Skip to main content
Glama
H4RR1SON

Sherlock MCP Server

by H4RR1SON
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

Sherlock MCP Server

An official Model Context Protocol (MCP) server for the Covertlabs infostealer intelligence platform. Built with FastMCP.

What is Sherlock?

Sherlock provides access to Covertlabs' comprehensive database of infostealer logs, enabling security researchers and threat intelligence teams to:

  • Search compromised credentials by email, domain, username, or password

  • Investigate victims by IP address, country, or stealer family

  • Retrieve detailed artifacts including credentials, cookies, and browser history

Features

  • πŸ” 12 Search Tools - Comprehensive search capabilities across the infostealer database

  • πŸ” Token Authentication - Secure access via Personal Access Tokens

  • ⚑ Stateless HTTP - Scalable, load-balancer friendly architecture

  • 🐳 Docker Ready - Production-ready containerization

Installation

Prerequisites

Quick Start

# Clone the repository
git clone https://github.com/covertlabs/sherlock-mcp.git
cd sherlock-mcp

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Run the server
python server.py

Docker

docker compose up --build

Configuration

Configure via environment variables:

Variable

Default

Description

PORT

8080

Server port

HOST

0.0.0.0

Server host

COVERTLABS_API_URL

https://api.covertlabs.io

API endpoint

CORS_ORIGINS

*

Allowed CORS origins

LOG_REQUESTS

false

Enable request logging

Client Configuration

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "sherlock": {
      "url": "http://localhost:8080/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN_HERE"
      }
    }
  }
}

Claude Desktop

Add to your Claude Desktop MCP configuration:

{
  "mcpServers": {
    "sherlock": {
      "url": "http://localhost:8080/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN_HERE"
      }
    }
  }
}

Available Tools

See the docs/ folder for detailed documentation on each tool and response formats.

Search Tools

Tool

Description

search_by_email

Search victims by email address

search_by_domain

Search victims by domain

search_by_ip

Search victims by IP address

search_by_username

Search victims by username

search_by_password

Search victims by password

search_text

Broad text search across all fields

search_by_country

Search by ISO country code

search_by_stealer

Search by stealer malware family

Victim Detail Tools

Tool

Description

get_victim_profile

Get victim profile and metadata

get_victim_credentials

Get stolen credentials

get_victim_cookies

Get stolen browser cookies

get_victim_history

Get browser history

Authentication

This server uses Personal Access Token (PAT) authentication. Tokens are passed through to the Covertlabs API.

  1. Log in to app.covertlabs.io

  2. Navigate to CLI Token

  3. Copy your token (format: cl_pat_V1_...)

  4. Add to your MCP client configuration

API Endpoints

Endpoint

Method

Description

/

GET

Server information

/health

GET

Health check

/mcp

POST

MCP protocol endpoint

Documentation

Support

License

MIT License - see LICENSE for details.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/H4RR1SON/sherlock-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server