Catalog
Web Recon Agent
Officialby joepangallo
Owned-target web security assessment MCP server for authenticated, high-friction apps.
Perform authenticated security assessments on owned web applications.
README not available yet.
Install
Configuration
Environment variables
MCP_TARGET_ALLOWLISTrequiredComma-separated hostnames allowed for scanning. Required.
MCP_OWNED_TARGETSComma-separated hostnames you explicitly own to unlock active and owned-aggressive scan modes.
MCP_JOB_STORE_PATHOptional path for persisted job metadata. Defaults to mcp-jobs.json in the current working directory.
MCP_MAX_CONCURRENTOptional maximum number of concurrent scan jobs. Defaults to 2.
MCP_CONFIG_PATHOptional path to a JSON config file that overrides allowlist and concurrency settings.
claude_desktop_config.json
{
"mcpServers": {
"web-recon-agent": {
"command": "npx",
"args": [
"-y",
"mcp-web-recon-agent@0.8.1"
],
"env": {
"MCP_TARGET_ALLOWLIST": "<YOUR_MCP_TARGET_ALLOWLIST>",
"MCP_OWNED_TARGETS": "<YOUR_MCP_OWNED_TARGETS>",
"MCP_JOB_STORE_PATH": "<YOUR_MCP_JOB_STORE_PATH>",
"MCP_MAX_CONCURRENT": "<YOUR_MCP_MAX_CONCURRENT>",
"MCP_CONFIG_PATH": "<YOUR_MCP_CONFIG_PATH>"
}
}
}
}