Irtoolshed MCP Server

The IR Toolshed MCP Server is a comprehensive model context protocol server that provides incident response and network analysis tools for security professionals, supporting various network analysis functions such as ASN query, DNS query, WHOIS record retrieval, and IP geolocation.

Security Developer tools #Network security #Incident response #Network analysis #Intelligence query .Python

rating : 2.5 points

downloads : 23

update time : 2025-04-29

What is the IR Toolshed MCP Server?

This is a service platform specifically designed for network security incident response. It provides various network analysis tools through standardized protocols to help security personnel quickly obtain network asset information.

How to use this service?

After connecting to the server through a client that supports the MCP protocol (such as Claude Desktop), you can directly call the tool functions to obtain network information.

Applicable scenarios

Security research scenarios such as network security incident investigation, suspicious domain name/IP analysis, threat intelligence collection, and network asset mapping.

Main features

ASN queryQuery the autonomous system number (ASN) and the affiliated organization through the IP address.

DNS resolutionSupports domain name resolution of multiple record types (A/AAAA/MX/NS/TXT).

WHOIS queryObtain domain name registration information, including the owner, registration time, and DNS servers.

IP locationIP geolocation query based on the MaxMind database (a license needs to be configured).

Advantages and limitations

Advantages

Integrates multiple commonly used network analysis tools in one stop.

Standardized interfaces facilitate integration and invocation by AI systems.

Detailed tool documentation and error handling mechanisms.

Supports dual-stack queries for IPv4/IPv6.

Limitations

The geolocation function requires additional configuration of a MaxMind license.

WHOIS queries may be restricted by service providers.

Some functions depend on the availability of third - party APIs.

How to use

Installation preparation

Ensure that Python 3.8+ and the uv package manager are installed.

Get the code

Clone the repository and enter the project directory.

Configure the environment

Create and activate a virtual environment.

Install dependencies

Install the project's dependent packages.

Start the service

Run the development server.

Usage examples

Investigate a suspicious IPWhen suspicious network activities are detected, quickly locate the affiliated organization and geographical location of the IP.

Verify the authenticity of a domain nameCheck the registration information and DNS records of a suspicious domain name.

Frequently Asked Questions

Why does the geolocation tool return an error?

Why doesn't the WHOIS query return complete information?

How to add a new analysis tool?

Related resources

MaxMind free license application

Obtain the free license key required for the geolocation function.

uv package manager

The recommended Python package management tool for the project.

MCP protocol description

Official documentation for the Model Context Protocol.

🚀 Security Response Toolkit MCP Server

The Security Response Toolkit MCP Server offers a comprehensive Model Context Protocol (MCP) server for security professionals, featuring event response and network analysis tools. It enables AI agents like Claude to perform various network queries and analyses to assist in security investigations.

🚀 Quick Start

The Security Response Toolkit MCP Server provides a series of network and security tools accessible via the Model Context Protocol. It is designed as a general-purpose service for cybersecurity incident responders, allowing them to perform basic lookup operations, including:

✓ ASN Lookup ✓ DNS Record Lookup (A, AAAA, MX, etc.) ✓ WHOIS Record Retrieval ✓ IP Geolocation Service

✨ Features

1. ASN Lookup

Function: Query the Autonomous System Number (ASN) and related details for a given IP.
Input: A valid IPv4 or IPv6 address.
Output: A JSON response containing the ASN, organization name, registrar, and geographical location.

2. DNS Record Lookup

Function: Look up DNS records (A, AAAA, MX, etc.) for a specified domain name.
Input: A valid domain name.
Output: Detailed information about all relevant DNS record types, such as A, AAAA, MX, etc.

3. WHOIS Record Retrieval

Function: Retrieve the WHOIS registration information for a specified domain name.
Input: A valid domain name.
Output: A JSON response containing details such as the registrar, registrant, creation date, expiration date, etc.

4. IP Geolocation Service

Function: Obtain geographical location information based on an IP address.
Input: A valid IPv4 or IPv6 address.
Output: A JSON response containing details such as the country, city, postal code, latitude, longitude, and time zone.

🔧 Technical Details

Error Handling

Each tool follows a consistent error handling pattern:

Generic Error Response Format:

{
    "status": "error",
    "error": "Detailed error message",
    "query": "Original query value"
}

Tool-Specific Error Examples:

ASN Lookup:

{
    "ip_addr": "<Queried IP>",
    "status": "error",
    "error": "Invalid IP address format"
}

DNS Lookup:

{
    "domain": "<Queried domain>",
    "record_type": "<Requested type>",
    "status": "error",
    "error": "DNS resolution failed"
}

WHOIS Lookup:

{
    "domain": "<Queried domain>",
    "status": "error",
    "error": "WHOIS server unavailable"
}

Geolocation:

{
    "ip_addr": "<Queried IP>",
    "status": "error",
    "error": "MaxMind database not found or license key invalid"
}

Project Structure

The project follows a standard Python package structure:

irtoolshed_mcp_server/     # Main package directory
├── __init__.py           # Package initialization
├── asnlookup.py         # ASN lookup functionality
├── dnslookup.py         # DNS lookup functionality
├── geolookup.py         # Geolocation functionality
├── mcp_server.py        # Main MCP server implementation
└── whoislookup.py       # WHOIS lookup functionality

tests/                    # Test directory
├── test_asnlookup.py    # ASN lookup tests
├── test_dnslookup.py    # DNS lookup tests
├── test_geolookup.py    # Geolocation tests
└── test_whoislookup.py  # WHOIS lookup tests

📦 Installation

Setting up the Development Environment

Clone this repository:

git clone <repository-url>
cd ir-toolshed-mcp-server

Create a virtual environment and install dependencies:

uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e ".[dev]"

Running Tests

To run the test suite:

uv run pytest

This will:

Run all tests in the tests/ directory.
Display test coverage information.
Show detailed output for any failures.

Note: Some tests require additional configuration:

Geolocation tests require the MaxMind GeoLite2 database and a license key.
WHOIS tests may fail if the WHOIS service is unavailable.

Code Quality

The project uses various tools to maintain code quality:

Format code using Black:

uv run black .

Sort imports using isort:

uv run isort .

Run type checking using mypy:

uv run mypy .

Run linting using ruff:

uv run ruff .

📚 Documentation

Future Plans

Completed: ✓ ASN Lookup ✓ DNS Record Lookup (A, AAAA, MX, etc.)

Featured MCP Services

Duckduckgo MCP Server

Certified

The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.

The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.

TypeScript

4.3 points

Markdownify MCP

Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.

A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.

UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.

563

5 points

Figma Context MCP

Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.

The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.

A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.

TypeScript

282

4.5 points

Zhiqi Future, Your AI Solution Think Tank

English 简体中文繁體中文にほんご