Is Mcp External Recon Server safe to use?

Mcp External Recon Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp External Recon Server?

Mcp External Recon Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Mcp External Recon Server?

Mcp External Recon Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Mcp External Recon Server actively maintained?

Mcp External Recon Server is less actively maintained — last commit was 362 days ago. It has 13 GitHub stars.

External Reconnaissance MCP Server

A Model Context Protocol (MCP) server for performing active external reconnaissance activities against a domain. This tool provides a simple suite of reconnaissance capabilities including DNS enumeration, subdomain discovery, email security analysis, and SSL certificate inspection.

Want to build your own?

This project was created as a PoC for my tutorial on creating your own MCP server here

[!CAUTION] This is intended solely as a demonstration and is not production-ready. Use at your own risk. Only use MCPs that you trust to run on your machine. While this is a relatively benign tool, it does run OS commands. Do not target systems that you do not have permission to target.

Features

DNS Reconnaissance
- Comprehensive DNS record enumeration (A, AAAA, MX, NS, SOA, TXT, SRV)
- DNS zone transfer attempts
- Subdomain enumeration & bruteforcing
Domain Information
- WHOIS lookups
- HTTP headers analysis
Email Security Assessment

System Requirements

The following tools need to be installed on your system:

dig (DNS lookup utility)
whois
dnsrecon

Required Files

A subdomain wordlist has been supplied for brute-forcing, add to the list or replace for your own. (Note there is currently a limitation with very long wordlists).

dns-wordlist.txt

Usage

For using a pre-built server, instructions from here: https://modelcontextprotocol.io/quickstart/user

Download Claude for Desktop
Install uv

curl -LsSf https://astral.sh/uv/install.sh | sh

Download this repo and add to Claude for Desktop config
- Claude for Desktop > Settings > Developer > Edit config This will create a configuration file at:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Open up the configuration file in any text editor. Replace the file contents with this:

{
	"mcpServers": {
		"external-recon": {
			"command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv",
			"args": [
				"--directory",
				"/ABSOLUTE/PATH/TO/PARENT/FOLDER/mcp-external-recon-server",
				"run",
				"external-recon.py"
			]
		}
}}

Relaunch Claude for Desktop You should now see two icons in the chat bar, a hammer which shows the tools available and a connection icon which shows the prompt defined and the input required (domain name)
Select the external-recon setup prompt and supply the target domain, you can then ask Claude to peform external recon and away she goes!

Security Considerations

Only use against authorised targets
Follow responsible disclosure practices
Respect target system's resources

Contributing

Contributions are welcome! Please feel free to submit pull requests.

Disclaimer

This tool is for educational and authorized testing purposes only. Users are responsible for ensuring they have permission to test target systems.

Mcp External Recon Server

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Mcp Server Typescript

Yandex Direct MCP Server

Bbox MCP Server

Artefact Revenue Intelligence MCP Server

Discussion