Threat Intel MCP Server

A FastMCP server providing threat intelligence and vulnerability research tools for Claude. Integrates with NVD, VirusTotal, AbuseIPDB, Shodan, and MITRE ATT&CK.

Tools

Setup

1. Create and activate a virtual environment:

python -m venv venv
.\venv\Scripts\Activate.ps1

2. Install dependencies:

pip install -r requirements.txt

3. Configure API keys — copy .env.example to .env and fill in your keys:

VIRUSTOTAL_API_KEY=your_key_here
ABUSEIPDB_API_KEY=your_key_here
SHODAN_API_KEY=your_key_here

Free API keys: VirusTotal · AbuseIPDB · Shodan

Claude Desktop

Since the server now runs over HTTP, start it first, then configure Claude Desktop to connect via URL.

1. Start the server (keep this running):

python server.py

2. Add to %APPDATA%\Claude\claude_desktop_config.json:

{
  "mcpServers": {
    "threat-intel": {
      "url": "http://127.0.0.1:8000/sse"
    }
  }
}

API keys are read from .env automatically. Restart Claude Desktop after saving.

MCP Inspector

The server runs over HTTP (SSE) on port 8000. Start it first, then connect the inspector.

1. Start the server:

python server.py

2. Launch the inspector:

npx @modelcontextprotocol/inspector

Open http://localhost:5173, set transport to SSE, and enter the URL http://127.0.0.1:8000/sse.

Adding New Tools

1. Create tools/newtool.py with your async function

2. Register it in server.py:

from tools.newtool import my_function as _my_function

@mcp.tool()
async def my_tool(param: str) -> str:
    """Tool description shown in Inspector and to the LLM.

    Args:
        param: Parameter description
    """
    return str(await _my_function(param))

FastMCP generates the JSON schema automatically from the signature and docstring.

API Rate Limits

Troubleshooting

JSON-RPC / EOF errors — Don't run python server.py directly. Use mcp dev server.py or Claude Desktop.

API key not found — Ensure .env exists in the project root with correctly named variables.

Rate limit errors — Wait before retrying, or upgrade to a paid API tier.