Self-hosted attack surface recon dashboard + MCP server — AI agents and humans drive subfinder, dnsx, tlsx, httpx, cdncheck, alterx via Docker Compose
View on GitHub →
🔍 Audit Wallet Slippage →
Quick Install
Copy the config for your editor. Some servers may need additional setup — check the README.
Claude Desktop
Claude Code
Cursor
Add to claude_desktop_config.json:
{
"mcpServers": {
"hopper-recon": {
"command": "npx",
"args": [
"-y",
"iksnerd/hopper-recon"
]
}
}
}
📋 Copy
Run in terminal:
claude mcp add hopper-recon npx -y iksnerd/hopper-recon
📋 Copy
Add to .cursor/mcp.json:
{
"mcpServers": {
"hopper-recon": {
"command": "npx",
"args": [
"-y",
"iksnerd/hopper-recon"
]
}
}
}
📋 Copy
README Excerpt
Self-hosted, MCP-native security reconnaissance dashboard. A **Go engine** wraps the [projectdiscovery](https://github.com/projectdiscovery) OSINT tooling and owns its own SQLite; a **Next.js 16 dashboard** is a thin HTTP client on top. AI agents (Claude Code / Cline / Claude Desktop) can attach to the same engine over MCP and use the recon tools directly.
Tools (14)
ENGINE_URL HOPPER_ADDR HOPPER_ALLOWED_DOMAINS HOPPER_BLOCKLIST_OVERRIDE_REASON HOPPER_DB_PATH HOPPER_OVERRIDE_BLOCKLIST check_cdn expand_subdomains fetch_tls_cert find_urls lookup_geoip passive_subdomains probe_http resolve_dns
Topics
attack-surface attack-surface-management bug-bounty docker golang mcp mcp-server nextjs osint penetration-testing projectdiscovery recon security self-hosted subdomain-enumeration