A Model Context Protocol (MCP) server that gives Claude real-time cybersecurity reconnaissance capabilities — WHOIS, DNS enumeration, port scanning, SSL inspection, and tech stack detection.
🔐 CyberSecurity MCP Server
A Model Context Protocol (MCP) server that gives Claude real-time cybersecurity reconnaissance capabilities. Instead of manually running 6 different tools across different terminals, just tell Claude "analyze google.com" and get a complete security recon report — including a professionally generated PDF.
Built with FastMCP and Python.
🎯 What is this?
Claude by default has no cybersecurity capabilities. This MCP server extends Claude with 6 real-world security tools that run live against any domain — giving Claude the ability to perform reconnaissance that would normally require multiple specialized tools and significant manual effort.
This is a local MCP server — it runs on your machine and connects to Claude Desktop. Your data never leaves your computer.
🛠️ Tools Available
| Tool | Description |
|---|---|
| whois_lookup | Query domain registration data — owner, registrar, creation date, expiry, name servers |
| dns_enumeration | Enumerate A, AAAA, MX, NS, TXT, CNAME, SOA records + brute-force common subdomains |
| port_scan | Nmap-powered port scanner with service/version detection and security warnings |
| ssl_inspect | Inspect SSL/TLS certificate — issuer, expiry, cipher strength, SANs, TLS version |
| tech_stack_detect | Fingerprint web server, CMS, JS frameworks, CDN, analytics, and security headers |
| full_recon | Orchestrates all 5 tools in parallel and returns combined results for Claude to analyze |
📸 Demo
Single tool — WHOIS lookup
You: Do a WHOIS lookup on github.com and tell me what you find
Claude: [calls whois_lookup] GitHub.com is registered through MarkMonitor Inc.,
one of the world's largest domain registrars specializing in brand protection.
The domain was created in 2007 and is secured until 2026...
Full recon
You: Do a complete security recon on reddit.com and generate a PDF report
Claude: [calls full_recon → runs 5 tools in parallel → writes summaries → final output]
📋 Prerequisites
Before installing, make sure you have:
- Python 3.10+ — download here
- Claude Desktop — download here
- Nmap — required for port scanning only (download here)
- Git — download here
⚙️ Installation
Step 1 — Clone the repository
git clone https://github.com/gaoharimran29-glitch/Cybersecurity-MCP-Server
cd cybersecurity-mcp-server
Step 3 — Install Python dependencies
pip install fastmcp python-whois dnspython requests python-nmap
Or install from requirements.txt:
pip install -r requirements.txt
Step 4 — Install Nmap (for port scanning)
Windows:
- Download the installer from nmap.org/download.html
- Run the installer
- Manually add Nmap to PATH:
- Press
Win + S→ search "Environment Variables" - Click "Edit the system environment variables"
- Under System Variables → find Path → click Edit
- Click New → add
C:\Program Files (x86)\Nmap - Click OK on all windows
- Press
- Restart your terminal and verify:
nmap --version
Mac:
brew install nmap
Linux:
sudo apt install nmap
Step 5 — Connect to Claude Desktop
Open your Claude Desktop config file:
Windows: %APPDATA%\Claude\claude_desktop_config.json
Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
Add this configuration:
{
"mcpServers": {
"cybersecurity": {
"command": "python",
"args": ["C:\\full\\path\\to\\cybersecurity-mcp-server\\main.py"]
}
}
}
⚠️ Replace the path with the actual full path to
main.pyon your machine. Replace the python with actual python file path of venv or python. On Windows use double backslashes\\in the path.
Step 6 — Restart Claude Desktop
Fully quit and reopen Claude Desktop. You should see a 🔌 icon indicating MCP tools are connected.
To verify, ask Claude:
What cybersecurity tools do you have available?
Claude should list all 6 tools.
🚀 Usage
Basic tool usage
Do a WHOIS lookup on example.com
Run DNS enumeration on github.com
Scan ports on scanme.nmap.org
Inspect the SSL certificate of stripe.com
Detect the tech stack of wordpress.org
Port scan types
The port_scan tool supports 5 scan types:
| Type | Description | Speed |
|---|---|---|
| basic | Top 100 ports | Fast (~5s) |
| service | Service & version detection | Medium (~15s) |
| os | OS detection (needs admin) | Medium |
| full | All 65535 ports | Slow (~5min) |
| vuln | Vulnerability scripts | Slow (~30s) |
Scan scanme.nmap.org with service detection
Full recon
Do a complete security recon on reddit.com
Claude will:
- Run all 5 tools in parallel
- Analyze each result
- Write a summary for each section
Follow-up analysis
Based on the recon report, what are the security risks and what should be fixed first?
Explain what the open ports mean from an attacker's perspective.
Is the SSL configuration strong enough for a financial services company?
⚠️ Legal & Ethical Usage
Only scan domains you own or have explicit written permission to scan.
- WHOIS, DNS, SSL, and tech stack lookups query public data — safe on any domain
- Port scanning should only be performed on your own infrastructure or authorized targets
- The only public host officially permitted for Nmap testing is
scanme.nmap.org - Unauthorized port scanning may be illegal in your jurisdiction
This tool is intended for:
- Security researchers
- Penetration testers (on authorized targets)
- Developers auditing their own infrastructure
- Students learning cybersecurity concepts
🗂️ Project Structure
cybersecurity-mcp-server/
├── main.py # MCP server — all 6 tools
├── requirements.txt # Python dependencies
├── README.md # This file
🤝 Contributing
Pull requests are welcome. For major changes, open an issue first to discuss what you'd like to change.
📜 License
MIT License — free to use, modify, and distribute.
👤 Author
Built by [Gaohar Imran]
- GitHub: @gaoharimran29-glitch
- LinkedIn: GaoharImran
⭐ If this project helped you, consider giving it a star on GitHub!