Honeypot Server
FreeNot checkedEnables querying a honeypot threat-intelligence database via natural language to analyze attacker activity, without writing SQL. Provides read-only tools for ov
About
Enables querying a honeypot threat-intelligence database via natural language to analyze attacker activity, without writing SQL. Provides read-only tools for overview, top attackers, credentials, commands, and more.
README
A small Model Context Protocol server that exposes my live honeypot's threat-intelligence database to an MCP client (Claude Desktop / Claude Code) as read-only tools — so I can investigate attacker activity by just asking, instead of writing SQL.
The data comes from a self-hosted honeypot stack (Cowrie SSH/Telnet + a custom HTTP honeypot) writing into PostgreSQL — currently ~530k attack sessions, ~33k login attempts, and thousands of captured attacker commands and file-staging events.
Tools
| Tool | What it returns |
|---|---|
honeypot_overview(days) |
Totals (sessions, unique IPs, logins, commands, file events) + breakdown by honeypot/protocol |
top_attackers(days, limit) |
Busiest source IPs with country + ASN org |
top_credentials(days, limit) |
Most-tried username/password pairs |
recent_commands(days, limit) |
Commands attackers ran post-login (TTPs) |
attacks_by_country(days, limit) |
Sessions grouped by source country |
malware_downloads(days, limit) |
Captured file/malware staging (filename, URL, sha256) |
lookup_ip(ip) |
Full profile for one IP: sessions, geo/ASN, creds tried, commands, ban status |
Safety
- Read-only by construction. Every connection opens a read-only transaction
and every query is a
SELECT. No tool mutates data. - The IP passed to
lookup_ipis validated withipaddressand bound as a query parameter — never string-formatted into SQL. - Recommended: point
HONEYPOT_DATABASE_URLat a DB role grantedSELECTonly.
Setup
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # then edit with your connection string
export HONEYPOT_DATABASE_URL="postgresql://user:[email protected]:5433/honeypot"
python server.py selftest # verify DB connectivity
python server.py # run as an MCP (stdio) server
Connecting a client
Claude Code (claude mcp add):
claude mcp add honeypot -- bash -lc 'cd /path/to/honeypot-mcp && \
HONEYPOT_DATABASE_URL="postgresql://user:[email protected]:5433/honeypot" \
.venv/bin/python server.py'
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"honeypot": {
"command": "/path/to/honeypot-mcp/.venv/bin/python",
"args": ["/path/to/honeypot-mcp/server.py"],
"env": { "HONEYPOT_DATABASE_URL": "postgresql://user:[email protected]:5433/honeypot" }
}
}
}
The DB lives on my server (bound to localhost), so I either run this server there, or launch it over SSH stdio from my laptop:
{ "mcpServers": { "honeypot": {
"command": "ssh",
"args": ["ubuntu", "cd honeypot-mcp && .venv/bin/python server.py"]
}}}
Installing Honeypot Server
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/FradleyJ/honeypot-mcpFAQ
Is Honeypot Server MCP free?
Yes, Honeypot Server MCP is free — one-click install via Unyly at no cost.
Does Honeypot Server need an API key?
No, Honeypot Server runs without API keys or environment variables.
Is Honeypot Server hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Honeypot Server in Claude Desktop, Claude Code or Cursor?
Open Honeypot Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
wenb1n-dev/SmartDB_MCP
A universal database MCP server supporting simultaneous connections to multiple databases. It provides tools for database operations, health analysis, SQL optim
by wenb1n-devPostgres Server
This server enables interaction with PostgreSQL databases through the Model Context Protocol, optimized for the AWS Bedrock AgentCore Runtime. It provides tools
by madhurprashPostgres
Query your database in natural language
by AnthropicPostgreSQL
Read-only database access with schema inspection.
by modelcontextprotocolCompare Honeypot Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All data MCPs
