DechoNet MCP Server
Domain security reconnaissance tools for AI agents via Model Context Protocol.
13 security tools — DNS, SSL, HTTP headers, email auth, port scan, propagation, reverse DNS, ASN/BGP, RDAP/WHOIS, subnet calc, and comprehensive security scan — callable from Claude Desktop and any MCP-compatible AI agent.
Part of DechoNet. Every tool here is also a free web tool at dechonet.com — no sign-up, no API key — backed by error-fix guides. This package brings the same checks to AI agents.
Quick Start (Claude Desktop)
Add to your claude_desktop_config.json:
{
"mcpServers": {
"dechonet": {
"command": "npx",
"args": ["-y", "dechonet-mcp"]
}
}
}Or if installed locally:
{
"mcpServers": {
"dechonet": {
"command": "node",
"args": ["/path/to/dechonet/mcp/build/index.js"]
}
}
}Config file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Restart Claude Desktop. You'll see the DechoNet tools icon in the input area.
Install
# Via npx (no install needed)
npx dechonet-mcp
# Or install globally
npm install -g dechonet-mcpAvailable Tools
| Tool | Description | |------|-------------| | security_scan | Comprehensive scan — 9 checks in parallel, 0-100 Health Score, A-F grade | | dns_lookup | DNS records + DNSSEC + SPF/DMARC validation | | ssl_check | SSL/TLS certificate, chain, TLS version, A-F grade | | http_security | HTTP redirect trace + 10 security headers audit, A-F grade | | email_auth | SPF, DMARC, DKIM, BIMI, MTA-STS, DANE + blacklist check | | port_scan | Open TCP ports with service identification | | dns_propagation | DNS propagation across 8+ global resolvers | | reverse_dns | PTR record + FCrDNS verification | | asn_lookup | ASN/BGP network identification + abuse contact | | whois_lookup | RDAP/WHOIS domain registration data | | ip_info | Public IP, ISP, ASN, proxy detection | | email_header_analysis | Email delivery route tracing + auth results | | subnet_calc | CIDR subnet calculator (offline) |
Example Prompts
Once connected, try asking Claude:
- "Check the security posture of example.com"
- "Is the SSL certificate for mysite.com about to expire?"
- "What DNS records does example.com have?"
- "Scan the open ports on my-server.com"
- "Analyze these email headers: [paste headers]"
- "What's the ASN for 8.8.8.8?"
- "Calculate the subnet for 10.0.0.0/16"
SSE Transport (Remote)
For remote/HTTP-based MCP connections:
cd mcp
npm run start:sse
# Server runs on http://localhost:3100
# SSE endpoint: http://localhost:3100/sseDevelopment
cd mcp
npm install
npm run build # TypeScript → build/
npm run dev # Run with tsx (stdio)
npm run start:sse # Run SSE serverHow It Works
The MCP server calls DechoNet's public API (https://dechonet.com/api/util/*) — the same backend as the dechonet.com web tools — and returns structured results with:
- Status (ok/warn/bad)
- KPIs (key performance indicators per tool)
- Issues with severity (critical/warning/info) and confidence levels
- Actionable remediation steps
- Raw data (full JSON)
All data comes from public sources (DNS, HTTP headers, SSL certificates, RDAP). No active exploitation.
Environment Variables
| Variable | Default | Description | |----------|---------|-------------| | DECHONET_URL | https://dechonet.com | API base URL | | DECHONET_LOCALE | en | Response language (en or ko) | | PORT | 3100 | SSE server port |
About DechoNet
DechoNet is a domain security reconnaissance platform — distributed observation, cross-verification. The same diagnostics ship three ways: free web tools, error-fix guides, and this MCP server.
- 🌐 Web tools (free, no sign-up): https://dechonet.com
- 📘 Guides (fix common DNS/SSL/HTTP/email errors): https://dechonet.com/guides
- 🐦 X: https://x.com/Dechonetwork
MIT licensed. Issues and PRs welcome.
