fastmcp-threatintel
AI-Powered Threat Intelligence MCP tool
claude mcp add --transport stdio 4r9un-fastmcp-threatintel threatintel server --port 8000 \ --env OTX_API_KEY="your_alienvault_otx_api_key" \ --env IPINFO_API_KEY="optional_ipinfo_api_key" \ --env ABUSEIPDB_API_KEY="optional_abuseipdb_api_key" \ --env VIRUSTOTAL_API_KEY="your_virustotal_api_key"
How to use
FastMCP ThreatIntel provides an AI-powered threat intelligence workflow with MCP integration. The server exposes an API-compatible interface that lets AI assistants and CLIs query multi-source threat data from VirusTotal, OTX, AbuseIPDB, and IPInfo, and then produce actionable threat reports with MITRE ATT&CK mappings and IOC detection. You can run the MCP server to enable natural language prompts from AI assistants (e.g., Claude Desktop, Roo-Cline in VSCode) to analyze IOCs like IPs, domains, URLs, and file hashes. Use the interactive threatintel CLI or the MCP endpoint to fit into your automation pipelines; the server can output HTML reports, JSON exports, or STIX-friendly data for downstream tooling.
How to install
Prerequisites:
- Python 3.10+ and pip
- Access to required APIs: VirusTotal, OTX, optionally AbuseIPDB and IPInfo
Install via PyPI and run the MCP-enabled server:
# Install the Python package from PyPI
pip install fastmcp-threatintel
# (Optional) Create a virtual environment
python -m venv venv
source venv/bin/activate # on Unix or venv\Scripts\activate.bat on Windows
# Run the MCP server (example port 8000)
threatintel server --port 8000
Configure API keys (example using a .env or environment variables):
export VIRUSTOTAL_API_KEY=your_virustotal_api_key
export OTX_API_KEY=your_alienvault_otx_api_key
export ABUSEIPDB_API_KEY=your_abuseipdb_api_key # optional
export IPINFO_API_KEY=your_ipinfo_api_key # optional
If you prefer Docker:
docker pull arjuntrivedi/fastmcp-threatintel:latest
docker run -e VIRUSTOTAL_API_KEY=your_key \
-e OTX_API_KEY=your_key \
arjuntrivedi/fastmcp-threatintel:latest \
threatenintel server --port 8000
For UV/Developer setup (optional):
git clone https://github.com/4R9UN/fastmcp-threatintel.git
cd fastmcp-threatintel
uv sync
uv run threatintel setup
uv run threatintel interactive
Additional notes
Notes:
- Ensure API keys are kept secure and not committed to version control. Use environment variables or a secret manager.
- The MCP integration examples assume the server is reachable at the specified port (e.g., 8000). Open firewall rules if running in a cloud environment.
- Output formats include HTML, JSON, and STIX; configure your clients to request the desired format.
- If running behind a reverse proxy, ensure proper routing and TLS termination for MCP endpoints.
- In Docker, you can pass API keys via environment variables as shown; you can also mount a .env file if preferred.
Related MCP Servers
mcp
Official MCP Servers for AWS
cursor-notebook
Model Context Protocol (MCP) server designed to allow AI agents within Cursor to interact with Jupyter Notebook (.ipynb) files
PixVerse
Official PixVerse Model Context Protocol (MCP) server that enables interaction with powerful AI video generation APIs.
MiniMax-Coding-Plan
Specialized MiniMax Model Context Protocol (MCP) server designed for coding-plan users, featuring AI-powered search and vision analysis APIs optimized for code development workflows
ms-sentinel
MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.
MCP-Mathematics
A comprehensive Model Context Protocol (MCP) server that turns any AI assistant into a powerful mathematical computation engine.
