Provides a unified API layer for querying threat intelligence from multiple abuse.ch platforms including MalwareBazaar, URLhaus, and ThreatFox, enabling comprehensive reports on files, URLs, IPs, and domains for cybersecurity analysis.
abusech-mcp 🚦
abusech-mcp is an MCP server that fetches threat intelligence from multiple abuse.ch platforms, including MalwareBazaar, URLhaus, and ThreatFox.
Features
- Unified VT-like API for querying file, URL, IP, and domain intelligence
- Uses Pydantic schemas for robust data validation and serialization
- Powered by fastmcp:
- Unified API layer: Directly use functions from
abusech_intel.pyto obtain correlated intelligence from abuse.ch platforms—serving as a unified API layer since the platforms themselves do not provide one
Requirements
- Python 3.10+
- abuse.ch API key (set as
ABUSECH_API_KEYenvironment variable)
Usage
Start the MCP server:
Available Tools
get_ip_report(ip: str): Get a comprehensive IP report from URLhaus and ThreatFoxget_domain_report(domain: str): Get a domain report from URLhaus and ThreatFoxget_url_report(url: str): Get a URL report from URLhaus and ThreatFoxget_file_report(hash_value: str): Get a file report (MD5/SHA-1/SHA-256) from MalwareBazaar, URLhaus, and ThreatFox
Configuration
Set your API key as an environment variable:
License
MIT License
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Enables querying threat intelligence data about files, URLs, IPs, and domains from multiple abuse.ch platforms (MalwareBazaar, URLhaus, and ThreatFox) through a unified API. Provides comprehensive security reports and threat analysis data for cybersecurity investigations.