Threatfox
FreeNot checkedEnables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.
About
Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.
README
ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)
Part of Pipeworx — an MCP gateway connecting AI agents to 673+ live data sources.
Tools
| Tool | Description |
|---|---|
search_hash |
IOCs associated with a file hash (md5 / sha1 / sha256). |
search_malware |
IOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot"). |
Quick Start
Add to your MCP client (Claude Desktop, Cursor, Windsurf, etc.):
{
"mcpServers": {
"threatfox": {
"url": "https://gateway.pipeworx.io/threatfox/mcp"
}
}
}
Or connect to the full Pipeworx gateway for access to all 673+ data sources:
{
"mcpServers": {
"pipeworx": {
"url": "https://gateway.pipeworx.io/mcp"
}
}
}
Using with ask_pipeworx
Instead of calling tools directly, you can ask questions in plain English:
ask_pipeworx({ question: "your question about Threatfox data" })
The gateway picks the right tool and fills the arguments automatically.
More
License
MIT
Installing Threatfox
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/pipeworx-io/mcp-threatfoxFAQ
Is Threatfox MCP free?
Yes, Threatfox MCP is free — one-click install via Unyly at no cost.
Does Threatfox need an API key?
No, Threatfox runs without API keys or environment variables.
Is Threatfox hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Threatfox in Claude Desktop, Claude Code or Cursor?
Open Threatfox on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Threatfox with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
