origin/main
Multi-Tool Cybersecurity Reconnaissance
A comprehensive, modern application for cybersecurity reconnaissance that integrates multiple scanning tools into a unified, user-friendly interface with advanced visualizations and reporting.
- Multi-Tool Scanning: Nmap, Subfinder, Nikto, Gobuster, NSLookup DNS, Traceroute, Wappalyzer
- Real-Time Progress Tracking: Live updates with per-tool status monitoring
- Advanced Risk Assessment: Automated risk scoring (0–10) based on multiple factors
- Interactive Visualizations: Plotly.js charts for ports, subdomains, vulnerabilities
- Comprehensive Reporting: HTML, PDF, JSON, and CSV export options
- Scan History: Complete audit trail with search and filtering
- Modern UI: Beautiful animations with Framer Motion, glass-morphism design
- Local Processing: All scans run locally — no data leaves your machine
- Authorization Reminder: Built-in warnings to only scan authorized targets
- Secure Storage: SQLite database with encrypted metadata options
- Input Sanitization: Robust validation and sanitization of scan targets
┌────────────────────────────────────────────┐
│ Frontend (React + Electron) │
│────────────────────────────────────────────│
│ • Dashboard UI │
│ • Real-time progress tracking │
│ • Interactive visualizations │
└───────────────────────┬────────────────────┘
│
(HTTP / JSON API)
│
┌───────────────────────▼────────────────────┐
│ Backend (FastAPI) │
│────────────────────────────────────────────│
│ • REST API endpoints │
│ • Worker orchestration │
│ • Tool execution management │
└───────────────────────┬────────────────────┘
│
(Subprocess Calls)
│
┌───────────────────────▼────────────────────┐
│ Scanner Tools │
│────────────────────────────────────────────│
│ • nmap, subfinder, nikto, etc. │
└────────────────────────────────────────────┘
Backend:
- Python 3.11+
- FastAPI (REST API)
- SQLite (local database)
- Jinja2 (report templating)
- Playwright (PDF generation)
- Concurrent.futures (parallel execution)
Frontend:
- In Frontend, there are heavy files. So, I added the URL below. Go through that and download the zip file & then place it inside the MCP-APP. (According to the Project Structure) The Zip File URL (Driver Link): https://drive.google.com/file/d/1jtAWLnNkM2GQK7ORVJ8c7Rmd0h7RJ0KP/view?usp=sharing
- React 18
- Electron (desktop packaging)
- Framer Motion (animations)
- Plotly.js (charts)
- Lucide React (icons)
- Axios (HTTP client)
- Python 3.11+ installed
- Node.js 18+ installed
- Scanning Tools installed and in PATH:
nmap— Network mappersubfinder— Subdomain discoverynikto— Web vulnerability scannergobuster— Directory brute-forcernslookup— DNS lookup (usually pre-installed)traceroute/tracert— Network path tracing (usually pre-installed)wappalyzer— To identify the CDN, Security & other tech stack (with the versions)
# Optional: Install Chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
# Install Nmap and Go
choco install nmap golang -y
# Install Go-based tools (ensure %USERPROFILE%\go\bin is in PATH)
$env:Path += ";$env:USERPROFILE\go\bin"
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/OJ/gobuster/v3@latest
# Nikto (best via WSL) or download from GitHubsudo apt-get update
sudo apt-get install -y nmap nikto dnsutils traceroute golang-go
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/OJ/gobuster/v3@latest
echo 'export PATH=$PATH:~/go/bin' >> ~/.bashrc && source ~/.bashrcbrew install nmap nikto go
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/OJ/gobuster/v3@latest
echo 'export PATH=$PATH:~/go/bin' >> ~/.zshrc && source ~/.zshrcVerify tools:
nmap --version
subfinder -version
nikto -Version
gobuster -h-
Clone or navigate to the project:
cd MCP-APP -
Setup Backend:
cd backend pip install -r requirements.txt playwright install chromium -
Setup Frontend:
cd frontend npm install
Terminal 1 – Backend:
cd backend
python mcp_server.pyRuns on http://127.0.0.1:8000
Terminal 2 – Frontend:
cd frontend
npm startRuns on http://localhost:3000
# Backend
backend\start_backend.bat
# Frontend (new terminal)
frontend\start_frontend.bat- Navigate to "New Scan" tab
- Enter target (domain or URL)
- Select tools
- Click "Start Security Scan"
- Check "Progress" tab for real-time status
- Each tool shows its individual progress and completion
- Report Tab: Detailed charts and results
- History Tab: Past scans, searchable and filterable
- Export Options: PDF, JSON, CSV, HTML
Risk Index (0–10) considers:
- Number & severity of vulnerabilities
- High-risk findings
- Open ports
- Subdomain count
MCP-APP/
├── backend/
│ ├── mcp_server.py
│ ├── requirements.txt
│ ├── scanners/
│ │ ├── nmap.py
│ │ ├── subfinder.py
│ │ ├── nikto.py
│ │ ├── gobuster.py
│ │ ├── nslookupdns.py
│ │ └── traceroute.py
│ └── scans/
│ ├── mcp.db
│ └── {scan_id}/
│ ├── raw/
│ └── report.pdf
│
├── frontend/
│ ├── src/
│ │ ├── components/
│ │ │ ├── Dashboard.js
│ │ │ ├── ScanForm.js
│ │ │ ├── ScanProgress.js
│ │ │ ├── ScanHistory.js
│ │ │ └── ScanReport.js
│ │ ├── App.js
│ │ ├── App.css
│ │ └── index.js
│ └── package.json
│
└── README.md
POST /start_scan– Start a new scanGET /status/{scan_id}– Get scan statusGET /scans– List all scans
GET /report/{scan_id}– HTML reportGET /report_pdf/{scan_id}– PDF exportGET /export/{scan_id}/json– JSON exportGET /export/{scan_id}/csv– CSV export
GET /tools– List available scanning tools
- Live updates every 2 seconds
- Animated progress indicators
- Tool completion notifications
- Port distribution charts
- Subdomain lists
- Risk gauge
- Vulnerability heatmaps
- PDF, JSON, CSV, HTML
IMPORTANT: Only scan domains you own or have explicit permission to test. Unauthorized scanning may be illegal.
Best Practices:
- Always obtain written authorization
- Respect rate limits
- Keep results confidential
Create a scanner module in backend/scanners/:
def run_and_parse(target: str, raw_dir: str) -> dict:
# Your scanning logic
return {
"success": True,
"findings": [...],
"count": 0
}Register it in mcp_server.py.
- Edit
frontend/src/App.cssfor styles - Modify components in
frontend/src/components/ - Update Framer Motion animations
cd frontend
npm run build
npm run electronOr create installer:
npm run build && electron-builderEnsure tools are installed and in PATH. Example checks:
nmap --version
subfinder -version
nikto -Version
gobuster -h- Verify backend is running (
http://127.0.0.1:8000/docs) - Check CORS configuration
- Disable firewall temporarily if needed
playwright install chromiumTo start the project quickly:
# Backend
cd backend
python .\mcp_server.py# Frontend
cd frontend
npm startDisclaimer: This tool is for authorized security testing only. Use responsibly.
Built With:
- FastAPI
- React
- Framer Motion
- Plotly.js
- Electron
- UI redesign with animations
- Real-time tracking
- Enhanced risk scoring
- Export formats: PDF, JSON, CSV
- Scan history with search/filter
- Initial release
- Basic scanning
- Simple HTML reports
Contributions are welcome! Please:
- Follow code style conventions
- Add tests for new features
- Update documentation
- Respect security best practices
For issues or suggestions:
- Check GitHub Issues
- Review Troubleshooting
- Ensure prerequisites are installed
Built with security in mind. Use responsibly.
Team Members (The Project Developed By Woxsen Junior Scholars)
- Bandi Hemanth (22WU0106028)
- Vamsi.P (22WU0106013)
- Rahul Samineni (22WU0106023)