Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@FOFA Quake Hunter MCP ServerSearch FOFA for title='admin' and country='CN', show me 20 results"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
FOFA Quake Hunter MCP Server
一个用于查询 FOFA、Quake 和 Hunter 网络空间测绘平台的 MCP (Model Context Protocol) 服务器。
中文
功能特性
🔍 FOFA 查询: 支持 FOFA 网络空间测绘系统的资产查询
🌐 Quake 查询: 支持 360 Quake 网络空间测绘系统的深度查询
🦅 Hunter 查询: 支持奇安信鹰图平台的资产查询
🤖 AI 友好: 所有参数支持自然语言对话设置
⚙️ 灵活配置: 可按需配置单个或多个平台
安装
使用 uvx (推荐)
使用 pip
从源码安装
配置
在 MCP 客户端中配置
在 MCP 配置文件中添加(例如 Claude Desktop 的 claude_desktop_config.json 或 Kiro 的 .kiro/settings/mcp.json):
注意: 你可以只配置需要使用的平台,未配置的工具在调用时会返回友好的配置提示。
获取 API Key
FOFA: 登录 https://fofa.info → 个人中心 → API Key
Quake: 登录 https://quake.360.net → 个人中心 → 密钥管理
Hunter: 登录 https://hunter.qianxin.com → 个人中心 → API管理
功能说明
1. FOFA 查询 (fofa_search)
主要参数:
query: 查询语法(支持多种匹配和逻辑运算符)size: 返回条数(默认 100,最大 10000)page: 页码(默认 1)fields: 返回字段(默认:host,ip,port,domain,title)
匹配运算符:
=- 匹配(模糊匹配),=""时可查询不存在字段或值为空的情况==- 完全匹配,==""时可查询存在且值为空的情况!=- 不匹配,!=""时可查询值为空的情况*=- 模糊匹配,使用*或?通配符(个人版及以上)
逻辑运算符:
&&- 与(AND)||- 或(OR)()- 括号确认查询优先级
查询示例:
2. Quake 查询 (quake_search)
主要参数:
query: 查询语法(使用冒号语法:field:value)size: 返回条数(默认 100)include: 包含字段(逗号分隔,见下方可用字段列表)exclude: 排除字段(逗号分隔)pagination_id: 深度翻页 ID(5分钟有效)start_time/end_time: 时间范围(UTC格式:2020-10-14 00:00:00)
查询语法:
使用冒号
:连接字段和值,如port:443、title:"keyword"逻辑运算符:
AND、OR、NOT(大写)括号
()控制优先级
可用字段(注册用户 - 服务数据):
可用字段(会员用户 - 额外服务数据字段):
查询示例:
字段筛选示例:
⚠️ 常见字段错误:
❌
components→ ✅ 使用具体字段如components.product_name_cn❌
as_org→ ✅ 使用asn和org❌
as_organization→ ✅ 使用asn和org
3. Hunter 查询 (hunter_search)
主要参数:
query: 查询语法(使用等号语法:field="value")page_size: 每页条数(可选:10/50/100,默认 10)page: 页码(默认 1)is_web: 资产类型(1=web资产,2=非web资产,3=全部)fields: 返回字段start_time/end_time: 时间范围(格式:YYYY-MM-DD)
匹配运算符:
=- 模糊查询,查询包含关键词的资产==- 精确查询,查询有且仅有关键词的资产!=- 模糊剔除,剔除包含关键词的资产。使用!=""可查询值不为空的情况!==- 精确剔除,剔除有且仅有关键词的资产
逻辑运算符:
&&- 与(AND)||- 或(OR)()- 括号内表示查询优先级最高
查询示例:
AI 对话示例
功能对比
功能 | FOFA | Quake | Hunter |
返回条数控制 | ✅ size (1-10000) | ✅ size (1-500) | ✅ page_size (10/50/100) |
字段控制 | ✅ fields | ✅ include/exclude | ✅ fields |
翻页 | ✅ page | ✅ pagination_id | ✅ page |
时间范围 | ❌ | ✅ start_time/end_time | ✅ start_time/end_time |
资产类型筛选 | ❌ | ❌ | ✅ is_web |
开发
许可证
MIT License - 详见 LICENSE 文件
贡献
欢迎提交 Issue 和 Pull Request!
English
Features
🔍 FOFA Search: Query FOFA cyberspace mapping platform
🌐 Quake Search: Query 360 Quake cyberspace mapping platform with deep pagination
🦅 Hunter Search: Query Qianxin Hunter (鹰图) platform
🤖 AI-Friendly: All parameters support natural language configuration
⚙️ Flexible Config: Configure only the platforms you need
Installation
Using uvx (Recommended)
Using pip
From Source
Configuration
Configure in MCP Client
Add to your MCP configuration file (e.g., Claude Desktop's claude_desktop_config.json or Kiro's .kiro/settings/mcp.json):
Note: You can configure only the platforms you need. Unconfigured tools will show friendly setup instructions when called.
Get API Keys
FOFA: Login to https://fofa.info → Personal Center → API Key
Quake: Login to https://quake.360.net → Personal Center → Key Management
Hunter: Login to https://hunter.qianxin.com → Personal Center → API Management
Tools
1. FOFA Search (fofa_search)
Key Parameters:
query: Search query (e.g.,body="admin",domain="example.com")size: Number of results (default: 100, max: 10000)page: Page number (default: 1)fields: Fields to return (default:host,ip,port,domain,title)
Query Examples:
2. Quake Search (quake_search)
Key Parameters:
query: Search query (e.g.,title:"admin",ip:1.1.1.1)size: Number of results (default: 100)include: Fields to include (e.g.,ip,port,service.http.title)exclude: Fields to excludepagination_id: Pagination ID for deep paging (5-minute expiry)start_time/end_time: Time range (UTC format)
Query Examples:
3. Hunter Search (hunter_search)
Key Parameters:
query: Search query (e.g.,web.body="admin",ip="1.1.1.1")page_size: Results per page (options: 10/50/100, default: 10)page: Page number (default: 1)is_web: Asset type (1=web assets, 2=non-web assets, 3=all)fields: Fields to returnstart_time/end_time: Time range (format: YYYY-MM-DD)
Query Examples:
Feature Comparison
Feature | FOFA | Quake | Hunter |
Result Count | ✅ size (1-10000) | ✅ size (1-500) | ✅ page_size (10/50/100) |
Field Control | ✅ fields | ✅ include/exclude | ✅ fields |
Pagination | ✅ page | ✅ pagination_id | ✅ page |
Time Range | ❌ | ✅ start_time/end_time | ✅ start_time/end_time |
Asset Type Filter | ❌ | ❌ | ✅ is_web |
Development
License
MIT License - see LICENSE file for details
Contributing
Issues and Pull Requests are welcome!