Security Intelligence MCP Server

Security Intelligence MCP Server

Provides a unified interface for security analysts to gather threat intelligence from multiple sources including VirusTotal, Shodan, NVD, AnyRun, AlienVault OTX, and GitHub.

Category
Visit Server

README

Security Intelligence MCP Server

A Model Context Protocol (MCP) server that provides a unified interface for security analysts to gather threat intelligence from VirusTotal, Shodan, NVD, AnyRun, AlienVault OTX, and GitHub.

Features

This server implements a set of tools that allow an LLM to perform the following operations:

VirusTotal

  • vt_file_report: Retrieve analysis reports for file hashes (MD5, SHA1, SHA256).
  • vt_url_report: Retrieve analysis reports for URLs.
  • vt_domain_report: Retrieve analysis reports for domains.
  • vt_ip_report: Retrieve analysis reports for IP addresses.

Shodan

  • shodan_host_info: Get detailed host information for a specific IP.
  • shodan_search: Search for hosts matching a specific query.

NVD (National Vulnerability Database)

  • nvd_cve_details: Get detailed information for a specific CVE ID.
  • nvd_search: Search for CVEs using keywords with optional date range filtering (daysBack, pubStartDate/pubEndDate, lastModStartDate/lastModEndDate), pagination (resultsPerPage, startIndex).

AnyRun

  • anyrun_task_details: Get details for a specific sandbox task.
  • anyrun_search: Search for tasks matching a query.
  • anyrun_submit_url: Submit a URL for analysis.
  • anyrun_submit_file: Submit a local file for analysis.
  • anyrun_get_report: Retrieve the final analysis report.

AlienVault OTX

  • otx_indicator_details: Get detailed information for an indicator. Returns all available sections (reputation, geo, malware, url_list, passive_dns, analysis) or a specific section if requested. Supports types: IPv4, IPv6, domain, hostname, file, url.
  • otx_indicator_pulses: Find all OTX Pulses associated with an indicator.
  • otx_pulse_details: Get full details of a specific threat pulse.
  • otx_search_pulses: Search for pulses by keyword.
  • otx_subscribed_pulses: Get your subscribed pulse feed (paginated).
  • otx_recent_activity: Get recent OTX community activity (paginated).

GitHub

  • github_search_advisories: Search GitHub for security advisories and vulnerability discussions.
  • github_search_poc: Search GitHub for exploit PoC code related to a CVE or vulnerability.

Sigma Rule Generator

  • generate_sigma_rules: Generate Sigma detection rules (YAML) from threat indicators. Accepts enriched indicators (IPs, domains, URLs, file hashes, CVEs) with optional descriptions, references, and tags. Supports single mode (all indicators in one rule) or separate mode (one rule per indicator). Configurable severity level, status, and author.

Quick Start Guide

Prerequisites

  • Node.js (v18 or higher)
  • API Keys for the following services:
    • VirusTotal
    • Shodan
    • NVD
    • AnyRun
    • AlienVault OTX
    • GitHub

Installation

  1. Clone the repository or navigate to the project folder:

    cd kb-mcp

  2. Install dependencies:

    npm install

  3. Configure environment variables: Create a .env file in the root directory and add your API keys:

    VIRUSTOTAL_API_KEY=your_vt_key_here
SHODAN_API_KEY=your_shodan_key_here
NVD_API_KEY=your_nvd_key_here
ANYRUN_API_KEY=your_anyrun_key_here
ALIENVAULT_OTX_API_KEY=your_otx_key_here
GITHUB_TOKEN=your_github_token_here

  4. Build the project:

    npm run build

Running the Server

You can start the server in stdio mode:

npm start

Integration with MCP Clients (e.g., Claude Desktop)

Add the following configuration to your MCP settings file:

{
  "mcpServers": {
    "security-intelligence": {
      "command": "node",
      "args": ["FULL_PATH_TO/kb-mcp/dist/index.js"],
      "env": {
        "VIRUSTOTAL_API_KEY": "your_vt_key",
        "SHODAN_API_KEY": "your_shodan_key",
        "NVD_API_KEY": "your_nvd_key",
        "ANYRUN_API_KEY": "your_anyrun_key",
        "ALIENVAULT_OTX_API_KEY": "your_otx_key",
        "GITHUB_TOKEN": "your_github_token"
      }
    }
  }
}

Alternatively, if your client uses YAML configuration:

mcpServers:
  security-intelligence:
    command: "node"
    args:
      - "FULL_PATH_TO/kb-mcp/dist/index.js"
    env:
      VIRUSTOTAL_API_KEY: "your_vt_key"
      SHODAN_API_KEY: "your_shodan_key"
      NVD_API_KEY: "your_nvd_key"
      ANYRUN_API_KEY: "your_anyrun_key"
      ALIENVAULT_OTX_API_KEY: "your_otx_key"
      GITHUB_TOKEN: "your_github_token"

Architecture

The server uses a provider-based architecture where each security service is encapsulated in its own provider class. This ensures that API-specific logic (authentication, rate limiting, and data formatting) is isolated from the MCP tool definitions.

  • src/index.ts: Main server entry point and tool routing.
  • src/providers/: Individual API clients for each service.
  • src/config.ts: Environment variable management.
  • src/types/: Shared TypeScript interfaces.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured