mcp_subfinder_server

Provides a Model Context Protocol (MCP) server that wraps ProjectDiscovery's subfinder to enumerate subdomains for a given domain via a JSON-RPC interface, including options for recursion, depth, timeouts, and source filtering/exclusion. Includes a /health endpoint for liveness.

Evaluated Apr 04, 2026 (16d ago)

Repo ↗ Search mcp json-rpc subdomain-enumeration osint projectdiscovery go

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

No authentication/authorization is documented for the MCP JSON-RPC endpoint; /health is unauthenticated per examples. Docs mention adding API keys to provider-config.yaml for premium sources, but do not describe secret handling practices (e.g., redaction/logging behavior). TLS is not mentioned; examples use http://localhost.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need an on-prem or self-hosted MCP server that can be called by an agent to run subfinder with configurable parameters.

Avoid When

You cannot control network exposure or request sizes, or you require documented idempotency/retry semantics and strict operational guarantees.

Use Cases

• Automating passive subdomain enumeration workflows via an MCP-compatible client/agent
• Recursive subdomain discovery with depth and timeout controls
• Selective enable/disable of subfinder sources for targeted recon
• Integrating subdomain enumeration into internal tooling using JSON-RPC calls

Not For

• Production-grade authenticated APIs without additional deployment security
• Environments requiring strict legal/compliance controls over OSINT source usage (not addressed in the docs)
• Use cases needing a stable, externally hosted SaaS API with published SLAs

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

OAuth: No Scopes: No

No authentication is described for the JSON-RPC endpoint or /health. The docs indicate local usage (localhost) by curl.

Pricing

Free tier: No

Requires CC: No

Self-hosted open-source project (MIT). Cost is deployment/compute and any costs from configured subfinder sources/providers.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Subdomain enumeration can be resource-intensive and may take longer than typical agent timeouts; ensure agent-side timeouts align with the server/tool timeout parameters.
⚠ No auth is documented; agents should not expose the server publicly without adding network/auth controls.
⚠ Recursive enumeration and high timeouts/depth can amplify work and result size; constrain parameters for safer agent runs.

Alternatives

Run subfinder directly (CLI) and integrate with your own wrapper/service Other recon/enumeration APIs or OSS wrappers that expose REST endpoints for subdomain discovery MCP servers/wrappers for related ProjectDiscovery tools (where available)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp_subfinder_server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.