Connects to five threat intelligence sources: AlienVault OTX for community threat pulses, AbuseIPDB for IP reputation scoring, GreyNoise to distinguish internet noise from targeted attacks, and abuse.ch projects including URLhaus, MalwareBazaar, ThreatFox, and Feodo Tracker. Exposes unified lookup tools that query IPs, domains, file hashes, and URLs across all configured sources simultaneously, plus source-specific operations like searching OTX pulses or pulling active botnet C2 lists from Feodo. Works without any API keys for Feodo Tracker data, and gracefully degrades when other sources aren't configured. Reach for this when you're doing security research or incident response and want to correlate intelligence without opening browser tabs for each service.
claude mcp add --transport stdio aplaceforallmystuff-mcp-threatintel uvx mcp-threatintel