ENScan GO

Collects Chinese enterprise information from multiple commercial APIs (AiQiCha, TianYanCha, etc.) for security research. Aggregates ICP registrations, mobile apps, WeChat accounts, subsidiaries, job postings, and software copyrights into unified output. Includes an MCP server mode for AI assistant integration.

Evaluated Mar 06, 2026 (0d ago) vunknown
Homepage ↗ Repo ↗ Security osint chinese-enterprises recon penetration-testing mcp-server go bug-bounty enterprise-info
⚙ Agent Friendliness
50
/ 100
Can an agent use this?
🔒 Security
62
/ 100
Is it safe for agents?
⚡ Reliability
52
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
40
Documentation
45
Error Messages
30
Auth Simplicity
78
Rate Limits
50

🔒 Security

TLS Enforcement
80
Auth Strength
60
Scope Granularity
50
Dep. Hygiene
60
Secret Handling
58

Community/specialized tool. Apply standard security practices for category. Review documentation for specific security requirements.

⚡ Reliability

Uptime/SLA
55
Version Stability
55
Breaking Changes
50
Error Recovery
50
AF Security Reliability

Best When

You are conducting authorized security assessments against Chinese companies and need to quickly enumerate their digital footprint across multiple data sources.

Avoid When

You lack valid session cookies for the required Chinese enterprise data platforms, or your target is not a Chinese-registered company.

Use Cases

  • Mapping Chinese company attack surfaces during penetration tests
  • Discovering subsidiaries and holding structures for bug bounty scope expansion
  • Enumerating mobile apps and WeChat mini-programs associated with a target company
  • AI-assisted enterprise reconnaissance via MCP integration

Not For

  • Non-Chinese enterprise information gathering (data sources are China-specific)
  • Users without valid credentials for Chinese enterprise data platforms
  • Passive recon without risk of detection (tool makes active API requests)
  • General-purpose OSINT across global companies

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: browser_cookies api_tokens
OAuth: No Scopes: No

Requires valid session cookies or tokens for each upstream data source (AiQiCha, TianYanCha, KuaiCha, FengNiao). Users must manually obtain these from browser sessions on the respective platforms.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache 2.0 licensed. The tool itself is free but the upstream data sources may require paid subscriptions for full access.

Agent Metadata

Pagination
unknown
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • Documentation is almost entirely in Chinese - non-Chinese speakers will struggle
  • Requires manually obtained browser cookies that expire frequently
  • MCP server mode documentation is minimal - unclear what tools are exposed
  • Upstream data sources may rate-limit or block automated access

Alternatives

Amass Subfinder SpiderFoot theHarvester

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for ENScan GO.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered