Credentials response. Reflecting an arbitrary Origin with credentials is high severity (any site can read authenticated responses); a wildcard or trusted null origin are lesser issues. Returns acao, allows_credentials, reflects_origin, wildcard, severity, and findings.

tech_detect(host, port?, use_ssl=True, timeout?) -> dict

Fingerprints the technology stack behind a website from one HTTP GET. It matches response headers, set cookies, the HTML body, and the <meta name="generator"> tag against a signature table to identify the web server, reverse proxy / CDN, WAF, programming language, web framework, CMS, JavaScript framework, and analytics. Where a version is exposed it is captured and flagged (info) — a precise version eases known-CVE lookup. Read-only.

Returns status, technology_count, technologies (each with name, category, version when known, and evidence), and a findings list noting any version disclosure.

http_methods_audit(host, port?, use_ssl=True, path="/", timeout?) -> dict

Reports which HTTP request methods a server allows and grades the risk. Enabled write/diagnostic methods widen the attack surface: TRACE enables Cross-Site Tracing (XST), and PUT / DELETE can allow file upload or deletion under weak access control. Safe by design — it never sends a mutating request: it actively probes only OPTIONS, HEAD, and TRACE (TRACE merely echoes), and reads PUT / DELETE / PATCH / CONNECT from the OPTIONS Allow header as advertised, never invoking them.

Returns grade, score, allow_header, advertised_methods, trace_enabled, dangerous_methods, and a findings list (each with the method, severity, and a recommendation).

well_known_audit(host, timeout?) -> dict

Fetches and parses security.txt (RFC 9116, tried at /.well-known/ then the legacy path) and robots.txt. Returns security_txt (parsed fields, structural issues, location) and robots_txt (sitemaps, disallow/allow paths, user_agents), each with a present flag.

ip_info(host, timeout?) -> dict

Resolves the host's IP and looks it up in the public RDAP registry (via rdap.org's bootstrap to the right RIR). Returns ip and rdap (handle, name, country, cidr, org, abuse_email).

port_scan(host, ports?, timeout?) -> dict

TCP connect scan of a single host. ports is a string — "22,80,443", a range "1-1024", or a mix — and omitting it scans a built-in common-port set. Hard-capped at 1024 ports per call (single-host recon, not mass scanning). Returns host, ip, scanned, open_count, and open_ports (port + service). Scan only hosts you are authorized to assess.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

recon_kit_mcp-0.13.0.tar.gz (78.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

recon_kit_mcp-0.13.0-py3-none-any.whl (64.8 kB view details)

Uploaded Python 3

File details

Details for the file recon_kit_mcp-0.13.0.tar.gz.

File metadata

  • Download URL: recon_kit_mcp-0.13.0.tar.gz
  • Upload date:
  • Size: 78.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for recon_kit_mcp-0.13.0.tar.gz
Algorithm Hash digest
SHA256 c7bbc0b283870828ccbfa570c8788a75b5f2497619a921efeec2aa65ae475432
MD5 d84feeda29165086732d944a572b9a91
BLAKE2b-256 d2fb46823142d0e6eed386972b5e9b18d95cc3926563a025718d2b55b65d89cf

See more details on using hashes here.

Provenance

The following attestation bundles were made for recon_kit_mcp-0.13.0.tar.gz:

Publisher: publish.yml on nan786521/recon-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file recon_kit_mcp-0.13.0-py3-none-any.whl.

File metadata

  • Download URL: recon_kit_mcp-0.13.0-py3-none-any.whl
  • Upload date:
  • Size: 64.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for recon_kit_mcp-0.13.0-py3-none-any.whl
Algorithm Hash digest
SHA256 37132890b846a9a637875277016401a3013890e5e1b0ddd01ce413d4e9c182e0
MD5 907a0a096a144e414acdff9a7b1ac028
BLAKE2b-256 7e98290b5c10968535c79417100ee8659e643cb34094faf45c54ad64e85a8532

See more details on using hashes here.

Provenance

The following attestation bundles were made for recon_kit_mcp-0.13.0-py3-none-any.whl:

Publisher: publish.yml on nan786521/recon-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page