io.github.joepangallo
web-recon-agent
Owned-target web security assessment MCP server for authenticated, high-friction apps.
stdiocommunityservice
Package Details
mcp-web-recon-agent
Transportstdio
Environment Variables
MCP_TARGET_ALLOWLIST(str)
Required
Comma-separated hostnames allowed for scanning. Required.
MCP_OWNED_TARGETS(str)
Comma-separated hostnames you explicitly own to unlock active and owned-aggressive scan modes.
MCP_JOB_STORE_PATH(str)
Optional path for persisted job metadata. Defaults to mcp-jobs.json in the current working directory.
MCP_MAX_CONCURRENT(num)
Optional maximum number of concurrent scan jobs. Defaults to 2.
MCP_CONFIG_PATH(str)
Optional path to a JSON config file that overrides allowlist and concurrency settings.