MCP Hub
Back to servers

Abuse.ch

A unified threat intelligence MCP server that validates and correlates security data across MalwareBazaar, URLhaus, and ThreatFox for files, URLs, domains, and IPs.

pulsemcp
AI & MLAPIs & ServicesData & AnalyticsDevelopment ToolsFile Systems
Stars
2
Tools
4
Updated
Sep 10, 2025
Validated
Feb 17, 2026
View Source
Claim this server

abusech-mcp 🚦

abusech-mcp is an MCP server that fetches threat intelligence from multiple abuse.ch platforms, including MalwareBazaar, URLhaus, and ThreatFox.

Features

  • Unified VT-like API for querying file, URL, IP, and domain intelligence
  • Uses Pydantic schemas for robust data validation and serialization
  • Powered by fastmcp:
  • Unified API layer: Directly use functions from abusech_intel.py to obtain correlated intelligence from abuse.ch platforms—serving as a unified API layer since the platforms themselves do not provide one

Requirements

  • Python 3.10+
  • abuse.ch API key (set as ABUSECH_API_KEY environment variable)

Usage

Start the MCP server:

python abusech_mcp.py

Available Tools

  • get_ip_report(ip: str): Get a comprehensive IP report from URLhaus and ThreatFox
  • get_domain_report(domain: str): Get a domain report from URLhaus and ThreatFox
  • get_url_report(url: str): Get a URL report from URLhaus and ThreatFox
  • get_file_report(hash_value: str): Get a file report (MD5/SHA-1/SHA-256) from MalwareBazaar, URLhaus, and ThreatFox

Configuration

Set your API key as an environment variable:

export ABUSECH_API_KEY=your_api_key_here

License

MIT License

Reviews

No reviews yet

Sign in to write a review