WhisperGraph MCP Server

WhisperGraph MCP Server

Self-hostable MCP server for WhisperGraph — a graph of 7.39B nodes / 39B edges mapping DNS, BGP, GeoIP, WHOIS, and threat intelligence. Six read-only tools (Cypher query + schema introspection + threat assessment), six resources, eight investigation prompts. stdio and Streamable HTTP transports.

Category
Visit Server

README

<p align="center"> <img src="./assets/whisper-logo.svg" alt="WhisperGraph" width="120" /> </p>

<h1 align="center">WhisperGraph MCP Server</h1>

<p align="center"> The internet's largest infrastructure graph — DNS, BGP, GeoIP, WHOIS, and threat intelligence — over the Model Context Protocol. </p>

<p align="center"> <a href="https://www.npmjs.com/package/@whisper-security/whisper-graph-mcp"><img src="https://img.shields.io/npm/v/@whisper-security/whisper-graph-mcp.svg" alt="npm version" /></a> <a href="./LICENSE"><img src="https://img.shields.io/badge/license-Apache--2.0-blue.svg" alt="License: Apache-2.0" /></a> <img src="https://img.shields.io/badge/node-%3E%3D20-brightgreen.svg" alt="Node >= 20" /> </p>

WhisperGraph is a graph database of internet infrastructure: 7.39B nodes, 39B edges, and 5.6M threat-intelligence edges mapping DNS resolution, domain hierarchy, BGP routing, IP allocation, GeoIP, web hyperlinks, email infrastructure, DNSSEC, WHOIS, and threat feeds.

This is the open-source MCP server for it. It exposes WhisperGraph to any MCP client (Claude Desktop, Claude Code, Cursor, …) as one Cypher query tool plus read-only schema-introspection and threat-assessment tools. It validates every query against a safety rule set, then relays it to the hosted WhisperGraph API using your API key.

Learn more: WhisperGraph intro · Cypher API reference · Query guide · Cypher syntax · Functions · Best practices · MCP setup

Quick start

You need a WhisperGraph API key — get a free one.

Claude Desktop / Claude Code / Cursor (stdio)

Add this to your MCP client config:

{
  "mcpServers": {
    "whisper-graph": {
      "command": "npx",
      "args": ["-y", "@whisper-security/whisper-graph-mcp"],
      "env": { "WHISPER_API_KEY": "your-api-key" }
    }
  }
}

Or with Claude Code:

claude mcp add whisper-graph -e WHISPER_API_KEY=your-api-key -- npx -y @whisper-security/whisper-graph-mcp

Hosted remote server (no install)

Whisper also runs a hosted MCP server at https://mcp.whisper.security — point any MCP client that supports remote servers at it and authenticate with your API key. Self-hosting this repo is for teams who want to run the MCP layer in their own environment. See How to set up.

Tools

All six tools are read-only.

Tool What it does
query Execute a Cypher query against WhisperGraph. Validated against a safety rule set before it reaches the backend.
list_labels List every node label with counts. Call it before writing a query when you're unsure which label to anchor on.
describe_label Confirm a label exists and enumerate its property keys.
explain_indicator Threat assessment for an IP, hostname, CIDR, or ASN — score, level, factors, sources.
whisper_history Historical WHOIS or BGP data for an indicator.
domain_variants Typosquatting / brand-protection variants of a domain, checked against the graph.

Resources

Six MCP resources: the full schema, the relationship map, a Cypher function reference, a query cookbook, plus live whisper://stats and whisper://quota.

Prompts

Eight investigation-workflow prompt templates: investigate-ip, map-attack-surface, compare-domains, blast-radius, threat-triage, whois-pivot, bgp-investigation, typosquat-sweep.

Self-hosting (Docker / HTTP)

For remote or team deployments, run the server over Streamable HTTP:

docker run -p 8080:8080 -e MCP_TRANSPORT=http \
  ghcr.io/whisper-sec/whisper-graph-mcp:latest

Or with Docker Compose:

docker compose up

In HTTP mode the server does not authenticate inbound requests — it relays the caller's X-API-Key or Authorization: Bearer header to the hosted WhisperGraph API, falling back to the WHISPER_API_KEY environment variable when no header is present. Put it behind your own gateway if you need access control.

Configuration

All configuration is via environment variables.

Variable Default Description
WHISPER_API_KEY (none) Your WhisperGraph API key. Get a free one.
MCP_TRANSPORT stdio stdio for local CLI use, http for remote/Docker.
HTTP_HOST 0.0.0.0 Bind host for the HTTP transport.
HTTP_PORT 8080 Bind port for the HTTP transport.
WHISPER_ALLOWED_HOSTS (none) Comma-separated Host header allowlist for DNS-rebinding protection in HTTP mode. Leave empty only behind a trusted gateway.
WHISPER_DB_URL https://graph.whisper.security Base URL of the hosted WhisperGraph API.
WHISPER_QUERY_TIMEOUT_MS 60000 Hard per-query deadline forwarded to the API.
WHISPER_DB_TIMEOUT_MS 10000 HTTP timeout for non-query calls.
LOG_LEVEL info debug, info, warn, or error.

Development

npm install
npm run dev       # run from source over stdio
npm test          # unit + integration tests (no secrets needed)
npm run build     # bundle to dist/
npm run lint      # eslint
npm run typecheck # tsc --noEmit

The test suite runs entirely offline against a fake backend — no API key required.

Contributing

Contributions are welcome. See CONTRIBUTING.md and our Code of Conduct. Security issues: see SECURITY.md.

License

Apache-2.0. "Whisper", the Whisper logo, and "WhisperGraph" are trademarks of Whisper Security — see NOTICE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured