cybersecurity MCP tools

a bunch of ones i use personally with Gemini CLI but should work with any LLM that supports MCP.

what's in the box?

see settings.json, add your API keys as needed, and install for your environment.

CTI use cases

hits a bunch of free or community APIs for cyber threat intelligence use cases

• blockchain_mcp - explore the blockchain by ID and transaction
• greynoise_mcp - community Greynoise API lookups
• malpedia_mcp - leverage Malpedia
• opencti_mcp - hit an OpenCTI server
• otx_simple_mcp - query OTX by indicator, get passive DNS, etc
• ransomware-live-mcp - hit the ransomware.live API
• reddit_netsec_mcp - get the latest stories or search r/blueteamsec and r/netsec
• xforce_mcp - hit IBM's XForce CTI stuff
• yarahub-mcp - hit YaraHub

localhacker

ues a bunch of OSX tools to discover and hack devices on the local network, "nmap" is the only third-party dependency.

TODO

• https://cveapi.com/
• https://hashlookup.circl.lu/