web-intel-mcp 0.2.0

package/README.md

@@ -0,0 +1,74 @@
+# web-intel-mcp
+
+MCP server that gives AI agents web intelligence capabilities. DNS lookups, SSL checks, tech stack detection, page metadata, link safety analysis — all in one package.
+
+## Why
+
+AI agents can't do DNS lookups, read SSL certificates, or detect web technologies natively. This MCP server adds those capabilities with zero configuration.
+
+## Tools
+
+| Tool | What it does |
+|---|---|
+| `web_investigate` | Complete website investigation — DNS, SSL, tech stack, metadata, link safety in one call |
+| `web_dns` | DNS records (A, AAAA, MX, NS, TXT, CNAME) + mail provider detection |
+| `web_ssl` | SSL certificate details — issuer, expiry, validity, SANs |
+| `web_tech_stack` | Detect frameworks, CMS, analytics, CDN, hosting, security headers |
+| `web_meta` | Page title, description, Open Graph, Twitter cards, canonical URL |
+| `web_link_safety` | URL safety verdict — safe/suspicious/dangerous with risk score |
+
+## Install
+
+### Claude Code
+
+```bash
+claude mcp add web-intel node /path/to/web-intel-mcp/index.js
+```
+
+Or add to `.mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "web-intel": {
+      "command": "node",
+      "args": ["/path/to/web-intel-mcp/index.js"]
+    }
+  }
+}
+```
+
+### npx (no install)
+
+```json
+{
+  "mcpServers": {
+    "web-intel": {
+      "command": "npx",
+      "args": ["web-intel-mcp"]
+    }
+  }
+}
+```
+
+## Examples
+
+**"Check if this website is legit"**
+→ Agent calls `web_investigate` → gets trust score, SSL status, tech stack, safety signals
+
+**"What DNS records does example.com have?"**
+→ Agent calls `web_dns` → gets A, MX, NS records + mail provider
+
+**"Is this link safe to click?"**
+→ Agent calls `web_link_safety` → gets safe/suspicious/dangerous verdict
+
+**"What framework is this site built with?"**
+→ Agent calls `web_tech_stack` → gets Next.js, React, Cloudflare, etc.
+
+## No API keys needed
+
+Everything runs locally using Node.js built-in `dns` and `https` modules. No external API dependencies. No rate limits. No costs.
+
+## License
+
+MIT

package/index.js

@@ -0,0 +1,294 @@
+#!/usr/bin/env node
+
+// ---------------------------------------------------------------------------
+// x402 Web Intel — MCP Server
+// ---------------------------------------------------------------------------
+// Standalone MCP server that gives any AI agent web intelligence capabilities.
+// No API keys. No platform dependency. Just add to your MCP config and go.
+//
+// Tools:
+//   web_investigate  — Complete website investigation (DNS, SSL, tech, meta, safety, carbon)
+//   web_dns          — DNS records + mail provider detection
+//   web_ssl          — SSL certificate details
+//   web_tech_stack   — Detect web technologies and security headers
+//   web_meta         — Page metadata, OG tags, Twitter cards
+//   web_link_safety  — URL safety verdict (safe/suspicious/dangerous)
+// ---------------------------------------------------------------------------
+
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import dns from "node:dns/promises";
+import https from "node:https";
+
+const server = new McpServer({
+  name: "web-intel",
+  version: "0.2.0",
+});
+
+// ---------------------------------------------------------------------------
+// Core functions (self-contained, no external API dependency)
+// ---------------------------------------------------------------------------
+
+async function dnsLookup(domain) {
+  const [a, aaaa, mx, ns, txt, cname] = await Promise.allSettled([
+    dns.resolve(domain, "A"), dns.resolve(domain, "AAAA"),
+    dns.resolve(domain, "MX"), dns.resolve(domain, "NS"),
+    dns.resolve(domain, "TXT"), dns.resolve(domain, "CNAME"),
+  ]);
+
+  const mxRecords = mx.status === "fulfilled" ? mx.value : [];
+  const mxStr = mxRecords.map((r) => r.exchange).join(" ").toLowerCase();
+  let mailProvider = null;
+  if (mxStr.includes("google") || mxStr.includes("gmail")) mailProvider = "Google Workspace";
+  else if (mxStr.includes("outlook") || mxStr.includes("microsoft")) mailProvider = "Microsoft 365";
