Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Threatfox

FreeNot checked

Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.

GitHubEmbed

About

Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.

README

ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)

Part of Pipeworx — an MCP gateway connecting AI agents to 673+ live data sources.

Tools

Tool Description
search_hash IOCs associated with a file hash (md5 / sha1 / sha256).
search_malware IOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot").

Quick Start

Add to your MCP client (Claude Desktop, Cursor, Windsurf, etc.):

{
  "mcpServers": {
    "threatfox": {
      "url": "https://gateway.pipeworx.io/threatfox/mcp"
    }
  }
}

Or connect to the full Pipeworx gateway for access to all 673+ data sources:

{
  "mcpServers": {
    "pipeworx": {
      "url": "https://gateway.pipeworx.io/mcp"
    }
  }
}

Using with ask_pipeworx

Instead of calling tools directly, you can ask questions in plain English:

ask_pipeworx({ question: "your question about Threatfox data" })

The gateway picks the right tool and fills the arguments automatically.

More

License

MIT

from github.com/pipeworx-io/mcp-threatfox

Installing Threatfox

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/pipeworx-io/mcp-threatfox

FAQ

Is Threatfox MCP free?

Yes, Threatfox MCP is free — one-click install via Unyly at no cost.

Does Threatfox need an API key?

No, Threatfox runs without API keys or environment variables.

Is Threatfox hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Threatfox in Claude Desktop, Claude Code or Cursor?

Open Threatfox on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Threatfox with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs