Is Mcp External Recon Server safe to use?

Mcp External Recon Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp External Recon Server?

Mcp External Recon Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Mcp External Recon Server do?

Mcp External Recon Server provides 7 tools: dns_enumeration, dns_zone_transfer, subdomain_enumeration, whois_lookup, http_headers_analysis and 2 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp External Recon Server?

Mcp External Recon Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp External Recon Server actively maintained?

Mcp External Recon Server is not actively maintained — last commit was 413 days ago. It has 13 GitHub stars.

Mcp External Recon Server

Name: Mcp External Recon Server
Author: naebo

by naebo

An external reconnaissnce MCP server for offensive security engagements

13 7 tools GitHub

No known CVEs

No license

Stale

Last commit 413d ago

Works with most clients

Transport: stdio, sse, http

7 tools · ~517 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-external-recon-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-external-recon-server)](https://mcppedia.org/s/mcp-external-recon-server)

Read me

What Mcp External Recon Server does

A Model Context Protocol (MCP) server for performing active external reconnaissance activities against a domain. This tool provides a simple suite of reconnaissance capabilities including DNS enumeration, subdomain discovery, email security analysis, and SSL certificate inspection.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

56/100across 5 weighted dimensions

How we score →

0255075100

−44

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (7)

Click any tool to inspect its schema.

~517 tokens total

Inventory

Prompts (1)

external-recon setup

Prompt to initiate external reconnaissance against a target domain

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp External Recon Server safe to use?: Mcp External Recon Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp External Recon Server?: Mcp External Recon Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Mcp External Recon Server do?: Mcp External Recon Server provides 7 tools: dns_enumeration, dns_zone_transfer, subdomain_enumeration, whois_lookup, http_headers_analysis and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp External Recon Server?: Mcp External Recon Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp External Recon Server actively maintained?: Mcp External Recon Server is not actively maintained — last commit was 413 days ago. It has 13 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Mcp External Recon Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-external-recon-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-external-recon-server)](https://mcppedia.org/s/mcp-external-recon-server)

Read me

What Mcp External Recon Server does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

External Reconnaissance MCP Server

Want to build your own?

This project was created as a PoC for my tutorial on creating your own MCP server here

[!CAUTION] This is intended solely as a demonstration and is not production-ready. Use at your own risk. Only use MCPs that you trust to run on your machine. While this is a relatively benign tool, it does run OS commands. Do not target systems that you do not have permission to target.

Features

DNS Reconnaissance
- Comprehensive DNS record enumeration (A, AAAA, MX, NS, SOA, TXT, SRV)
- DNS zone transfer attempts
- Subdomain enumeration & bruteforcing
Domain Information
- WHOIS lookups
- HTTP headers analysis
Email Security Assessment

System Requirements

The following tools need to be installed on your system:

dig (DNS lookup utility)
whois
dnsrecon

Required Files

A subdomain wordlist has been supplied for brute-forcing, add to the list or replace for your own. (Note there is currently a limitation with very long wordlists).

dns-wordlist.txt

Usage

For using a pre-built server, instructions from here: https://modelcontextprotocol.io/quickstart/user

Download Claude for Desktop
Install uv

curl -LsSf https://astral.sh/uv/install.sh | sh

Download this repo and add to Claude for Desktop config
- Claude for Desktop > Settings > Developer > Edit config This will create a configuration file at:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Open up the configuration file in any text editor. Replace the file contents with this:

{
	"mcpServers": {
		"external-recon": {
			"command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv",
			"args": [
				"--directory",
				"/ABSOLUTE/PATH/TO/PARENT/FOLDER/mcp-external-recon-server",
				"run",
				"external-recon.py"
			]
		}
}}

Relaunch Claude for Desktop You should now see two icons in the chat bar, a hammer which shows the tools available and a connection icon which shows the prompt defined and the input required (domain name)
Select the external-recon setup prompt and supply the target domain, you can then ask Claude to peform external recon and away she goes!

Security Considerations

Only use against authorised targets
Follow responsible disclosure practices
Respect target system's resources

Contributing

Contributions are welcome! Please feel free to submit pull requests.

Disclaimer

This tool is for educational and authorized testing purposes only. Users are responsible for ensuring they have permission to test target systems.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

56/100across 5 weighted dimensions

How we score →

0255075100

−44

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (7)

Click any tool to inspect its schema.

~517 tokens total

Inventory

Prompts (1)

external-recon setup

Prompt to initiate external reconnaissance against a target domain

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp External Recon Server safe to use?: Mcp External Recon Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp External Recon Server?: Mcp External Recon Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Mcp External Recon Server do?: Mcp External Recon Server provides 7 tools: dns_enumeration, dns_zone_transfer, subdomain_enumeration, whois_lookup, http_headers_analysis and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp External Recon Server?: Mcp External Recon Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp External Recon Server actively maintained?: Mcp External Recon Server is not actively maintained — last commit was 413 days ago. It has 13 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Mcp External Recon Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?