WhisperGraph
FreeNot checkedSelf-hostable MCP server for WhisperGraph — a graph of 7.39B nodes / 39B edges mapping DNS, BGP, GeoIP, WHOIS, and threat intelligence. Six read-only tools (Cyp
About
Self-hostable MCP server for WhisperGraph — a graph of 7.39B nodes / 39B edges mapping DNS, BGP, GeoIP, WHOIS, and threat intelligence. Six read-only tools (Cypher query + schema introspection + threat assessment), six resources, eight investigation prompts. stdio and Streamable HTTP transports.
README
WhisperGraph MCP Server
The internet's infrastructure graph for AI agents - 46B nodes and edges mapping DNS, IPs, ASNs, BGP, WHOIS, Web links and threat intel. Sign up programmatically in 2 HTTP calls.
WhisperGraph is an MCP server backed by the world's largest internet-infrastructure graph database - 46 billion nodes and edges across 20 entity types, mapping every domain, IP, ASN, prefix, organization, Web link and threat-intelligence listing into a single Cypher-queryable graph. Used by security teams, incident responders, and AI agents for investigation, attribution, brand protection, and infrastructure forensics.
Built for agents from day one.
- Programmatic signup in 2 HTTP calls. No browser, no CAPTCHA, no human-in-the-loop. Email verification only. Working API key in ~5 seconds.
- Free trial for everyone, including agents. Paid tiers for higher quotas.
What you can ask:
- DNS: resolution, nameservers, MX, SPF chains, DNSSEC
- Routing: ASN ownership, BGP origin history, MOAS conflicts, peering
- Hosting & ownership: registrar, WHOIS contacts, organization mapping
- Threat intel: ~40 feeds across 18 categories,
CALL explain()for full threat scoring - Historical: WHOIS history, BGP route changes
- Web: 10.9B hyperlinks for inter-domain analysis
Learn more: Agent signup · WhisperGraph intro · Cypher API reference · Query guide · Cypher syntax · Functions · Best practices · MCP setup
Quick start
You need a WhisperGraph API key. Get one either:
- Programmatically (recommended for agents) - see Agent quickstart below.
- Via the dashboard (recommended for humans) - console.whisper.security/sign-up.
Hosted remote server (no install)
Whisper runs a hosted MCP server at https://mcp.whisper.security. Point any MCP client that supports remote servers at it and authenticate with your API key:
{
"mcpServers": {
"whisper": {
"url": "https://mcp.whisper.security",
"headers": { "Authorization": "Bearer <your_api_key>" }
}
}
}
MCP clients (stdio)
For local stdio transport, add this to your MCP client config:
{
"mcpServers": {
"whisper-graph": {
"command": "npx",
"args": ["-y", "@whisper-security/whisper-graph-mcp"],
"env": { "WHISPER_API_KEY": "your-api-key" }
}
}
}
Self-hosting this repo is for teams who want to run the MCP layer in their own environment. See How to set up.
Agent quickstart
Get a working API key in two HTTP calls - no browser, no CAPTCHA, no waiting list.
Step 1 - start signup (Whisper emails a verification code):
POST https://console.whisper.security/api/signup
Content-Type: application/json
{"email":"[email protected]","attribution":{"agent_name":"your-agent","source":"<registry-name>"}}
Step 2 - verify with the emailed code:
POST https://console.whisper.security/api/signup/verify
Content-Type: application/json
{"signup_id":"...","code":"..."}
The response contains api_key, mcp_url, dashboard_url, and docs_url. Use api_key in the MCP config snippet above. Full docs: whisper.security/docs/agent-signup.
Tools
All six tools are read-only.
| Tool | What it does |
|---|---|
query |
Execute a Cypher query against WhisperGraph. Validated against a safety rule set before it reaches the backend. |
list_labels |
List every node label with counts. Call it before writing a query when you're unsure which label to anchor on. |
describe_label |
Confirm a label exists and enumerate its property keys. |
explain_indicator |
Threat assessment for an IP, hostname, CIDR, or ASN - score, level, factors, sources. |
whisper_history |
Historical WHOIS or BGP data for an indicator. |
domain_variants |
Typosquatting / brand-protection variants of a domain, checked against the graph. |
Resources
Six MCP resources: the full schema, the relationship map, a Cypher function reference, a query cookbook, plus live whisper://stats and whisper://quota.
Prompts
Eight investigation-workflow prompt templates: investigate-ip, map-attack-surface, compare-domains, blast-radius, threat-triage, whois-pivot, bgp-investigation, typosquat-sweep.
Self-hosting (Docker / HTTP)
For remote or team deployments, run the server over Streamable HTTP:
docker run -p 8080:8080 -e MCP_TRANSPORT=http \
ghcr.io/whisper-sec/whisper-graph-mcp:latest
Or with Docker Compose:
docker compose up
In HTTP mode the server does not authenticate inbound requests - it relays the
caller's X-API-Key or Authorization: Bearer header to the hosted WhisperGraph
API, falling back to the WHISPER_API_KEY environment variable when no header is
present. Put it behind your own gateway if you need access control.
Configuration
All configuration is via environment variables.
| Variable | Default | Description |
|---|---|---|
WHISPER_API_KEY |
(none) | Your WhisperGraph API key. Get one programmatically in 2 HTTP calls or via the dashboard. |
MCP_TRANSPORT |
stdio |
stdio for local CLI use, http for remote/Docker. |
HTTP_HOST |
0.0.0.0 |
Bind host for the HTTP transport. |
HTTP_PORT |
8080 |
Bind port for the HTTP transport. |
WHISPER_ALLOWED_HOSTS |
(none) | Comma-separated Host header allowlist for DNS-rebinding protection in HTTP mode. Leave empty only behind a trusted gateway. |
WHISPER_DB_URL |
https://graph.whisper.security |
Base URL of the hosted WhisperGraph API. |
WHISPER_QUERY_TIMEOUT_MS |
60000 |
Hard per-query deadline forwarded to the API. |
WHISPER_DB_TIMEOUT_MS |
10000 |
HTTP timeout for non-query calls. |
LOG_LEVEL |
info |
debug, info, warn, or error. |
Development
npm install
npm run dev # run from source over stdio
npm test # unit + integration tests (no secrets needed)
npm run build # bundle to dist/
npm run lint # eslint
npm run typecheck # tsc --noEmit
Contributing
Contributions are welcome. See CONTRIBUTING.md and our Code of Conduct. Security issues: see SECURITY.md.
License
Apache-2.0. "Whisper", the Whisper logo, and "WhisperGraph" are trademarks of Whisper Security - see NOTICE.
Install WhisperGraph in Claude Desktop, Claude Code & Cursor
unyly install whispergraph-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add whispergraph-mcp-server -- npx -y @whisper-security/whisper-graph-mcpFAQ
Is WhisperGraph MCP free?
Yes, WhisperGraph MCP is free — one-click install via Unyly at no cost.
Does WhisperGraph need an API key?
No, WhisperGraph runs without API keys or environment variables.
Is WhisperGraph hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install WhisperGraph in Claude Desktop, Claude Code or Cursor?
Open WhisperGraph on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare WhisperGraph with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
