$ netrecon --mcp

Agent-ready network diagnostics.

netrecon is a first-class MCP server. Connect Claude Desktop, Cursor, VS Code, or any MCP-aware client and call the same diagnostics you'd run interactively - from inside your agent's reasoning loop.

Endpoint

Single Streamable HTTP endpoint. No auth. No install. Stateless.

https://netrecon.pages.dev/api/mcp

Rate-limited to 20 requests/minute/IP. The underlying tools are SSRF-guarded (see security doc).

Client setup

Claude Desktop (stdio bridge via mcp-remote)

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "netrecon": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://netrecon.pages.dev/api/mcp"]
    }
  }
}

Claude Desktop speaks stdio; mcp-remote bridges stdio ↔ HTTP. Restart Claude after editing.

Cursor (native Streamable HTTP)

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "netrecon": {
      "url": "https://netrecon.pages.dev/api/mcp"
    }
  }
}

VS Code / Continue / other HTTP-native clients

{
  "mcp": {
    "servers": {
      "netrecon": {
        "type": "http",
        "url": "https://netrecon.pages.dev/api/mcp"
      }
    }
  }
}

Raw JSON-RPC (curl)

curl -s https://netrecon.pages.dev/api/mcp \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Available tools

These are the exact same tool definitions behind the UI and the JSON API. tools/list returns the same set.

Tool	Description
`analyze_input`	Auto-detect input type (domain, IP, or URL) and return a normalized object.
`resolve_dns`	Resolve A/AAAA/CNAME/MX/TXT/NS/CAA/SOA for a domain over DoH.
`lookup_txt`	Fetch TXT records at a specific name (useful for _dmarc, _mta-sts, DKIM selectors).
`inspect_http`	Fetch a URL and return status, redirect chain, and categorized response headers.
`check_email_security`	Check SPF, DMARC, MTA-STS, BIMI, MX, and probe common DKIM selectors for a domain.
`inspect_tls`	Retrieve recent TLS certificate metadata from crt.sh (CT logs). Not a live peer handshake.
`infer_infrastructure`	Correlate DNS + HTTP headers to infer CDN/proxy and detect possible origin exposure.
`analyze`	Run the full netrecon analysis pipeline for an input and return a correlated report.
`compare_targets`	Produce correlated reports for two inputs and diff their DNS, HTTP, CDN, and email posture.

Notes for agent authors

Start with analyze for most investigations - it runs the full correlated pipeline and returns summary.findings + summary.nextCommands suitable for direct reasoning.
Tool results return both structuredContent (machine-readable) and a content[0].text compact-JSON fallback for clients that only read text.
The server is stateless: initialize establishes a protocol version but issues no session. You can batch requests freely.
Large outputs: a full analyze report can be 50-200KB. Point your agent at summary first, drill into sub-reports on demand.
Protocol versions supported: 2025-06-18 (preferred), 2025-03-26, 2024-11-05.