Best abuse.ch MCP Servers
Abuse.ch is a research project that tracks and monitors malware, botnets, and other cyber threats. It provides various tools and resources to help security professionals identify and combat online abuse, including databases of malicious URLs, compromised websites, and command-and-control servers.
Why this server?
Enables AI agents to query abuse.ch services such as ThreatFox for malware IOCs, URLhaus for malicious URLs, and other threat intelligence feeds.
AlicenseAqualityAmaintenanceDark web & threat intelligence for AI agents. HIBP, ThreatFox, ransomware tracking, Tor .onion access, blockchain intel, exploit search, stealer logs, malware analysis — unified into a single MCP server.Last updated306647205MITWhy this server?
Integrates with URLhaus (abuse.ch) to check URLs against active malware distribution lists.
AlicenseAqualityAmaintenanceEnables AI agents to check URL safety before fetching content, using Google Web Risk, URLhaus, PhishTank, and AI analysis to return SAFE/SUSPICIOUS/DANGEROUS verdicts.Last updated12501MITWhy this server?
Provides unified access to abuse.ch projects including URLhaus for malware distribution URLs, MalwareBazaar for sample lookups by hash, ThreatFox for IOC sharing, and Feodo Tracker for identifying active botnet C2 infrastructure.
AlicenseAqualityBmaintenanceProvides unified access to multiple threat intelligence sources like AlienVault OTX, AbuseIPDB, and GreyNoise for security research and analysis. It enables users to perform simultaneous lookups on IPs, domains, hashes, and URLs across several platforms within a single response.Last updated71726MITWhy this server?
Integrates AbuseIPDB and URLhaus threat intelligence for IP reputation checks and PCAP-wide threat scanning.
AlicenseBqualityCmaintenanceA professional-grade network analysis MCP server that integrates Wireshark/TShark, Nmap, and threat intelligence to enable packet capture, network scanning, threat detection, and credential extraction through natural language.Last updated412MITWhy this server?
Integrates with Abuse.ch ThreatFox to fetch threat intelligence indicators.

secfeedofficial
Alicense-qualityCmaintenanceAggregates security intelligence feeds (vulnerabilities, news, threat intel) into a local SQLite database and provides MCP tools for AI agents to query and analyze them.Last updatedMITWhy this server?
Provides threat intelligence lookup capabilities by integrating with abuse.ch, allowing AI agents to check indicators of compromise (IOCs) such as IP addresses and domains against known malicious activity databases.
AlicenseCqualityBmaintenanceProvides a high quality cybersecurity tool platform with pay as you go pricing (no subscription).Last updated281MITWhy this server?
Integrates with MalwareBazaar (a service by abuse.ch) to provide real-time threat intelligence, including querying recent malware samples, retrieving metadata by hash, and searching by tags.
Alicense-qualityCmaintenanceEnables AI assistants to access real-time threat intelligence, malware sample metadata, and security analysis tools via integration with MalwareBazaar, VirusTotal, and Telegram.Last updatedMITWhy this server?
Provides tools for searching and retrieving malware samples from the MalwareBazaar database, allowing queries by tag, family, signature, or recent samples.
Alicense-qualityCmaintenanceEnables querying the abuse.ch MalwareBazaar database for malware samples by tag, family, signature, or recent submissions.Last updated0MITWhy this server?
Integrates with abuse.ch services including URLhaus, ThreatFox, and MalwareBazaar for malware URL tracking, IOC sharing, and malware sample intelligence.
Alicense-qualityCmaintenanceA threat intelligence aggregation server that provides unified access to multiple security sources for analyzing indicators (IPs, domains, hashes, URLs) with confidence scoring.Last updated7MIT