Web Recon Agent

authSTDIOregistry active

Summary

Built for security professionals doing authenticated web app assessments on targets you own. This handles the tedious parts of recon against applications with complex authentication flows and high friction interfaces where traditional scanning tools fall short. You'd reach for this when you need to map out API endpoints, enumerate authenticated routes, or perform structured reconnaissance through Claude without repeatedly logging in or maintaining session state manually. Designed specifically for penetration testing and security audits where you have legitimate access but the app's authentication layer makes automated tooling painful to coordinate.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

MCP_TARGET_ALLOWLIST*

Comma-separated hostnames allowed for scanning. Required.

MCP_OWNED_TARGETS

Comma-separated hostnames you explicitly own to unlock active and owned-aggressive scan modes.

MCP_JOB_STORE_PATH

Optional path for persisted job metadata. Defaults to mcp-jobs.json in the current working directory.

MCP_MAX_CONCURRENT

Optional maximum number of concurrent scan jobs. Defaults to 2.

MCP_CONFIG_PATH

Optional path to a JSON config file that overrides allowlist and concurrency settings.

Web Recon Agent

Configuration

Web Recon Agent

Configuration

Related AI & LLM Tools MCP Servers

Related AI & LLM Tools MCP Servers