External Reconnaissance MCP Server

External Reconnaissance MCP Server

By naebo GitHub

An external reconnaissnce MCP server for offensive security engagements

Overview

What is the External Reconnaissance MCP Server?

The External Reconnaissance MCP Server is a Model Context Protocol (MCP) server designed for performing active external reconnaissance activities against a domain, primarily for offensive security engagements.

How to use the External Reconnaissance MCP Server?

To use the server, follow these steps: 1. Download Claude for Desktop. 2. Install the required utility 'uv'. 3. Download the repository and configure it in Claude for Desktop. 4. Relaunch Claude and use the external-recon setup prompt to perform reconnaissance on a target domain.

Key features of the External Reconnaissance MCP Server?

  • Comprehensive DNS reconnaissance including record enumeration and zone transfer attempts.
  • Subdomain enumeration and bruteforcing.
  • WHOIS lookups and HTTP headers analysis.
  • Email security assessment capabilities.

Use cases of the External Reconnaissance MCP Server?

  1. Conducting security assessments on web applications.
  2. Performing domain reconnaissance for penetration testing.
  3. Analyzing email security for potential vulnerabilities.

FAQ from the External Reconnaissance MCP Server?

  • Is this tool safe to use?

This tool is intended for educational and authorized testing purposes only. Ensure you have permission to test target systems.

  • What are the system requirements?

You need to have 'dig', 'whois', and 'dnsrecon' installed on your system.

  • Can I contribute to this project?

Yes! Contributions are welcome, and you can submit pull requests.

Content

External Reconnaissance MCP Server

A Model Context Protocol (MCP) server for performing active external reconnaissance activities against a domain. This tool provides a simple suite of reconnaissance capabilities including DNS enumeration, subdomain discovery, email security analysis, and SSL certificate inspection.

Want to build your own?

This project was created as a PoC for my tutorial on creating your own MCP server here

CAUTION

This is intended solely as a demonstration and is not production-ready. Use at your own risk. Only use MCPs that you trust to run on your machine. While this is a relatively benign tool, it does run OS commands. Do not target systems that you do not have permission to target.

Features

  • DNS Reconnaissance
    • Comprehensive DNS record enumeration (A, AAAA, MX, NS, SOA, TXT, SRV)
    • DNS zone transfer attempts
    • Subdomain enumeration & bruteforcing
  • Domain Information
    • WHOIS lookups
    • HTTP headers analysis
  • Email Security Assessment

System Requirements

The following tools need to be installed on your system:

  • dig (DNS lookup utility)
  • whois
  • dnsrecon

Required Files

A subdomain wordlist has been supplied for brute-forcing, add to the list or replace for your own. (Note there is currently a limitation with very long wordlists).

  • dns-wordlist.txt

Usage

For using a pre-built server, instructions from here: https://modelcontextprotocol.io/quickstart/user

  1. Download Claude for Desktop
  2. Install uv
curl -LsSf https://astral.sh/uv/install.sh | sh
  1. Download this repo and add to Claude for Desktop config
    • Claude for Desktop > Settings > Developer > Edit config This will create a configuration file at:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Open up the configuration file in any text editor. Replace the file contents with this:

{
	"mcpServers": {
		"external-recon": {
			"command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv",
			"args": [
				"--directory",
				"/ABSOLUTE/PATH/TO/PARENT/FOLDER/mcp-external-recon-server",
				"run",
				"external-recon.py"
			]
		}
}}

  1. Relaunch Claude for Desktop You should now see two icons in the chat bar, a hammer which shows the tools available and a connection icon which shows the prompt defined and the input required (domain name)

  2. Select the external-recon setup prompt and supply the target domain, you can then ask Claude to peform external recon and away she goes!

Security Considerations

  1. Only use against authorised targets
  2. Follow responsible disclosure practices
  3. Respect target system's resources

Contributing

Contributions are welcome! Please feel free to submit pull requests.

Disclaimer

This tool is for educational and authorized testing purposes only. Users are responsible for ensuring they have permission to test target systems.

No tools information available.
No content found.