Skip to main content
Glama
enesjakozh
0xKoda

WireMCP

by 0xKoda
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Local

check_threats

Monitor live network traffic and identify malicious IPs by cross-referencing the URLhaus blacklist using a specified network interface and capture duration.

Instructions

Capture live traffic and check IPs against URLhaus blacklist

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
durationNoCapture duration in seconds
interfaceNoNetwork interface to capture from (e.g., eth0, en0)en0

Implementation Reference

  • index.js:189-246 (handler)
    The handler function for the 'check_threats' tool. It captures live network traffic using tshark, extracts unique IP addresses, fetches the URLhaus IP blacklist, checks captured IPs against it, and reports any threats found.
    async (args) => { try { const tsharkPath = await findTshark(); const { interface, duration } = args; const tempPcap = 'temp_capture.pcap'; console.error(`Capturing traffic on ${interface} for ${duration}s to check threats`); await execAsync( `${tsharkPath} -i ${interface} -w ${tempPcap} -a duration:${duration}`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const { stdout } = await execAsync( `${tsharkPath} -r "${tempPcap}" -T fields -e ip.src -e ip.dst`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const ips = [...new Set(stdout.split('\n').flatMap(line => line.split('\t')).filter(ip => ip && ip !== 'unknown'))]; console.error(`Captured ${ips.length} unique IPs: ${ips.join(', ')}`); const urlhausUrl = 'https://urlhaus.abuse.ch/downloads/text/'; console.error(`Fetching URLhaus blacklist from ${urlhausUrl}`); let urlhausData; let urlhausThreats = []; try { const response = await axios.get(urlhausUrl); console.error(`URLhaus response status: ${response.status}, length: ${response.data.length} chars`); console.error(`URLhaus raw data (first 200 chars): ${response.data.slice(0, 200)}`); const ipRegex = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/; urlhausData = [...new Set(response.data.split('\n') .map(line => { const match = line.match(ipRegex); return match ? match[0] : null; }) .filter(ip => ip))]; console.error(`URLhaus lookup successful: ${urlhausData.length} blacklist IPs fetched`); console.error(`Sample URLhaus IPs: ${urlhausData.slice(0, 5).join(', ') || 'None'}`); urlhausThreats = ips.filter(ip => urlhausData.includes(ip)); console.error(`Checked IPs against URLhaus: ${urlhausThreats.length} threats found - ${urlhausThreats.join(', ') || 'None'}`); } catch (e) { console.error(`Failed to fetch URLhaus data: ${e.message}`); urlhausData = []; } const outputText = `Captured IPs:\n${ips.join('\n')}\n\n` + `Threat check against URLhaus blacklist:\n${ urlhausThreats.length > 0 ? `Potential threats: ${urlhausThreats.join(', ')}` : 'No threats detected in URLhaus blacklist.' }`; await fs.unlink(tempPcap).catch(err => console.error(`Failed to delete ${tempPcap}: ${err.message}`)); return { content: [{ type: 'text', text: outputText }], }; } catch (error) { console.error(`Error in check_threats: ${error.message}`); return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true }; } }
  • index.js:185-188 (schema)
    Input schema for the 'check_threats' tool using Zod, defining optional parameters for network interface and capture duration.
    { interface: z.string().optional().default('en0').describe('Network interface to capture from (e.g., eth0, en0)'), duration: z.number().optional().default(5).describe('Capture duration in seconds'), },
  • index.js:182-247 (registration)
    Registration of the 'check_threats' tool using server.tool(), including name, description, input schema, and handler reference.
    server.tool( 'check_threats', 'Capture live traffic and check IPs against URLhaus blacklist', { interface: z.string().optional().default('en0').describe('Network interface to capture from (e.g., eth0, en0)'), duration: z.number().optional().default(5).describe('Capture duration in seconds'), }, async (args) => { try { const tsharkPath = await findTshark(); const { interface, duration } = args; const tempPcap = 'temp_capture.pcap'; console.error(`Capturing traffic on ${interface} for ${duration}s to check threats`); await execAsync( `${tsharkPath} -i ${interface} -w ${tempPcap} -a duration:${duration}`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const { stdout } = await execAsync( `${tsharkPath} -r "${tempPcap}" -T fields -e ip.src -e ip.dst`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const ips = [...new Set(stdout.split('\n').flatMap(line => line.split('\t')).filter(ip => ip && ip !== 'unknown'))]; console.error(`Captured ${ips.length} unique IPs: ${ips.join(', ')}`); const urlhausUrl = 'https://urlhaus.abuse.ch/downloads/text/'; console.error(`Fetching URLhaus blacklist from ${urlhausUrl}`); let urlhausData; let urlhausThreats = []; try { const response = await axios.get(urlhausUrl); console.error(`URLhaus response status: ${response.status}, length: ${response.data.length} chars`); console.error(`URLhaus raw data (first 200 chars): ${response.data.slice(0, 200)}`); const ipRegex = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/; urlhausData = [...new Set(response.data.split('\n') .map(line => { const match = line.match(ipRegex); return match ? match[0] : null; }) .filter(ip => ip))]; console.error(`URLhaus lookup successful: ${urlhausData.length} blacklist IPs fetched`); console.error(`Sample URLhaus IPs: ${urlhausData.slice(0, 5).join(', ') || 'None'}`); urlhausThreats = ips.filter(ip => urlhausData.includes(ip)); console.error(`Checked IPs against URLhaus: ${urlhausThreats.length} threats found - ${urlhausThreats.join(', ') || 'None'}`); } catch (e) { console.error(`Failed to fetch URLhaus data: ${e.message}`); urlhausData = []; } const outputText = `Captured IPs:\n${ips.join('\n')}\n\n` + `Threat check against URLhaus blacklist:\n${ urlhausThreats.length > 0 ? `Potential threats: ${urlhausThreats.join(', ')}` : 'No threats detected in URLhaus blacklist.' }`; await fs.unlink(tempPcap).catch(err => console.error(`Failed to delete ${tempPcap}: ${err.message}`)); return { content: [{ type: 'text', text: outputText }], }; } catch (error) { console.error(`Error in check_threats: ${error.message}`); return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true }; } } );
  • index.js:17-39 (helper)
    Helper function findTshark() used by check_threats handler to locate the tshark executable.
    async function findTshark() { try { const tsharkPath = await which('tshark'); console.error(`Found tshark at: ${tsharkPath}`); return tsharkPath; } catch (err) { console.error('which failed to find tshark:', err.message); const fallbacks = process.platform === 'win32' ? ['C:\\Program Files\\Wireshark\\tshark.exe', 'C:\\Program Files (x86)\\Wireshark\\tshark.exe'] : ['/usr/bin/tshark', '/usr/local/bin/tshark', '/opt/homebrew/bin/tshark', '/Applications/Wireshark.app/Contents/MacOS/tshark']; for (const path of fallbacks) { try { await execAsync(`${path} -v`); console.error(`Found tshark at fallback: ${path}`); return path; } catch (e) { console.error(`Fallback ${path} failed: ${e.message}`); } } throw new Error('tshark not found. Please install Wireshark (https://www.wireshark.org/download.html) and ensure tshark is in your PATH.'); } }
Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/0xKoda/WireMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server