VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. It aggregates many antivirus products and online scan engines to check for threats that the user's own antivirus may have missed.
AI-powered OSINT framework exposing 10 tools (email, username, breach, WHOIS, IP, subdomain, phone, Shodan, dorks, Pastebin) as an MCP server for Claude Code and Claude Desktop, with an autonomous agent REPL and direct CLI.
Last updated
17
659
MIT
Why this server?
Provides tools for analyzing file hashes, URLs, domains, or IP addresses against 70+ antivirus engines and threat intelligence databases for malware detection and reputation checking.
This MCP server transforms Claude into a comprehensive security analyst by providing access to 27 security tools across 21 APIs for vulnerability intelligence. It enables users to query multiple sources like NVD, EPSS, CISA KEV, and threat intelligence platforms in parallel to get correlated security insights and risk assessments for CVEs.
Last updated
4
27
991
Apache 2.0
Why this server?
Provides access to VirusTotal for analyzing files and URLs against a vast threat intelligence database, integrated into AI-driven security pipelines.
Enables AI agents to orchestrate security research workflows by connecting to containerized security tools via MCP, allowing automated vulnerability analysis and pipeline execution.
Last updated
24
796
Why this server?
Provides tools for domain reputation analysis and threat intelligence, allowing AI agents to query VirusTotal for malicious activity detections, URL safety checks, and historical infrastructure records.
Provides AI agents with 37 OSINT tools and 12 data sources to perform unified reconnaissance, domain analysis, and attack surface mapping. It enables agents to query, correlate, and reason across platforms like Shodan, VirusTotal, and Censys in parallel.
Last updated
37
199
20
MIT
Why this server?
Provides tools for domain reputation analysis, threat detections, and subdomain enumeration by querying the VirusTotal API.
A comprehensive reconnaissance toolset that provides AI agents with 37 tools across 12 data sources like Shodan and VirusTotal for automated intelligence gathering. It enables agents to perform domain reconnaissance, attack surface mapping, and cross-platform data correlation within a single conversational interface.
Last updated
37
199
2
MIT
Why this server?
Enables analysis of observables using VirusTotal engine through Cyberbro integration, allowing threat intelligence queries and reputation checks for IPs, domains, URLs, and file hashes.
An MCP server that extracts Indicators of Compromise (IoCs) from unstructured text and checks their reputation across multiple threat intelligence services. It enables real-time analysis of IPs, domains, hashes, and URLs, providing enriched context for security workflows within LLMs.
Last updated
5
19
MIT
Why this server?
Provides security scanning capabilities through Domain Shield and Threat Pulse endpoints, utilizing VirusTotal's 70+ engine malware detection and threat intelligence for comprehensive domain security analysis.
Universal x402 buyer agent — discover, pay for, and call any x402 paid API endpoint from Claude Desktop, Cursor, or Claude Code with automatic USDC payment via AgentCash.
Last updated
4
17
MIT
Why this server?
Enables checking file hash (MD5/SHA1/SHA256) and IP reputation with detection ratios and vendor verdicts from VirusTotal's threat intelligence database.
Aggregates real-time threat intelligence from multiple sources including Feodo Tracker, URLhaus, CISA KEV, and ThreatFox, with IP/hash reputation checking via VirusTotal, AbuseIPDB, and Shodan for comprehensive security monitoring.
Last updated
11
28
MIT
Why this server?
Allows for the submission of observables like IPs and hashes to VirusTotal through Cortex's analysis pipeline for security enrichment.
An MCP server for the Cortex observable analysis and active response engine. It enables LLMs to automate security investigations by running analyzers on observables like IPs and URLs and executing automated response actions.
