MCP Servers

Sherlock MCP Server

Provides access to the Covertlabs infostealer intelligence platform to search for compromised credentials and investigate cyber threat artifacts. It enables security researchers to query databases for stolen emails, passwords, browser history, and victim metadata.

README

Sherlock MCP Server

An official Model Context Protocol (MCP) server for the Covertlabs infostealer intelligence platform. Built with FastMCP.

What is Sherlock?

Sherlock provides access to Covertlabs' comprehensive database of infostealer logs, enabling security researchers and threat intelligence teams to:

Search compromised credentials by email, domain, username, or password
Investigate victims by IP address, country, or stealer family
Retrieve detailed artifacts including credentials, cookies, and browser history

Features

🔍 12 Search Tools - Comprehensive search capabilities across the infostealer database
🔐 Token Authentication - Secure access via Personal Access Tokens
⚡ Stateless HTTP - Scalable, load-balancer friendly architecture
🐳 Docker Ready - Production-ready containerization

Installation

Prerequisites

Python 3.11+
A Covertlabs account with API access
Your Personal Access Token from app.covertlabs.io/cli/token

Quick Start

# Clone the repository
git clone https://github.com/covertlabs/sherlock-mcp.git
cd sherlock-mcp

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Run the server
python server.py

Docker

docker compose up --build

Configuration

Configure via environment variables:

Variable	Default	Description
`PORT`	`8080`	Server port
`HOST`	`0.0.0.0`	Server host
`COVERTLABS_API_URL`	`https://api.covertlabs.io`	API endpoint
`CORS_ORIGINS`	`*`	Allowed CORS origins
`LOG_REQUESTS`	`false`	Enable request logging

Client Configuration

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "sherlock": {
      "url": "http://localhost:8080/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN_HERE"
      }
    }
  }
}

Claude Desktop

Add to your Claude Desktop MCP configuration:

{
  "mcpServers": {
    "sherlock": {
      "url": "http://localhost:8080/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN_HERE"
      }
    }
  }
}

Available Tools

See the docs/ folder for detailed documentation on each tool and response formats.

Search Tools

Tool	Description
`search_by_email`	Search victims by email address
`search_by_domain`	Search victims by domain
`search_by_ip`	Search victims by IP address
`search_by_username`	Search victims by username
`search_by_password`	Search victims by password
`search_text`	Broad text search across all fields
`search_by_country`	Search by ISO country code
`search_by_stealer`	Search by stealer malware family

Victim Detail Tools

Tool	Description
`get_victim_profile`	Get victim profile and metadata
`get_victim_credentials`	Get stolen credentials
`get_victim_cookies`	Get stolen browser cookies
`get_victim_history`	Get browser history

Authentication

This server uses Personal Access Token (PAT) authentication. Tokens are passed through to the Covertlabs API.

Log in to app.covertlabs.io
Navigate to CLI Token
Copy your token (format: cl_pat_V1_...)
Add to your MCP client configuration

API Endpoints

Endpoint	Method	Description
`/`	GET	Server information
`/health`	GET	Health check
`/mcp`	POST	MCP protocol endpoint

Documentation

Tools Reference - Detailed tool documentation
Response Formats - API response schemas
Examples - Usage examples

Support

Documentation: docs.covertlabs.io
Issues: GitHub Issues
Email: support@covertlabs.io

License

MIT License - see LICENSE for details.

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

E2B

Using MCP to run code via e2b.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured