search_hash
Check file hashes against Kaspersky's threat intelligence database to identify potential malware or security risks.
Instructions
Get threat intelligence information about a file by hash (md5, sha1, sha256)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| file_hash | Yes |
Input Schema (JSON Schema)
{
"properties": {
"file_hash": {
"title": "File Hash",
"type": "string"
}
},
"required": [
"file_hash"
],
"type": "object"
}
Implementation Reference
- opentip-mcp/opentip.py:94-114 (handler)The main handler for the 'search_hash' MCP tool. Registered via @mcp.tool decorator with description and annotations. Validates input hash using regex pattern and makes API request via opentip_request helper.@mcp.tool( description="Get threat intelligence information about a file by hash (md5, sha1, sha256)", annotations=ToolAnnotations( title="Investigate a file by hash", readOnlyHint=True, openWorldHint=True, ), ) async def search_hash(file_hash: str) -> dict[str, Any] | None: """Get threat intelligence information about a file by hash (md5, sha1, sha256) Args: file_hash: hash that you want to investigate """ if not hash_pattern.match(file_hash): return {"result": "error", "error_message": "Invalid hash format. Please provide a valid md5, sha1, or sha256 hash."} params = {"request": file_hash} return await opentip_request(Endpoints.search_hash, "get", params)
- opentip-mcp/opentip.py:53-92 (helper)Helper function opentip_request used by search_hash to perform authenticated GET/POST requests to OpenTIP API with comprehensive error handling.async def opentip_request( endpoint: str, request_type: RequestType = "get", params: Optional[dict[str, Any]] = None, content: Optional[bytes] = None, headers: Optional[dict[str, str]] = None, ) -> dict[str, Any]: """Make a request to the OpenTIP API with proper error handling.""" headers = headers or {} headers = { "user-agent": "opentip-mcp-client", "x-api-key": OPENTIP_API_KEY, **headers } async with httpx.AsyncClient() as client: try: url = f"{OPENTIP_API_BASE}{endpoint}" if request_type == "get": response = await client.get( url, headers=headers, params=params, timeout=OPENTIP_API_TIMEOUT ) elif request_type == "post": response = await client.post( url, headers=headers, params=params, content=content, timeout=OPENTIP_API_TIMEOUT ) response.raise_for_status() return response.json() except httpx.HTTPStatusError as e: if e.response.status_code == 400: return {"result": "error", "error_message": "Invalid parameters. Please check your input and try again."} elif e.response.status_code == 401: return {"result": "error", "error_message": "Authentication failed. Please ensure that you have provided the correct credentials and try again."} elif e.response.status_code == 403: return {"result": "error", "error_message": "Quota or request limit exceeded. Check your quota and limits and try again."} else: return {"result": "error", "error_message": str(e)} except Exception as e: # noqa return {"result": "error", "error_message": str(e)}
- opentip-mcp/opentip.py:44-51 (helper)Endpoints StrEnum defining the API endpoint path 'search/hash' for the search_hash tool.class Endpoints(StrEnum): search_hash = "search/hash" search_ip = "search/ip" search_domain = "search/domain" search_url = "search/url" analyze_file = "scan/file" get_analysis_results = "getresult/file"
- opentip-mcp/opentip.py:29-31 (helper)Regex pattern hash_pattern used in search_hash for input validation of MD5, SHA1, SHA256 hashes.# Regex pattern for valid hash types (md5, sha1, sha256) and ips hash_pattern = re.compile(r'^(0x)?(?:[a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64})$') ip_pattern = re.compile(r'^(\d{1,3}\.){3}\d{1,3}$')