Skip to main content
Glama
enesjakozh
0xKoda

WireMCP

by 0xKoda
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Local

check_ip_threats

Analyze IP addresses using the URLhaus blacklist to identify potential security threats in real-time network traffic. Enhance threat detection and network diagnostics with actionable insights.

Instructions

Check a given IP address against URLhaus blacklist for IOCs

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
ipYesIP address to check (e.g., 192.168.1.1)

Implementation Reference

  • index.js:256-297 (handler)
    The main handler function for the 'check_ip_threats' tool. It takes an IP address, fetches the latest IP blacklist from URLhaus using axios, parses it for IPv4 addresses, checks if the input IP is listed, and returns a text response indicating if it's a threat.
    async (args) => {
  try {
    const { ip } = args;
    console.error(`Checking IP ${ip} against URLhaus blacklist`);

    const urlhausUrl = 'https://urlhaus.abuse.ch/downloads/text/';
    console.error(`Fetching URLhaus blacklist from ${urlhausUrl}`);
    let urlhausData;
    let isThreat = false;
    try {
      const response = await axios.get(urlhausUrl);
      console.error(`URLhaus response status: ${response.status}, length: ${response.data.length} chars`);
      console.error(`URLhaus raw data (first 200 chars): ${response.data.slice(0, 200)}`);
      const ipRegex = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/;
      urlhausData = [...new Set(response.data.split('\n')
        .map(line => {
          const match = line.match(ipRegex);
          return match ? match[0] : null;
        })
        .filter(ip => ip))];
      console.error(`URLhaus lookup successful: ${urlhausData.length} blacklist IPs fetched`);
      console.error(`Sample URLhaus IPs: ${urlhausData.slice(0, 5).join(', ') || 'None'}`);
      isThreat = urlhausData.includes(ip);
      console.error(`IP ${ip} checked against URLhaus: ${isThreat ? 'Threat found' : 'No threat found'}`);
    } catch (e) {
      console.error(`Failed to fetch URLhaus data: ${e.message}`);
      urlhausData = [];
    }

    const outputText = `IP checked: ${ip}\n\n` +
      `Threat check against URLhaus blacklist:\n${
        isThreat ? 'Potential threat detected in URLhaus blacklist.' : 'No threat detected in URLhaus blacklist.'
      }`;

    return {
      content: [{ type: 'text', text: outputText }],
    };
  } catch (error) {
    console.error(`Error in check_ip_threats: ${error.message}`);
    return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true };
  }
}
  • index.js:253-255 (schema)
    The Zod input schema for the tool, validating a single 'ip' parameter as an IPv4 address.
    {
  ip: z.string().regex(/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/).describe('IP address to check (e.g., 192.168.1.1)'),
},
  • index.js:250-298 (registration)
    Registers the 'check_ip_threats' tool on the MCP server using server.tool(), including name, description, schema, and handler function.
    server.tool(
  'check_ip_threats',
  'Check a given IP address against URLhaus blacklist for IOCs',
  {
    ip: z.string().regex(/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/).describe('IP address to check (e.g., 192.168.1.1)'),
  },
  async (args) => {
    try {
      const { ip } = args;
      console.error(`Checking IP ${ip} against URLhaus blacklist`);

      const urlhausUrl = 'https://urlhaus.abuse.ch/downloads/text/';
      console.error(`Fetching URLhaus blacklist from ${urlhausUrl}`);
      let urlhausData;
      let isThreat = false;
      try {
        const response = await axios.get(urlhausUrl);
        console.error(`URLhaus response status: ${response.status}, length: ${response.data.length} chars`);
        console.error(`URLhaus raw data (first 200 chars): ${response.data.slice(0, 200)}`);
        const ipRegex = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/;
        urlhausData = [...new Set(response.data.split('\n')
          .map(line => {
            const match = line.match(ipRegex);
            return match ? match[0] : null;
          })
          .filter(ip => ip))];
        console.error(`URLhaus lookup successful: ${urlhausData.length} blacklist IPs fetched`);
        console.error(`Sample URLhaus IPs: ${urlhausData.slice(0, 5).join(', ') || 'None'}`);
        isThreat = urlhausData.includes(ip);
        console.error(`IP ${ip} checked against URLhaus: ${isThreat ? 'Threat found' : 'No threat found'}`);
      } catch (e) {
        console.error(`Failed to fetch URLhaus data: ${e.message}`);
        urlhausData = [];
      }

      const outputText = `IP checked: ${ip}\n\n` +
        `Threat check against URLhaus blacklist:\n${
          isThreat ? 'Potential threat detected in URLhaus blacklist.' : 'No threat detected in URLhaus blacklist.'
        }`;

      return {
        content: [{ type: 'text', text: outputText }],
      };
    } catch (error) {
      console.error(`Error in check_ip_threats: ${error.message}`);
      return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true };
    }
  }
);
Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/0xKoda/WireMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server