AIBase
EN
Explore
MCP Threatintel
M

MCP Threatintel

The MCP Threat Intelligence Server provides the ability to access multiple threat intelligence sources in a unified manner, supports queries for IPs, domain names, hashes, and URLs, integrates platforms such as AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch, and allows botnet tracking using Feodo Tracker without an API key.
SecurityResearch and data#Threat Intelligence#Security Analysis#Multi-Source Query#Botnet Tracking.TypeScript
2 points
0
Open Site

Overview

Installation

Content Details

Alternatives

What is the MCP Threat Intelligence Server?

This is a Model Context Protocol (MCP) server specifically designed for security researchers, incident responders, and threat analysts. It allows you to query multiple threat intelligence sources through a unified interface without switching between different platforms. Whether you're checking an IP address, domain name, file hash, or URL, you can complete all queries in one place.

How to use the threat intelligence server?

First, you need to configure Claude Desktop or Claude Code, add the server configuration, and set the API key. Then you can query threat intelligence by asking questions in natural language, such as 'Check if this IP is malicious' or 'Find the reputation information of this domain name'. The server will automatically distribute your query to all configured intelligence sources and aggregate the results.

Use cases

Suitable for security incident investigations, threat hunting, malware analysis, network monitoring, and daily security operations. Particularly suitable for scenarios where you need to quickly verify threat indicators, correlate information from different intelligence sources, or reduce false positives.

Main Features

Unified Query
Supports unified queries for IP addresses, domain names, file hashes (MD5/SHA1/SHA256), and URLs. You can obtain results from multiple intelligence sources in a single query.
Multi-Source Integration
Integrates multiple authoritative threat intelligence sources such as AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch (URLhaus, MalwareBazaar, ThreatFox, Feodo Tracker).
Free Tier Friendly
Supports the free API tiers of each service. Feodo Tracker can even be used without an API key, reducing the usage threshold.
Graceful Degradation
When a certain intelligence source is unavailable, other sources can still work normally, ensuring high availability of the query service.
Botnet Tracking
Track active botnet C2 servers for free through Feodo Tracker, including threats such as QakBot, Emotet, and Dridex.
Threat Pulses
Access the threat pulses of AlienVault OTX to get the latest threat intelligence and attack activity information.
Advantages
One-stop query: No need to switch between multiple browser tabs. All intelligence source queries are completed in one interface.
Time-saving: Query multiple intelligence sources in parallel, significantly improving investigation efficiency.
Intelligence correlation: Automatically correlate information from different intelligence sources to provide a more comprehensive threat view.
Cost-effective: Make full use of the free tiers of each service to reduce operating costs.
Easy to integrate: Easily integrate into AI assistants such as Claude through the MCP protocol.
Zero-configuration available: The Feodo Tracker function can still work normally even without an API key.
Limitations
API limitations: The free tier has query frequency limitations, which may affect large-scale queries.
Dependence on external services: Service availability depends on the stability of third-party APIs.
Requires configuration: You need to manually configure the API key to use all functions.
Data delay: Data updates from some intelligence sources may be delayed.
Function limitations: The free tier may not have access to certain advanced functions or historical data.

How to Use

Get API Keys
Go to the corresponding websites to register and obtain API keys according to the intelligence sources you need to use. AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch all offer free tiers.
Configure Claude Desktop
Add the MCP server configuration to the Claude Desktop configuration file. macOS users edit ~/Library/Application Support/Claude/claude_desktop_config.json, and Windows users edit %APPDATA%\Claude\claude_desktop_config.json.
Restart Claude
Restart Claude Desktop or Claude Code after saving the configuration file, and the server will start automatically.
Start Querying
Ask questions to Claude in natural language, such as 'Check this IP address' or 'Find the threat intelligence of a domain name'.

Usage Examples

IP Address Investigation
In a security incident response, you receive a suspicious IP address and need to quickly verify its threat level.
Domain Reputation Check
You receive a suspicious email containing a link to a domain name and need to verify if it is malicious.
File Hash Verification
You need to verify if a downloaded suspicious file is a known malware.
Botnet Monitoring
Monitor the currently active botnet infrastructure to strengthen defense.
Threat Intelligence Search
Search for the latest intelligence on specific threat activities.

Frequently Asked Questions

Can I use it without an API key?
What are the limitations of the free tier?
What should I do if the query results are incomplete?
How can I get API keys?
How often is the data updated?
Which file hash types are supported?
What should I do if I encounter a '429 Too Many Requests' error?

Related Resources

GitHub Repository
Project source code, issue tracking, and contribution guidelines
Model Context Protocol Official Website
Official documentation and specifications of the MCP protocol
AlienVault OTX
Open-source threat intelligence exchange platform
AbuseIPDB
IP address abuse reporting database
GreyNoise
Internet background noise analysis
abuse.ch Projects
A collection of multiple threat intelligence projects
Related MCP Projects
Shodan Internet scanning MCP server

Installation

Copy the following command to your Client for configuration
{
  "mcpServers": {
    "threatintel": {
      "command": "npx",
      "args": ["-y", "mcp-threatintel-server"],
      "env": {
        "OTX_API_KEY": "your-otx-api-key",
        "ABUSEIPDB_API_KEY": "your-abuseipdb-api-key",
        "GREYNOISE_API_KEY": "your-greynoise-api-key",
        "ABUSECH_AUTH_KEY": "your-abusech-auth-key"
      }
    }
  }
}
Note: Your key is sensitive information, do not share it with anyone.

Alternatives

P
Praisonai
PraisonAI is a production-ready multi-AI agent framework with self-reflection capabilities, designed to create AI agents to automate the solution of various problems from simple tasks to complex challenges. It simplifies the construction and management of multi-agent LLM systems by integrating PraisonAI agents, AG2, and CrewAI into a low-code solution, emphasizing simplicity, customization, and effective human-machine collaboration.
Python
4.7K
5 points
M
Maverick MCP
MaverickMCP is a personal stock analysis server based on FastMCP 2.0, providing professional level financial data analysis, technical indicator calculation, and investment portfolio optimization tools for MCP clients such as Claude Desktop. It comes pre-set with 520 S&P 500 stock data, supports multiple technical analysis strategies and parallel processing, and can run locally without complex authentication.
Python
8.2K
4 points
K
Klavis
Klavis AI is an open-source project that provides a simple and easy-to-use MCP (Model Context Protocol) service on Slack, Discord, and Web platforms. It includes various functions such as report generation, YouTube tools, and document conversion, supporting non-technical users and developers to use AI workflows.
TypeScript
15.8K
5 points
A
Aderyn
Aderyn is an open - source Solidity smart contract static analysis tool written in Rust, which helps developers and security researchers discover vulnerabilities in Solidity code. It supports Foundry and Hardhat projects, can generate reports in multiple formats, and provides a VSCode extension.
Rust
9.4K
5 points
S
Scrapling
Scrapling is an adaptive web scraping library that can automatically learn website changes and re - locate elements. It supports multiple scraping methods and AI integration, providing high - performance parsing and a developer - friendly experience.
Python
12.9K
5 points
A
Apple Health MCP
An MCP server for querying Apple Health data via SQL, implemented based on DuckDB for efficient analysis, supporting natural language queries and automatic report generation.
TypeScript
11.0K
4.5 points
M
MCP Server Airbnb
Certified
MCP service for Airbnb listing search and details query
TypeScript
14.8K
4 points
M
MCP Scan
MCP-Scan is a security scanning tool for MCP servers, used to detect common security vulnerabilities such as prompt injection, tool poisoning, and cross-domain escalation.
Python
17.5K
5 points
M
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
29.9K
5 points
G
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
19.4K
4.3 points
D
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
58.2K
4.3 points
N
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
18.8K
4.5 points
F
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
54.8K
4.5 points
U
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
26.2K
5 points
G
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
18.6K
4.5 points
C
Context7
Context7 MCP is a service that provides real-time, version-specific documentation and code examples for AI programming assistants. It is directly integrated into prompts through the Model Context Protocol to solve the problem of LLMs using outdated information.
TypeScript
80.4K
4.7 points
AIBase
Zhiqi Future, Your AI Solution Think Tank
English简体中文繁體中文にほんご
© 2026AIBase