+  else if (mxStr.includes("protonmail")) mailProvider = "ProtonMail";
+  else if (mxStr.includes("zoho")) mailProvider = "Zoho Mail";
+
+  return {
+    A: a.status === "fulfilled" ? a.value : [],
+    AAAA: aaaa.status === "fulfilled" ? aaaa.value : [],
+    MX: mxRecords.sort((a, b) => a.priority - b.priority),
+    NS: ns.status === "fulfilled" ? ns.value : [],
+    TXT: txt.status === "fulfilled" ? txt.value.map((t) => t.join("")) : [],
+    CNAME: cname.status === "fulfilled" ? cname.value : [],
+    mail_provider: mailProvider,
+    has_ipv6: aaaa.status === "fulfilled" && aaaa.value.length > 0,
+  };
+}
+
+async function sslCheck(domain) {
+  return new Promise((resolve, reject) => {
+    const req = https.request({ hostname: domain, port: 443, method: "HEAD", timeout: 10000 }, (res) => {
+      const cert = res.socket.getPeerCertificate();
+      const now = new Date();
+      const validFrom = new Date(cert.valid_from);
+      const validTo = new Date(cert.valid_to);
+      const daysRemaining = Math.floor((validTo - now) / 86400000);
+
+      resolve({
+        issuer: cert.issuer?.O || cert.issuer?.CN || "Unknown",
+        subject: cert.subject?.CN || domain,
+        valid_from: validFrom.toISOString(),
+        valid_to: validTo.toISOString(),
+        days_remaining: daysRemaining,
+        is_valid: daysRemaining > 0,
+        is_expiring_soon: daysRemaining > 0 && daysRemaining < 30,
+        san: cert.subjectaltname ? cert.subjectaltname.split(", ").map((s) => s.replace("DNS:", "")) : [],
+      });
+      res.destroy();
+    });
+    req.on("error", reject);
+    req.on("timeout", () => { req.destroy(); reject(new Error("timeout")); });
+    req.end();
+  });
+}
+
+async function techStack(url) {
+  const response = await fetch(url, {
+    signal: AbortSignal.timeout(10_000),
+    headers: { "User-Agent": "Mozilla/5.0 (compatible; web-intel-mcp/0.2)" },
+    redirect: "follow",
+  });
+
+  const headers = Object.fromEntries(response.headers.entries());
+  const html = await response.text();
+  const head = html.slice(0, 15000).toLowerCase();
+  const techs = [];
+
+  if (headers.server) techs.push({ name: headers.server, category: "server" });
+  if (headers["x-powered-by"]) techs.push({ name: headers["x-powered-by"], category: "framework" });
+  if (head.includes("__next")) techs.push({ name: "Next.js", category: "framework" });
+  if (head.includes("__nuxt")) techs.push({ name: "Nuxt.js", category: "framework" });
+  if (head.includes("wp-content") || head.includes("wordpress")) techs.push({ name: "WordPress", category: "cms" });
+  if (head.includes("shopify")) techs.push({ name: "Shopify", category: "ecommerce" });
+  if (head.includes("wix.com")) techs.push({ name: "Wix", category: "builder" });
+  if (head.includes("google-analytics") || head.includes("gtag")) techs.push({ name: "Google Analytics", category: "analytics" });
+  if (head.includes("gtm.js") || head.includes("googletagmanager")) techs.push({ name: "GTM", category: "analytics" });
+  if (headers["cf-ray"] || headers.server?.includes("cloudflare")) techs.push({ name: "Cloudflare", category: "cdn" });
+  if (headers["x-vercel-id"]) techs.push({ name: "Vercel", category: "hosting" });
+  if (headers["fly-request-id"]) techs.push({ name: "Fly.io", category: "hosting" });
+  if (head.includes("tailwind")) techs.push({ name: "Tailwind", category: "css" });
+  if (head.includes("bootstrap")) techs.push({ name: "Bootstrap", category: "css" });
+  if (head.includes("react")) techs.push({ name: "React", category: "js" });
+  if (head.includes("vue")) techs.push({ name: "Vue.js", category: "js" });
+  if (head.includes("jquery")) techs.push({ name: "jQuery", category: "js" });
+
+  const security = {};
+  if (headers["strict-transport-security"]) security.hsts = true;
+  if (headers["content-security-policy"]) security.csp = true;
+  if (headers["x-frame-options"]) security.xframe = headers["x-frame-options"];
+
+  return { technologies: techs, security_headers: security, html_size: html.length };
+}
+
+async function pageMeta(url) {
+  const response = await fetch(url, {
+    signal: AbortSignal.timeout(10_000),
