MCP SECURITY TOOLKIT

ReconStack

21 production-grade MCP servers for OSINT, threat intelligence, and security reconnaissance. BYOK-friendly integrations for the tools security teams already use.

MCP Servers

13,343+

Lines of Code

Free Tier Servers

Get ReconStack — $49 View All Servers

claude> scan example.com for exposed subdomains and check each for known vulnerabilities
Using CRT.sh to enumerate subdomains... found 47 certificates
Running Shodan lookup on 12 unique IPs...
Checking VirusTotal for threat reports...
Found 3 subdomains with exposed admin panels and 1 with a known CVE.

Every Tool a Security Researcher Needs

Each server is a standalone MCP integration — use them individually or as a complete suite.

🔍

Reconnaissance

Shodan PRO

Search internet-connected devices, find exposed services and vulnerabilities

886 linesAPI key required

CRT.sh FREE

Certificate transparency log search for subdomain enumeration

821 linesNo API key

Nmap PRO

Network scanning, port discovery, and service fingerprinting

271 linesNo API key

DNSlytics PRO

DNS records, IP reputation, reverse lookups, and domain intelligence

1,009 linesNo API key

🛡️

Threat Intelligence

VirusTotal PRO

Malware analysis, file/URL/domain scanning, threat reports

1,020 linesAPI key required

TruffleHog FREE

Scan repos and files for exposed credentials and secrets

389 linesNo API key

GitDorker PRO

Find sensitive data exposed in GitHub repositories

503 linesGitHub token

🔎

Google Dorking

Dorking Engine FREE

Advanced multi-backend dork workflows with presets, caching, and batch orchestration

1,749 linesBest with API keys, has fallback modes

Google Dorker FREE

Lightweight Google Programmable Search executor for fast, targeted dork queries

131 linesGoogle API key

👤

People & Identity OSINT

SherlockEye PRO

Username search across hundreds of platforms

589 linesNo API key

Holehe FREE

Check which services an email address is registered on

285 linesNo API key

PhoneInfoga PRO

Phone number OSINT — carrier, location, social accounts

342 linesNo API key

Social Analyzer FREE

Detect social media presence across platforms

260 linesNo API key

DeHashed PRO

Search breach databases for exposed credentials

669 linesAPI key required

🏢

Corporate Intelligence

OpenCorporates PRO

Search 200M+ global corporate records

726 linesOptional API key

CorpData PRO

US corporate/nonprofit intelligence — 990s, SEC filings

756 linesAPI key required

🌐

Web & Archive Intelligence

Wayback Machine FREE

Access historical snapshots of any website via Internet Archive

932 linesNo API key

ExifTool FREE

Extract metadata from images, PDFs, documents, and media files

592 linesNo API key

Urban Scout PRO

Physical location OSINT — nearby businesses, demographics

686 linesAPI key required

📡

Advanced

Telegram OSINT PRO

Search and monitor Telegram channels, groups, and messages

236 linesTelegram API

Neo4j OSINT PRO

Graph-based entity resolution and relationship mapping

492 linesNeo4j instance

Up and Running in 3 Minutes

Works with any MCP-compatible AI client.

Download & Extract

Get the zip, extract it anywhere on your machine.

unzip reconstack-pro.zip -d ~/reconstack

Install & Configure

Run the installer, add your API keys, configure Claude Desktop.

./install.sh && cp .env.example .env
./configure-claude.sh

Start Investigating

Ask Claude to perform security research using natural language.

"Enumerate subdomains for target.com and check for exposed services"

🤖

Claude Desktop

⌨️

Claude Code

📝

Cursor

🌊

Windsurf

🐳

MCP Docker

Choose Your Plan

Use the free tier, buy lifetime access, or subscribe for monthly support and power-user onboarding.

Community

Free

8 MCP servers
CRT.sh, Dorking, ExifTool, Google Dorker, Holehe, Social Analyzer, TruffleHog, Wayback
Mix of keyless and API-backed tools
Full source code
Community support

Download Free

Pro

$49 one-time

or $149 for team license (up to 10 seats)

All 21 MCP servers
Shodan, VirusTotal, DeHashed, Telegram, Neo4j OSINT, and all 8 free tools
One-command installer & Claude Desktop config
Docker Compose deployment
Lifetime updates
Priority support

Get Pro — $49

Power User Subscription

$29-$99 /month

$29 Solo • $59 Pro Ops • $99 Team SOC

Full 21-server ReconStack suite
Priority support with faster response targets
Power-user onboarding and setup help
Monthly implementation guidance
Ideal for analysts, consultants, and small teams
Includes all future updates while subscribed

Start Subscription — $29/mo

BYOK policy: ReconStack provides the integration layer. Third-party API subscriptions are not included.

Seller note: replace each href=\"#\" purchase link with your live checkout URLs (Free, Pro, and Subscription).

FAQ

What is MCP?

Model Context Protocol (MCP) is an open standard that lets AI assistants like Claude, Cursor, and Windsurf use external tools. Each ReconStack server adds specific OSINT capabilities to your AI.

Do I need all the API keys?

No. Key requirements vary by server. Several tools run without API keys (for example CRT.sh, Wayback, ExifTool, Holehe, Social Analyzer, Nmap), while others require provider credentials.

Does Pro include Shodan/VirusTotal/DeHashed subscriptions?

No. ReconStack Pro is BYOK. You get production integrations and automation workflows, and you connect your own provider API accounts.

What's the difference between Dorking Engine and Google Dorker?

Dorking Engine handles advanced multi-query workflows with caching and backend fallback. Google Dorker is a lightweight direct executor for quick targeted searches.

Is this legal?

Yes. ReconStack uses only publicly available APIs and data sources. It's the same toolkit security professionals and bug bounty hunters use daily — just integrated with your AI assistant.

What's included in lifetime updates?

Bug fixes, new server additions, and compatibility updates. Pro buyers get access to the private GitHub repo for pull access to all future updates.

Can I use this for bug bounty?

Absolutely. ReconStack is built for exactly this. Enumerate subdomains, scan for exposed services, check for leaked credentials, and generate reports — all through natural language.