Threatfox

Name: Threatfox
Availability: InStock
Author: pipeworx-io

FreeNot checked

Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.

by pipeworx-io

GitHub

About

Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.

README

ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)

Part of Pipeworx — an MCP gateway connecting AI agents to 250+ live data sources.

Tools

Tool	Description
`search_hash`	IOCs associated with a file hash (md5 / sha1 / sha256).
`search_malware`	IOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot").

Quick Start

Add to your MCP client (Claude Desktop, Cursor, Windsurf, etc.):

{
  "mcpServers": {
    "threatfox": {
      "url": "https://gateway.pipeworx.io/threatfox/mcp"
    }
  }
}

Or connect to the full Pipeworx gateway for access to all 250+ data sources:

{
  "mcpServers": {
    "pipeworx": {
      "url": "https://gateway.pipeworx.io/mcp"
    }
  }
}

Using with ask_pipeworx

Instead of calling tools directly, you can ask questions in plain English:

ask_pipeworx({ question: "your question about Threatfox data" })

The gateway picks the right tool and fills the arguments automatically.

License

MIT

from github.com/pipeworx-io/mcp-threatfox

How to install

Run in your terminal:

claude mcp add mcp-threatfox -- npx

Threatfox

About

README

Tools

Quick Start

Using with ask_pipeworx

More

License

How to install

Related MCPs

Compare Threatfox with

GitHub

Supabase

Filesystem

Everything

Command Palette

Threatfox

About

README

Tools

Quick Start

Using with ask_pipeworx

More

License

How to install

Related MCPs

Compare Threatfox with

GitHub

Supabase

Filesystem

Everything