+    headers: { "User-Agent": "Mozilla/5.0 (compatible; web-intel-mcp/0.2)" },
+    redirect: "follow",
+  });
+  const html = await response.text();
+  const head = html.match(/<head[^>]*>([\s\S]*?)<\/head>/i)?.[1] || html.slice(0, 15000);
+
+  const getMeta = (name) => {
+    const m = head.match(new RegExp(`<meta[^>]*(?:name|property)=["']${name}["'][^>]*content=["']([^"']+)["']`, "i"))
+      || head.match(new RegExp(`<meta[^>]*content=["']([^"']+)["'][^>]*(?:name|property)=["']${name}["']`, "i"));
+    return m?.[1] || null;
+  };
+
+  return {
+    title: head.match(/<title[^>]*>([^<]+)<\/title>/i)?.[1]?.trim() || null,
+    description: getMeta("description"),
+    og_title: getMeta("og:title"),
+    og_description: getMeta("og:description"),
+    og_image: getMeta("og:image"),
+    og_type: getMeta("og:type"),
+    twitter_card: getMeta("twitter:card"),
+    canonical: head.match(/<link[^>]*rel=["']canonical["'][^>]*href=["']([^"']+)["']/i)?.[1] || null,
+    language: html.match(/<html[^>]*lang=["']([^"']+)["']/i)?.[1] || null,
+  };
+}
+
+function linkSafety(url) {
+  const signals = [];
+  let riskScore = 0;
+  const parsed = new URL(url);
+
+  if (parsed.protocol !== "https:") { signals.push("no-https"); riskScore += 30; }
+  const badTlds = [".tk", ".ml", ".ga", ".cf", ".gq", ".xyz", ".top", ".click", ".loan"];
+  if (badTlds.some((t) => parsed.hostname.endsWith(t))) { signals.push("suspicious-tld"); riskScore += 20; }
+  if (parsed.hostname.match(/^\d+\.\d+\.\d+\.\d+$/)) { signals.push("ip-address"); riskScore += 15; }
+  if (url.length > 200) { signals.push("long-url"); riskScore += 10; }
+  if (parsed.hostname.split(".").length > 5) { signals.push("deep-subdomains"); riskScore += 15; }
+
+  const verdict = riskScore >= 50 ? "dangerous" : riskScore >= 25 ? "suspicious" : "safe";
+  return { verdict, risk_score: Math.max(0, Math.min(100, riskScore)), signals };
+}
+
+// ---------------------------------------------------------------------------
+// MCP Tools
+// ---------------------------------------------------------------------------
+
+server.tool(
+  "web_investigate",
+  "Complete website investigation — DNS, SSL, tech stack, metadata, link safety. One call gives you everything about a website. Use this when you need to understand, verify, or analyze any website.",
+  { url: z.string().describe("Full URL to investigate (e.g. 'https://example.com')") },
+  async ({ url }) => {
+    const domain = new URL(url).hostname;
+
+    const [dnsResult, sslResult, techResult, metaResult] = await Promise.allSettled([
+      dnsLookup(domain),
+      sslCheck(domain),
+      techStack(url),
+      pageMeta(url),
+    ]);
+
+    const dnsData = dnsResult.status === "fulfilled" ? dnsResult.value : null;
+    const sslData = sslResult.status === "fulfilled" ? sslResult.value : null;
+    const techData = techResult.status === "fulfilled" ? techResult.value : null;
+    const metaData = metaResult.status === "fulfilled" ? metaResult.value : null;
+    const safety = linkSafety(url);
+
+    // Trust scoring
+    let trust = 50;
+    const flags = [];
+    if (safety.verdict === "dangerous") { trust -= 30; flags.push("Dangerous URL signals"); }
+    else if (safety.verdict === "safe") trust += 10;
+    if (sslData?.is_valid) trust += 10; else if (sslData && !sslData.is_valid) { trust -= 20; flags.push("Invalid SSL"); }
+    if (sslData?.is_expiring_soon) flags.push(`SSL expires in ${sslData.days_remaining}d`);
+    if (dnsData?.A?.length === 0) { trust -= 15; flags.push("No DNS A records"); }
+    if (dnsData?.mail_provider) trust += 5;
+    if (metaData?.title) trust += 5; else flags.push("No page title");
+    trust = Math.max(0, Math.min(100, trust));
+
+    const verdict = trust >= 70 ? "trustworthy" : trust >= 40 ? "questionable" : "risky";
+
+    const report = `## ${domain} — ${verdict} (${trust}/100)
+${flags.length > 0 ? `**Flags:** ${flags.join(", ")}\n` : ""}
+### DNS
+- IP: ${dnsData?.A?.[0] || "unknown"}
+- Nameservers: ${dnsData?.NS?.join(", ") || "unknown"}
+- Mail: ${dnsData?.mail_provider || "unknown"}
+- IPv6: ${dnsData?.has_ipv6 ? "yes" : "no"}
+
+### SSL
+- Issuer: ${sslData?.issuer || "unknown"}
+- Expires: ${sslData?.days_remaining ?? "?"}d (${sslData?.is_valid ? "valid" : "INVALID"})
+- SANs: ${sslData?.san?.slice(0, 5).join(", ") || "unknown"}
+
+### Technology
+${techData?.technologies?.map((t) => `- ${t.name} (${t.category})`).join("\n") || "- Unknown"}
+
+### Page
+- Title: ${metaData?.title || "none"}
+- Description: ${metaData?.description?.slice(0, 100) || "none"}
+- Language: ${metaData?.language || "unknown"}
+
+### Safety
+- Verdict: ${safety.verdict} (risk ${safety.risk_score}/100)
+${safety.signals.length > 0 ? safety.signals.map((s) => `- ${s}`).join("\n") : "- No issues detected"}`;
+
+    return { content: [{ type: "text", text: report }] };
+  },
+);
+
+server.tool(
+  "web_dns",
+  "Get DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME. Also detects mail provider (Google Workspace, Microsoft 365, etc). Use when you need to check domain configuration or troubleshoot DNS issues.",
+  { domain: z.string().describe("Domain name (e.g. 'example.com')") },
+  async ({ domain }) => {
+    const result = await dnsLookup(domain);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+  },
+);
+
+server.tool(
+  "web_ssl",
+  "Check SSL certificate for any domain — issuer, expiry, validity, SANs. Use when you need to verify HTTPS configuration or check if a certificate is expiring.",
+  { domain: z.string().describe("Domain name (e.g. 'example.com')") },
+  async ({ domain }) => {
+    const result = await sslCheck(domain);
+    const text = `${domain}: ${result.issuer}, ${result.days_remaining}d remaining, ${result.is_valid ? "valid" : "INVALID"}${result.is_expiring_soon ? " ⚠ EXPIRING SOON" : ""}\nSANs: ${result.san.join(", ")}`;
+    return { content: [{ type: "text", text }] };
+  },
+);
+
+server.tool(
+  "web_tech_stack",
+  "Detect technologies used by any website — frameworks, CMS, analytics, CDN, hosting, CSS, JS libraries, security headers. Use when you need to understand what a website is built with.",
+  { url: z.string().describe("Full URL (e.g. 'https://example.com')") },
+  async ({ url }) => {
+    const result = await techStack(url);
+    const lines = result.technologies.map((t) => `- ${t.name} (${t.category})`);
+    if (Object.keys(result.security_headers).length > 0) {
+      lines.push("", "Security headers:", ...Object.entries(result.security_headers).map(([k, v]) => `- ${k}: ${v}`));
+    }
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  },
+);
+
+server.tool(
+  "web_meta",
+  "Extract page metadata — title, description, Open Graph tags, Twitter cards, canonical URL, language. Use for SEO analysis or understanding page content without rendering.",
+  { url: z.string().describe("Full URL (e.g. 'https://example.com')") },
+  async ({ url }) => {
+    const result = await pageMeta(url);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+  },
+);
+
+server.tool(
+  "web_link_safety",
+  "Check if a URL is safe — detects suspicious TLDs, missing HTTPS, IP addresses, unusual patterns. Returns safe/suspicious/dangerous verdict. Use before recommending links to users.",
+  { url: z.string().describe("URL to check (e.g. 'https://example.com')") },
+  async ({ url }) => {
+    const result = linkSafety(url);
+    const text = `${url}: ${result.verdict} (risk ${result.risk_score}/100)${result.signals.length > 0 ? "\nSignals: " + result.signals.join(", ") : ""}`;
+    return { content: [{ type: "text", text }] };
+  },
+);
+
+// Start
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "web-intel-mcp",
+  "version": "0.2.0",
+  "description": "MCP server for web intelligence — DNS, SSL, tech stack, metadata, link safety. One tool to investigate any website. No API keys needed.",
+  "type": "module",
+  "bin": {
+    "web-intel-mcp": "./index.js"
+  },
+  "files": ["index.js", "README.md"],
+  "keywords": ["mcp", "mcp-server", "web-intel", "dns", "ssl", "tech-stack", "security", "claude-code", "model-context-protocol"],
+  "author": "Tedysek01",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Tedysek01/web-intel-mcp"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}