-
Notifications
You must be signed in to change notification settings - Fork 124
Modules: Tenant MCP Recon
AvishaiEZen edited this page Dec 10, 2025
·
1 revision
Discovers Model Context Protocol (MCP) server URLs from a tenant's collected connector resources and enumerates their capabilities. This module analyzes data collected by the recon command to identify MCP-enabled connectors and optionally probes them for capabilities.
MCP (Model Context Protocol) is a standard for connecting AI assistants to external tools and data sources. This module helps identify MCP servers which are discovered for a tenant you have user access to (e.g., via Guest user collaboration) through Power Platform connectors.
Run the recon command first to collect tenant connector data:
powerpwn recon -t <tenant-id>Or use the -r flag to run recon automatically before MCP scanning.
# Basic MCP recon (auto-probes discovered servers)
powerpwn tenant-mcp-recon -t <tenant-id>
# Run recon first, then MCP scan
powerpwn tenant-mcp-recon -t <tenant-id> -r
# Save results to file
powerpwn tenant-mcp-recon -t <tenant-id> -o mcp_results.json
# Skip probing (discovery only)
powerpwn tenant-mcp-recon -t <tenant-id> --no-probe
# Output URLs only (ideal for piping to other tools)
powerpwn tenant-mcp-recon -t <tenant-id> --urls-only -o urls.txt
# Custom timeout and concurrency
powerpwn tenant-mcp-recon -t <tenant-id> --timeout 30 --max-concurrent 10| Parameter | Description | Default |
|---|---|---|
-t, --tenant
|
Tenant ID to scan | — |
--cache-path |
Path to collected resources and data | Default cache path |
-o, --output
|
Output file for results (JSON or TXT) | — |
-r, --recon
|
Run recon before MCP scan | False |
--no-probe |
Skip probing discovered MCP servers | False |
--urls-only |
Output only server URLs (text format) | False |
--timeout |
Timeout for probing servers (seconds) | 15 |
--max-concurrent |
Maximum concurrent probe connections | 5 |
- Default (with probing): JSON file with server details and capabilities
-
--urls-only: Simple text file with one URL per line -
--no-probe: Text file with discovered URLs (no capability enumeration)
Open Chatgpt