Nmap Online MCP. Audit ports, map networks, and find hidden domains.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Nmap Online MCP Server lets you audit network security and discover infrastructure details using your agent. You can run fast port scans (`nmap_scan`), look up domain ownership (`whois_lookup`), check physical IP locations (`geoip_lookup`), or trace the path to a host (`traceroute`).
It’s built for deep diagnostics, letting you map out an attack surface without leaving your chat window.
What your AI agents can do
Dns lookup
Performs a forward DNS lookup for a specified domain name.
Geoip lookup
Determines the physical geographical location associated with an IP address.
Get http headers
Retrieves the raw HTTP response headers from a target URL.
Run Nmap scans against a target IP or domain, listing open and closed ports to understand the service surface.
Determine the route, latency, and number of hops between two points using traceroutes and pings.
Retrieve official registration details for a domain name to track ownership information.
Perform both forward (domain to IP) and reverse (IP to potential domain) lookups to verify connectivity.
Fetch raw HTTP headers or extract all internal links from a target webpage for content mapping.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Nmap Online MCP Server: 10 Tools for Network Discovery
Use these ten specialized tools to audit network security, identify open ports, resolve domain names, and map out target infrastructures via natural language commands.
019d75dedns lookup
Performs a forward DNS lookup for a specified domain name.
019d75degeoip lookup
Determines the physical geographical location associated with an IP address.
019d75deget http headers
Retrieves the raw HTTP response headers from a target URL.
019d75deget page links
Scrapes and extracts all clickable links found on a given webpage.
019d75delist subdomains
Searches for potential subdomains associated with a root domain.
019d75denmap scan
Conducts a basic Nmap scan to identify open ports and services on a target IP or host.
019d75deping host
Tests connectivity and measures latency by sending ICMP packets to a specified host.
019d75dereverse dns
Performs a reverse DNS lookup, mapping an IP address back to a domain name.
019d75detraceroute
Maps the sequence of routers and hops taken when reaching a destination host across the network.
019d75dewhois lookup
Retrieves ownership and registration details for a given domain name.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Nmap Online, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
You're trying to run a proper network audit, but you gotta jump between terminals, web dashboards, and ten different tools? Forget that headache. This server puts professional-grade diagnostics right where your agent is—in the chat window. You don’t need to switch anything; you just talk to it.
This setup exposes everything you need for deep reconnaissance: port scanning, domain mapping, IP tracking, and web scraping. It's built so you can map out an entire attack surface without ever leaving your current view.
Auditing Service Surfaces
Need to know what services are running? You can run a basic Nmap scan using nmap_scan against any target IP or host, which identifies open and closed ports. This tells you exactly what service surface is exposed for exploitation. If you want to verify the core identity of that machine, ping_host sends ICMP packets to test connectivity and measure latency.
For a more granular view of web content, you can use get_http_headers to pull the raw HTTP response headers from any target URL. You'll also find that if you need to map out all the internal links on a page for thorough content mapping, get_page_links scrapes and extracts every single clickable link from the webpage.
Domain and IP Resolution
Verifying who owns an address or domain is straightforward. You can check official registration details—the ownership and when it was registered—using whois_lookup. If you're dealing with a specific name, running dns_lookup performs a forward DNS lookup to get the associated IP address. Conversely, if you only have an IP address but need to know what domain might belong there, reverse_dns runs a reverse lookup to map that IP back to a potential domain name.
To dig deeper into naming conventions, list_subdomains searches for other subdomains tied to a root domain.
Network Pathing and Geography
Mapping network topology is critical. You can trace the entire path taken when reaching a destination host across multiple routers using traceroute, which shows you every hop in the journey. To check basic connectivity and measure lag, use ping_host. For understanding physical location, geoip_lookup determines the geographical area—the city, country, and ISP—associated with any given IP address.
This helps pinpoint where a server actually lives.
Putting It Together
You can combine these functions to build a profile from nothing. You run whois_lookup to see who registered 'example.com'. Then, you use dns_lookup to get its primary IP. Next, you hit it with geoip_lookup to figure out the physical region of that IP. You'll then run nmap_scan against that IP to check for open ports.
If there’s a path issue, you can confirm connectivity using ping_host, or trace the route entirely with traceroute. This stack lets your agent handle all the complex diagnostics—the name resolution, the port scanning, the geolocation lookup, and the link scraping—all in one place.
How Nmap Online MCP Works
- 1 Tell your AI client what you need to audit (e.g., 'Check the ports on google.com').
- 2 The agent selects and executes the appropriate tool, like
nmap_scanorwhois_lookup, against the target. - 3 You get a clean, structured report detailing open ports, ownership records, or network paths directly in your conversation.
The bottom line is that you use natural language to run complex, multi-step security and diagnostic checks.
Who Is Nmap Online MCP For?
This tool is for the Security Researcher who has too many tabs open—the one constantly jumping between passive DNS tools, port scanners, and WHOIS sites. It’s for the Network Admin tired of context switching between a ticketing system and a command line just to verify if a service is reachable. You need deep visibility without leaving your main workflow.
Determining an opponent's attack surface by systematically running nmap_scan, checking for open ports, and gathering domain details with whois_lookup.
Troubleshooting connectivity issues across regions. They use geoip_lookup to verify a client's reported location or run traceroute when a connection keeps dropping.
Validating service availability and web server configuration by checking raw headers using get_http_headers before deploying code changes.
What Changes When You Connect
- See the full attack surface instantly. Instead of manually running separate tools for port scanning and ownership checks, you combine
nmap_scanwithwhois_lookupin one chat session to build a complete picture of a target's digital footprint. - Pinpoint connectivity issues fast. If users complain about slow sites, run
tracerouteimmediately to see exactly which hop is dropping packets or causing high latency. You don't guess; you get the path map. - Know where everything lives. Running
geoip_lookupon a suspicious IP tells you if it claims to be in Europe but actually routes through Asia. This context is critical for threat intelligence. - Map out related infrastructure easily. Use
list_subdomainsto find forgotten or unlisted parts of a company's network, complementing the primary findings fromdns_lookup. - Check web servers without coding. Instead of writing scripts to check headers, use
get_http_headersto instantly see if a server is leaking sensitive information in its response.
Real-World Use Cases
Verifying Target Infrastructure
A security analyst needs to know everything about 'examplecorp.com'. They first run whois_lookup to identify the domain registrant. Then, they use list_subdomains to find related sites. Finally, they run nmap_scan on a key subdomain to see if any ports are exposed and open for attack.
Debugging Intermittent Connectivity
A network admin can't connect to an internal server (10.1.1.5). They run ping_host first, which confirms reachability but shows high latency. Next, they run traceroute to pinpoint the exact router hop—say, 192.168.3.4—where the packets start failing.
Analyzing a Suspicious IP
A threat intelligence analyst gets an unknown IP address (203.0.113.1). They use geoip_lookup to see its physical location and ISP. Then they run reverse_dns to see if that IP belongs to a known domain, quickly validating the source's identity.
Assessing Web Content Structure
A content auditor needs to index all pages for a client. They use get_page_links on the homepage and then run get_http_headers on key internal documents to ensure no sensitive cookies or redirect info is exposed.
The Tradeoffs
Assuming basic connectivity
Running a complex scan like nmap_scan without first knowing if the host responds at all. This wastes time and might trigger alerts.
→
Always start with ping_host. If that fails, don't waste resources on port scanning; check DNS records first using dns_lookup to confirm the domain even exists.
Treating tools as single-use APIs
Running a whois_lookup for 'apple.com' and then stopping, ignoring that you could find related info.
→
Chain your tools. After running whois_lookup, immediately check the IP range with geoip_lookup. This gives context to who owns it and where they are located.
Ignoring the path
Simply checking if a port is open using only nmap_scan without knowing how traffic gets there.
→
If you find an open port, run traceroute to map the network path. This shows whether the connection is direct or bouncing through several unknown intermediate routers.
When It Fits, When It Doesn't
Use this server if your problem involves diagnosing connectivity, mapping out a target's digital footprint, or understanding external infrastructure relationships. If you need to know who owns it (WHOIS), where it is (GEOIP), or what services are running (NMAP), this is your toolset.
Don't use this if all you need is a simple dictionary lookup or basic data transformation. For instance, if you only need to verify that 'example.com' resolves correctly, dns_lookup handles it. If you just want to know the current time zone of an IP address, other dedicated geolocation APIs might be cleaner.
