mcp-recon
Tellix is a conversational recon interface powered by httpx and LLMs. Just ask.
nickpending
README
mcp-recon
mcp-recon (formerly Tellix) is a conversational recon interface and MCP server powered by httpx and asnmap. Just ask.
Overview
mcp-recon bridges the gap between natural language and HTTP infrastructure analysis. It exposes recon tools through the Model Context Protocol (MCP), allowing you to run reconnaissance on web domains via any compatible AI interface, like Claude Desktop.
Features
- Conversational Commands: Run reconnaissance through simple text prompts
- MCP Server: Use with Claude Desktop, local LLM wrappers, or other MCP-compatible tools
- Multiple Analysis Modes: Choose from quick, complete, and full reconnaissance levels
- Standalone ASN Lookup: Query IPs, ASNs, or organizations directly
- Built-in TLS, CDN, and header analysis
- Docker Ready: Run in an isolated container for security and portability
- Powered by httpx: Built on ProjectDiscovery's battle-tested reconnaissance tools
- Bug Workarounds: Automatically handles
httpx's stdin/stdout leakage issue
Quick Start Guide
mcp-recon provides three main reconnaissance tools:
1. Quick/Lightweight Reconnaissance (http_lite_recon / http_quick_recon)
Fast, lightweight HTTP fingerprinting that provides essential information with minimal overhead.
Example user query and expected response:
User: "Using quick http recon, what's the status code for example.com?"
AI: "I checked example.com and it's currently returning a 200 OK status code, indicating the site is up and functioning normally. It's being served from an Nginx web server on IP 93.184.216.34."
2. Full Reconnaissance (http_full_recon)
Comprehensive metadata collection including page previews, headers, certificates, and technology detection.
Example user query and expected response:
User: "Using full http recon, what certificates is www.google.com using?"
AI: "Based on my analysis, www.google.com is using a TLS 1.3 certificate issued by Google Trust Services. The certificate was issued on March 20, 2025, and is valid until June 12, 2025. It was specifically issued for 'www.google.com' and uses the TLS_AES_128_GCM_SHA256 cipher suite."
4. ASN Lookup (asn_lookup)
Standalone lookup of IPs, ASNs, or org names using ProjectDiscovery's asnmap library.
Example user query and expected response:
User: "Who owns ASN 14421?"
AI: "ASN 14421 is operated by 'PPLINKNET' in the US."
Example Queries
Certificate Analysis
User: "Use complete http recon on www.google.com to check what certificates they're using"
AI: "www.google.com is using a TLS 1.3 certificate issued by Google Trust Services (issuer: WE2). The certificate was issued on March 20, 2025, and expires on June 12, 2025. It uses the TLS_AES_128_GCM_SHA256 cipher suite."
Security Header Inspection
User: "Use complete http recon on example.com to analyze security headers"
AI: "My analysis of example.com shows it's missing several key security headers: Content-Security-Policy, X-Frame-Options, and HTTP Strict Transport Security (HSTS). This could expose the site to XSS, clickjacking, and man-in-the-middle attacks."
Technology Detection
User: "Use quick http recon on cloudflare.com to see what technologies they use"
AI: "cloudflare.com is running on Cloudflare's own infrastructure with HTTP/2 support. The site implements HSTS for secure connections and is served from Cloudflare's CDN with a 200 status code."
Multi-Domain Comparison
User: "Use complete http recon on microsoft.com, apple.com, and amazon.com to compare their TLS setups"
AI: "My analysis shows:
- microsoft.com: TLS 1.3 with certificate from Microsoft RSA TLS CA
- apple.com: TLS 1.3 with certificate from DigiCert
- amazon.com: TLS 1.2 with certificate from DigiCert
Microsoft and Apple are using the newer TLS 1.3 protocol while Amazon uses TLS 1.2."
Lookup by IP
User: "Tell me who owns 8.8.8.8 using ASN lookup"
AI: "8.8.8.8 belongs to Google LLC (AS15169) in the United States."
Installation
# Clone the repository
git clone https://github.com/nickpending/mcp-recon.git
cd mcp-recon
# Build the Docker image
docker build -t mcp-recon .
# Run the container
docker run -it --rm mcp-recon
mcp-recon is designed to run as a Docker container to be used with Claude Desktop via the MCP protocol.
MCP Configuration
mcp-recon runs as a standalone MCP server. Add it to your MCP configuration like so:
"mcp-recon": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"mcp-recon"
]
}
Or using an .env file:
"mcp-recon": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"--env-file", "/Users/yourname/.config/mcp-recon.env",
"mcp/recon"
]
}
Your .env should contain:
PDCP_API_KEY=your_projectdiscovery_api_key
Troubleshooting
No Results Returned: Check that:
- Domain is publicly accessible
- You've specified the correct tool (http_quick_recon, http_full_recon, asn)
- Target domain isn't blocking scans
Performance Issues:
- Start with http_quick_recon for faster results
- Scan fewer domains at once for better performance
Known Issues
- httpx Stdin Leak: The
httpxlibrary attempts to read stdin even when used as a library. mcp-recon shieldsos.Stdinto prevent interference with MCP. - ASN Silent Failures: Even when
Asn = true,httpxmay fail to enrich IPs. mcp-recon includes a fallback using the officialasnmapGo library.
Security Considerations
- Only scan domains you own or have permission to test
- The full_recon mode retrieves complete page content - use judiciously
- Consider rate limiting to avoid impacting target systems
Screenshot
mcp-recon in action via Claude Desktop, using the http_quick_recon and http_complete_recon tools:
This example shows a quick recon request on
www.google.com, returning status code, title, server details, and IP address — all from a natural language query.
This example demonstrates a complete recon on
www.microsoft.com, including TLS config, headers, CDN, and security observations.
Name Change Notice
This project was formerly known as Tellix. It has been renamed to mcp-recon to better align with the Model Context Protocol (MCP) naming convention used in security tools. All links to the previous repository name will be redirected to the new name, but you should update your references when possible.
License
This project is licensed under the MIT License.
Related Work
[This section intentionally left as a placeholder for similar projects to be added when discovered]
Acknowledgments
- Built with Model Context Protocol SDK
- Powered by mcp-go Go SDK for MCP
- Powered by httpx from ProjectDiscovery
- ASN lookups via asnmap library
- Testing and development with Claude Desktop
Recommended Servers
Crypto Price & Market Analysis MCP Server
A Model Context Protocol (MCP) server that provides comprehensive cryptocurrency analysis using the CoinCap API. This server offers real-time price data, market analysis, and historical trends through an easy-to-use interface.
MCP PubMed Search
Server to search PubMed (PubMed is a free, online database that allows users to search for biomedical and life sciences literature). I have created on a day MCP came out but was on vacation, I saw someone post similar server in your DB, but figured to post mine.
dbt Semantic Layer MCP Server
A server that enables querying the dbt Semantic Layer through natural language conversations with Claude Desktop and other AI assistants, allowing users to discover metrics, create queries, analyze data, and visualize results.
mixpanel
Connect to your Mixpanel data. Query events, retention, and funnel data from Mixpanel analytics.
Sequential Thinking MCP Server
This server facilitates structured problem-solving by breaking down complex issues into sequential steps, supporting revisions, and enabling multiple solution paths through full MCP integration.
Nefino MCP Server
Provides large language models with access to news and information about renewable energy projects in Germany, allowing filtering by location, topic (solar, wind, hydrogen), and date range.
Vectorize
Vectorize MCP server for advanced retrieval, Private Deep Research, Anything-to-Markdown file extraction and text chunking.
Mathematica Documentation MCP server
A server that provides access to Mathematica documentation through FastMCP, enabling users to retrieve function documentation and list package symbols from Wolfram Mathematica.
kb-mcp-server
An MCP server aimed to be portable, local, easy and convenient to support semantic/graph based retrieval of txtai "all in one" embeddings database. Any txtai embeddings db in tar.gz form can be loaded
Research MCP Server
The server functions as an MCP server to interact with Notion for retrieving and creating survey data, integrating with the Claude Desktop Client for conducting and reviewing surveys.