Model Context Protocol (MCP) server that lets LLMs query ZoomEye and retrieve real-time network-asset intelligence with caching, retry and error-handling.
https://github.com/zoomeye-ai/mcp_zoomeyeStop switching between your AI assistant and browser tabs when conducting network reconnaissance. The ZoomEye MCP server brings one of the world's largest network asset databases directly into your AI workflows, turning your assistant into a powerful OSINT research partner.
You're deep in threat research, building context around an attack campaign. Your current process probably looks like this: ask your AI assistant to analyze indicators, switch to ZoomEye's web interface, craft search queries, copy results back to your chat, repeat. Every context switch breaks your flow and fragments your analysis.
Meanwhile, ZoomEye's API sits there with real-time data on 163+ million network assets, perfect for your AI assistant to query directly—if only it could access it.
The ZoomEye MCP server eliminates the context switching entirely. Your AI assistant can now:
Instead of manually crafting dork queries and copying results, you simply ask: "Show me all Apache Tomcat servers in Germany with SSL certificates expiring this month" and get structured data back instantly.
This isn't a weekend hack—it's designed for serious security research:
Smart Caching: Query results are cached locally, so you're not burning through API limits when revisiting the same assets during an investigation.
Automatic Retry Logic: Network timeouts don't break your research flow. The server handles transient failures gracefully and keeps your queries running.
Comprehensive Error Handling: Clear error messages help you understand API limits, authentication issues, or malformed queries without breaking your assistant's context.
Flexible Field Selection: Pull only the asset fields you need—reduce response size and focus on relevant intelligence.
Threat Intelligence Research: Track infrastructure changes for known threat actors. Query for specific certificate authorities, server configurations, or hosting providers associated with malicious campaigns.
Attack Surface Assessment: Map your organization's external footprint by querying for your ASN ranges, certificate subjects, or technology stacks across different geographical regions.
Vulnerability Research: Find exposed instances of specific software versions when new CVEs drop. Query for exact version strings and get real-time asset counts.
Incident Response: During active incidents, quickly gather context on suspicious IP addresses—hosting provider, open ports, service banners, geographic location, and historical data.
Works immediately with your existing AI setup:
The server runs locally, so your queries and results stay on your infrastructure. No data leaves your environment except for the API calls to ZoomEye.
uvx mcp-server-zoomeyeThe server includes intelligent caching and retry logic out of the box, so it's immediately ready for heavy research workflows.
Your AI assistant already excels at analysis and correlation—now give it access to real-time network intelligence. The combination transforms both tools into something more powerful than either could be alone.
Whether you're tracking APT infrastructure, assessing attack surfaces, or researching new vulnerabilities, having ZoomEye's database as a native capability in your AI toolkit changes how you approach security research entirely.