The key advantage here is combining tools: don't run a single tool in isolation. Run list_subdomains, then check its DNS with dns_lookup, and finally scan it with nmap_scan—that’s how you build a complete diagnostic story.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Nmap Online. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Diagnosing network issues usually means opening five different browser tabs and running three separate command-line utilities.
Today, if your connection is acting weird, you're probably clicking through a ticketing system to open the asset owner's website. Then you copy the IP address into an online GeoIP tool. After that, you run `traceroute` in one terminal and then check for domain ownership in another window—it’s pure context switching.
With Nmap Online MCP Server, your AI client handles all of it. You just tell it: 'Why is the connection to 192.0.2.5 failing.' It runs `ping_host`, maps the route with `traceroute`, and checks for DNS issues—all in one conversational thread. The problem gets solved without leaving chat.
Nmap Online MCP Server: See who owns a domain, instantly.
Before this server, finding out who owned 'exampledomain.com' required going to a dedicated WHOIS site and pasting the name into a form. You might even have to wait for their database lookup cycle to finish—it was always clunky and slow.
Now? You ask your agent, 'Who owns exampledomain.com.' It runs `whois_lookup` instantly and gives you all the registration details, including contact info and expiry dates. That's it. No websites, no waiting.
Common Questions About Nmap Online MCP
How do I use nmap_scan to check a target? +
Just tell your agent the target IP or domain you want to scan. The nmap_scan tool runs basic port scans and reports which services are active on that host.
Can I find all subdomains using list_subdomains? +
Yes. Use the list_subdomains tool, giving it a root domain name. It searches for related infrastructure components that might not be publicly known.
What is the difference between dns_lookup and reverse_dns? +
A forward DNS lookup (dns_lookup) finds an IP address from a readable domain name (like google.com). A reverse DNS lookup (reverse_dns) does the opposite, finding the domain behind a given IP.
Do I need to worry about rate limiting when using whois_lookup? +
It's best practice to check your API key limits if you plan on running many lookups. The whois_lookup tool is great, but overuse can hit throttling limits.
How do I use get_http_headers for debugging? +
Tell the agent which URL you want headers from. get_http_headers pulls all raw response data (cookies, content types, etc.), letting you see exactly what the server is sending back.
How does using `traceroute` help me diagnose network latency? +
It maps every hop between your AI agent and the target IP. You see exactly which router caused a delay or packet loss, letting you pinpoint where connectivity breaks down along the path.
What kind of data does `geoip_lookup` provide beyond just a country name? +
It provides comprehensive location data including the city, ISP information, and specific geographic coordinates. This detail lets you identify regional service providers linked to that IP address.
Is running `ping_host` the same as doing an Nmap port scan? +
No, they check different things. Ping confirms if a host is online and reachable at an ICMP level. A port scan checks if specific application ports (like 80 or 443) are actively open for services.
Is a HackerTarget API Key mandatory? +
No. HackerTarget allows a limited number of free daily scans without a key. For higher volume or commercial use, an API key is required.
Can I perform an aggressive Nmap scan? +
The nmap_scan tool in this server performs a standard service discovery scan. Aggressive flags are limited by the upstream API provider for safety and performance reasons.
What information does the GeoIP lookup provide? +
The GeoIP tool returns the country, region, city, and the Internet Service Provider (ISP) associated with the target IP address.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
CrowdSec
Automate threat intelligence via CrowdSec — query local decisions, stream security updates, and check global IP reputation directly from any AI agent.
Standard Notes
Connect your AI to the Standard Notes encrypted ecosystem. Sync items natively, modify protected notes, and manage tags seamlessly.
Logto (Auth Platform)
Manage users, roles, and organizations in your Logto auth tenant directly from your AI agent.
You might also like
LA Metro
Access Los Angeles Metro data via API — track buses and rail in real-time, check arrivals, plan rail trips, and monitor service alerts from any AI agent.
Contentful
Equip your AI agent to fetch, create, and manage digital content effortlessly using Contentful's headless architecture.
SignRequest
Manage e-signatures and documents via SignRequest — create signing requests, track document status, and manage templates directly from any AI agent.