sounding-mcp 0.1.0

Network diagnostics MCP server — ping, DNS, traceroute, SSL, port scanning, and more.

Sounding

Network Diagnostics MCP Server

Probing what lies beneath the surface -- network diagnostics for AI tools.

---

What It Does

Sounding is a Model Context Protocol (MCP) server that gives AI assistants 12 network diagnostic tools. It handles the things you'd normally reach for ping, dig, nmap, or openssl to do -- but exposed as structured, validated MCP tool calls.

Tools

Tool	Description	Key Parameters
health	Server version and status check	--
ping	TCP connect ping (port 80) with latency stats	host, count (1--100), timeout
traceroute	Trace network route to a host	host, max_hops (1--64)
dns_lookup	Resolve DNS records (A, AAAA, MX, CNAME, TXT, NS)	domain, record_type, nameserver
reverse_dns	Reverse DNS lookup for an IP address	ip
port_check	Check if a single TCP port is open	host, port, timeout
port_scan	Scan common TCP ports (rate-limited, max 100)	host, ports
check_ssl_cert	Inspect SSL/TLS certificate details and expiry	host, port
whois_lookup	WHOIS domain registration lookup	domain
http_check	HTTP request with status, timing, headers, size	url
subnet_scan	Discover live hosts on a local subnet (RFC 1918 only)	subnet (CIDR, max /20)
get_public_ip	Get the machine's public IP address	--

Installation

From PyPI:

pip install sounding

Or isolated with pipx:

pipx install sounding

Usage

Run the server directly (stdio transport):

sounding

Claude Code

Register as a local MCP server:

claude mcp add sounding -- sounding

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "sounding": {
      "command": "sounding",
      "args": []
    }
  }
}

If installed in a virtual environment, use the full path to the binary:

{
  "mcpServers": {
    "sounding": {
      "command": "/path/to/.venv/bin/sounding",
      "args": []
    }
  }
}

Security

Sounding is designed to be safe for AI-driven use:

• SSRF protection -- http_check resolves hostnames and blocks requests to internal, private, loopback, and link-local IP addresses (including IPv4-mapped IPv6). Cloud metadata endpoints (169.254.x.x) are blocked.
• Input validation -- All inputs pass through validators that reject shell metacharacters, malformed hostnames, and invalid ports before reaching any network call or subprocess.
• Rate limiting -- port_scan enforces a minimum 1-second interval between scans to prevent abuse.
• Subnet restriction -- subnet_scan only allows RFC 1918 private subnets and caps at /20 (4096 addresses) with concurrency limiting.
• No shell injection -- Subprocess calls (traceroute, whois) use exec-style invocation, never shell interpolation.

Development

git clone https://github.com/seayniclabs/sounding.git
cd sounding
python -m venv .venv
source .venv/bin/activate
pip install -e ".[test]"
python -m pytest tests/ -q

License

MIT