Run passive, subdomain, vulnerability, and OSINT reconnaissance with reconFTW tools.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "reconftw-mcp" yet — see the docs or source repo.
Use reconftw-mcp to run a subdomain reconnaissance scan on example.com and summarize discovered subdomains, resolution status, and potentially exposed services.
A subdomain inventory with live status, basic DNS results, and a summary of suspicious exposed surfaces.
Run a passive scan and OSINT collection for target.com without active probing, then organize domains, certificates, public intelligence sources, and risk indicators.
A passive reconnaissance report summarizing public assets, certificate data, external sources, and initial risk assessment.
Use reconftw-mcp to run a vulnerability reconnaissance scan on app.example.com and list high-risk endpoints, fingerprinting details, and findings that need manual review.
A vulnerability reconnaissance summary with high-risk findings, supporting evidence, and recommended next validation steps.
Run safe bug bounty recon and organize manual testing evidence and plans.
Run domain and service recon to assess network exposure and security signals.
Automate OSINT reconnaissance for asset discovery, secret scanning, and JavaScript analysis.
Collect system info, run network scans, and extend workflows with custom tools.
Recon username footprints across 480+ platforms with reports and scores.
Run unified penetration testing workflows for reconnaissance, scanning, code analysis, and authenticated checks.