Model Context Protocol moderate risk

Recon

mcp-recon provides a conversational interface for web reconnaissance, leveraging httpx and asnmap, accessible via the Model Context Protocol.

Connections & Capabilities

Connects To

GitHubDocker

Capabilities

read

Exposed MCP Tools (4)

safe

http_lite_scan

Performs a quick HTTP scan to gather basic information about a target.

Read-only operation, no modification of target systems.

safe

katana_command_generator

Generates Katana crawl commands based on specified goals.

Generates commands but does not execute them directly.

moderate

http_full_recon

Collects comprehensive metadata including page previews, headers, and certificates.

Retrieves full page content, potentially exposing sensitive information.

safe

asn_lookup

Looks up information about IPs, ASNs, or organizations.

Read-only operation, retrieves publicly available information.

Safety Assessment

mcp-recon is relatively safe for basic reconnaissance tasks. However, the full_recon mode should be used judiciously, and the ProjectDiscovery API key must be securely managed. Ensure you have permission before scanning any domain.

Read-only access to external websites.
Runs in a Docker container, providing some isolation.
Utilizes established reconnaissance tools (httpx, asnmap).
No direct access to internal systems or data.

Can expose sensitive information if full_recon is used carelessly.
Relies on external websites, which could be malicious.
Requires an API key for ProjectDiscovery, which needs to be secured.
Potential for information leakage if not configured correctly.