Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

mcp-external-recon-server

MCP.Pizza Chef: naebo

The mcp-external-recon-server is an MCP server designed for offensive security engagements, providing active external reconnaissance capabilities. It supports comprehensive DNS enumeration, subdomain discovery, email security analysis, and SSL certificate inspection. This server enables security professionals to gather detailed domain information through automated reconnaissance workflows, facilitating penetration testing and security assessments. It is a proof-of-concept tool intended for educational use and requires permission before targeting any systems.

Use This MCP server To

Enumerate DNS records including A, AAAA, MX, NS, SOA, TXT, SRV Attempt DNS zone transfers for domain information gathering Discover subdomains via enumeration and brute forcing Analyze email security configurations for domains Inspect SSL certificates for security and validity checks Automate external reconnaissance in offensive security workflows Integrate domain reconnaissance data into security reports Support penetration testing with real-time domain intelligence

README

External Reconnaissance MCP Server

A Model Context Protocol (MCP) server for performing active external reconnaissance activities against a domain. This tool provides a simple suite of reconnaissance capabilities including DNS enumeration, subdomain discovery, email security analysis, and SSL certificate inspection.

Want to build your own?

This project was created as a PoC for my tutorial on creating your own MCP server here

Caution

This is intended solely as a demonstration and is not production-ready. Use at your own risk. Only use MCPs that you trust to run on your machine. While this is a relatively benign tool, it does run OS commands. Do not target systems that you do not have permission to target.

Features

  • DNS Reconnaissance
    • Comprehensive DNS record enumeration (A, AAAA, MX, NS, SOA, TXT, SRV)
    • DNS zone transfer attempts
    • Subdomain enumeration & bruteforcing
  • Domain Information
    • WHOIS lookups
    • HTTP headers analysis
  • Email Security Assessment

System Requirements

The following tools need to be installed on your system:

  • dig (DNS lookup utility)
  • whois
  • dnsrecon

Required Files

A subdomain wordlist has been supplied for brute-forcing, add to the list or replace for your own. (Note there is currently a limitation with very long wordlists).

  • dns-wordlist.txt

Usage

For using a pre-built server, instructions from here: https://modelcontextprotocol.io/quickstart/user

  1. Download Claude for Desktop
  2. Install uv
curl -LsSf https://astral.sh/uv/install.sh | sh
  1. Download this repo and add to Claude for Desktop config
    • Claude for Desktop > Settings > Developer > Edit config This will create a configuration file at:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Open up the configuration file in any text editor. Replace the file contents with this:

{
	"mcpServers": {
		"external-recon": {
			"command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv",
			"args": [
				"--directory",
				"/ABSOLUTE/PATH/TO/PARENT/FOLDER/mcp-external-recon-server",
				"run",
				"external-recon.py"
			]
		}
}}

  1. Relaunch Claude for Desktop You should now see two icons in the chat bar, a hammer which shows the tools available and a connection icon which shows the prompt defined and the input required (domain name)

  2. Select the external-recon setup prompt and supply the target domain, you can then ask Claude to peform external recon and away she goes!

Security Considerations

  1. Only use against authorised targets
  2. Follow responsible disclosure practices
  3. Respect target system's resources

Contributing

Contributions are welcome! Please feel free to submit pull requests.

Disclaimer

This tool is for educational and authorized testing purposes only. Users are responsible for ensuring they have permission to test target systems.

mcp-external-recon-server FAQ

How do I install the mcp-external-recon-server?
Clone the GitHub repository and follow the setup instructions in the README to install dependencies and run the server.
Is this MCP server safe to use on any domain?
No, only use this server on domains you have explicit permission to test to avoid legal issues.
Can I extend the server with additional reconnaissance features?
Yes, the server is open source and designed as a proof-of-concept, allowing you to add custom reconnaissance modules.
Does the server run OS commands?
Yes, it executes OS commands for reconnaissance tasks, so ensure you trust the server before running it.
What kind of reconnaissance data does it provide?
It provides DNS records, subdomain lists, email security details, and SSL certificate information.
Can this server be integrated with other MCP clients?
Yes, it follows the MCP protocol and can be integrated with any MCP client supporting external reconnaissance.
Is this tool production-ready?
No, it is intended as a demonstration and proof-of-concept, not for production use.
Where can I learn to build my own MCP server like this?
A tutorial is available at https://nae-bo.medium.com/building-your-first-offensive-security-mcp-server-dd655e258d5f.