The mcp_zoomeye is an MCP server designed to empower AI models with network asset intelligence. As a specialized resource within the MCP ecosystem, it enables Large Language Models (LLMs) to query the ZoomEye search engine using dorks and other search parameters, providing valuable insights into internet-connected devices, services, and potential vulnerabilities.

This server acts as a bridge, allowing AI models to seamlessly access and analyze real-world network data. Key features include a caching mechanism for improved performance, automatic retry logic for API requests, and comprehensive error handling. By integrating mcp_zoomeye, developers can equip their AI applications with the ability to proactively identify security risks, conduct in-depth network reconnaissance, and enhance overall situational awareness. The server can be installed via PIP, Docker, or uv, and configured to work with popular AI assistants and development environments. It leverages the ZoomEye API, requiring a valid API key for authentication.

Network Asset Search via Dorks

The core function of mcp_zoomeye is to enable AI models to search for network asset information using ZoomEye's powerful dorking capabilities. This allows LLMs to leverage ZoomEye's extensive database of internet-connected devices, services, and vulnerabilities by formulating specific search queries. The server receives a base64 encoded query string (qbase64) from the AI model, which is then passed to the ZoomEye API. The results, containing details about matching network assets, are returned to the AI model in a structured JSON format. This process allows AI models to understand the external network landscape and integrate real-world data into their reasoning and decision-making processes.

For example, an AI assistant could use mcp_zoomeye to identify all publicly accessible web servers running a specific version of Apache. The AI could then analyze these servers for known vulnerabilities, providing valuable insights for cybersecurity assessments. The qbase64 parameter would contain the base64 encoded dork app:"Apache <version>".

Caching for Performance

To optimize performance and reduce unnecessary API calls to ZoomEye, mcp_zoomeye implements a caching mechanism. When a query is received, the server first checks if the results for that specific query are already stored in the cache. If a cached response is found and is still valid (within the configurable cache duration, defaulting to 1 hour), it is immediately returned to the AI model. This significantly reduces latency and conserves ZoomEye API usage. The caching mechanism is transparent to the AI model, which receives the same results regardless of whether they are served from the cache or directly from the ZoomEye API.

Consider an AI model that frequently requests information about a specific set of critical infrastructure devices. By caching the responses, mcp_zoomeye minimizes the load on the ZoomEye API and ensures that the AI model receives timely information, even during periods of high demand. The ignore_cache parameter can be set to true to bypass the cache and force a fresh query to ZoomEye.

Automatic Retry Mechanism

mcp_zoomeye incorporates an automatic retry mechanism to handle transient API request failures. Intermittent network issues or temporary ZoomEye API unavailability can cause requests to fail. To mitigate this, the server automatically retries failed API requests a configurable number of times (with an exponential backoff strategy) before returning an error to the AI model. This enhances the reliability and robustness of the integration, ensuring that the AI model can still obtain the necessary information even in the face of occasional disruptions.

Imagine an AI-powered security monitoring system that relies on mcp_zoomeye to continuously scan for newly exposed devices. If the ZoomEye API experiences a brief outage, the retry mechanism will automatically attempt to resend the queries, minimizing the impact on the monitoring system's effectiveness. This feature is implemented using standard Python libraries for handling HTTP requests and managing retry logic.

Flexible Data Filtering

The mcp_zoomeye server allows for precise control over the data returned from ZoomEye through the fields parameter. This parameter enables AI models to specify exactly which fields of network asset information are needed, reducing the amount of data transferred and processed. By requesting only the relevant fields, AI models can optimize their performance and focus on the information that is most critical for their specific tasks. This feature supports a wide range of fields, including IP address, port, domain, service, operating system, country, and city.

For example, an AI model designed to identify potential phishing targets might only need the domain name, IP address, and SSL certificate information. By specifying these fields in the fields parameter, the AI model can avoid receiving unnecessary data, improving its efficiency and reducing its computational load. The server parses the fields parameter and constructs the appropriate ZoomEye API request to retrieve only the specified data.