# Nmap Online MCP

> Nmap Online lets you run professional network scans and deep security audits directly through your AI agent. Check open ports, map the digital footprint of any domain, locate IPs geographically, or trace exactly how data travels across the internet—all without leaving your chat interface.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** network-scanning, port-discovery, dns-lookup, security-auditing, network-diagnostics, penetration-testing

## Description

This MCP connects you to high-powered diagnostic tools used by network engineers and security researchers. You talk naturally to your AI client, and it handles complex tasks like determining if a specific domain is owned by a company or finding all its hidden subdomains.

It goes beyond simple pings; you can inspect raw web server headers to see exactly what links a target page offers, or run comprehensive WHOIS lookups to find out who registered the site. Need to know where an IP address physically sits? You get that location data instantly. When you connect this MCP via Vinkius, your AI agent gains access to this entire suite of network intelligence, allowing you to perform advanced analysis without ever opening a command line or logging into a separate dashboard.

## Tools

### dns_lookup
Performs a standard forward lookup to find the IP address for any specified domain name.

### geoip_lookup
Translates an IP address into its physical geographical location, including country and city data.

### get_http_headers
Retrieves the raw HTTP response headers from a given web page to inspect server details.

### list_subdomains
Searches for associated subdomains linked to a main target domain.

### nmap_scan
Executes a basic Nmap scan, identifying which ports and services are active on a host.

### get_page_links
Extracts every single URL link found within the HTML content of a target web page.

### ping_host
Sends ICMP packets to confirm if a specified host is reachable and active on the network.

### reverse_dns
Performs an inverse lookup, taking an IP address and finding its associated domain name.

### traceroute
Maps the entire network path from your client to a target host to check for latency or packet drops.

### whois_lookup
Provides detailed registration records about a domain, including ownership and contact details.

## Prompt Examples

**Prompt:** 
```
Scan the ports for the domain 'example.com'.
```

**Response:** 
```
Running Nmap scan... I've identified several open ports on example.com: Port 80 (http) and Port 443 (https) are active. Would you like to see the HTTP headers for this domain?
```

**Prompt:** 
```
Find the physical location of the IP address 8.8.8.8.
```

**Response:** 
```
Performing GeoIP lookup... The IP 8.8.8.8 is located in the United States, specifically in Mountain View, California. It is registered to Google LLC. Shall I perform a WHOIS lookup for more details?
```

**Prompt:** 
```
Trace the network path to 'google.com'.
```

**Response:** 
```
Initializing traceroute... I've mapped the path to google.com. It took 8 hops with an average latency of 15ms. No significant packet loss was detected along the route. Would you like to check the DNS records for google.com as well?
```

## Capabilities

### Identify open services
Perform fast port scans against any IP or domain to pinpoint which services are running and exposed.

### Determine ownership details
Get full WHOIS records for a domain, revealing who owns it and when it was registered.

### Analyze network paths
Run traceroutes and pings to diagnose connectivity issues or measure latency between two points.

### Map related domains
Execute DNS lookups, including finding subdomains and mapping IPs back to their origins.

### Determine physical location
Translate an IP address into its geographical coordinates, country, and city.

## Use Cases

### Checking for forgotten web assets
You suspect your company owns an old domain, but you can't find its main website. You ask your agent to run a `whois_lookup` and discover the registration details. Then, you use `list_subdomains` to map out every associated subdomain, helping you recover forgotten assets.

### Debugging slow site connections
A client reports that their connection times out occasionally. You ask your agent to run a `traceroute` to the destination IP. The results pinpoint exactly which network hop is causing excessive latency or packet loss, allowing you to report the failure point directly.

### Assessing a competitor's public services
You need to know what kind of services a competitor runs on their main site. You ask your agent to run an `nmap_scan` against their IP and then use `get_http_headers` to see if they are running any non-standard, exposed protocols.

### Finding the origin of suspicious traffic
You receive a log entry with a strange IP address. You immediately ask your agent to perform both `geoip_lookup` and `reverse_dns`. This instantly tells you not only where the IP is physically located but also what domain name it belongs to.

## Benefits

- Diagnose connectivity issues instantly. Instead of manually running a traceroute in the terminal, ask your agent to map the path across hops and identify exactly where packet loss is happening.
- Understand domain ownership quickly. Use `whois_lookup` to check who registered a site and when, giving you critical context about a target's age or jurisdiction.
- Map out all associated sites. Don't just check the main URL; use `list_subdomains` to discover every related digital asset linked to that core domain name.
- Verify web server health. Running `get_http_headers` lets you inspect raw response data, checking for security flags or specific service versions without digging into code.
- Know where your targets are. The `geoip_lookup` tool converts a simple IP address into actionable physical location details like the country and city it's tied to.

## How It Works

The bottom line is that you can talk about network security like talking to an expert, and your AI client handles the rest of the command-line heavy lifting.

1. First, subscribe to this MCP within Vinkius. You can optionally plug in your own HackerTarget API key if you anticipate heavy usage.
2. Next, simply ask your AI client to run a diagnostic task. For example, 'What ports are open on example.com?'
3. Your agent processes the request and returns structured data detailing everything from open services to geographical locations.

## Frequently Asked Questions

**How do I check open ports using Nmap Online?**
You use the `nmap_scan` tool. Just ask your agent to run an Nmap scan on a specific IP or domain, and it will tell you which services like HTTP or HTTPS are active.

**What is the difference between dns_lookup and reverse_dns in Nmap Online?**
`dns_lookup` takes a domain name (like google.com) and finds its IP address. `reverse_dns` does the opposite: it takes an IP address and tries to find out what domain name belongs to it.

**Can I find all subdomains with Nmap Online?**
Yes, you use the `list_subdomains` tool. Give it a main domain name, and your agent will search for and provide a list of associated subdomains that might be running.

**Does Nmap Online help with general connectivity problems?**
It helps by providing tools like `traceroute` and `ping_host`. These let you diagnose if the connection is failing at your end, or if a specific hop between networks is dropping packets.

**What data does whois_lookup provide?**
`whois_lookup` gives deep registration details about a domain. This includes information on who owns the domain and when it was first registered, which can be critical for research.