Greynoise Mcp Server
БесплатноНе проверенMCP Server for the GreyNoise Enterprise API
Описание
MCP Server for the GreyNoise Enterprise API
README
REQUIRES AN ENTERPRISE API KEY
Installation
MCPB (MCP Bundle)
If you use Claude Desktop or another client that supports MCPB bundles, download greynoise-mcp-server.mcpb from the releases page and double-click to install.
For Production/NPX Usage
npx @greynoise/greynoise-mcp-server --help
Sample entry for Claude Desktop:
{
"mcpServers": {
"greynoise": {
"command": "npx",
"args": ["@greynoise/greynoise-mcp-server"],
"env": {
"GREYNOISE_API_KEY": "your-greynoise-api-key"
}
}
}
}
Or for local development:
{
"mcpServers": {
"greynoise": {
"command": "node",
"args": ["/absolute/path/to/greynoise-mcp-server/build/index.js"],
"env": {
"GREYNOISE_API_KEY": "your-greynoise-api-key"
}
}
}
}
For Development
Clone the repo and then npm install && npm run build.
Build System
This project uses tsup for modern bundling:
npm run build: Creates optimized bundle for distributionnpm run build:dev: Development build with source mapsnpm run dev: Watch mode with auto-rebuild
The bundled output includes all core dependencies except Express (for HTTP transport) and dotenv (due to dynamic require limitations).
Transport Options
stdio (Default)
npx @greynoise/greynoise-mcp-server --transport stdio
http
HTTP transport requires Express to be available:
npm install express
node @greynoise/greynoise-mcp-server --transport http
Available Tools
IP Analysis
lookup-ip-context - Get detailed context for an IP address including Internet Scanner Intelligence (ISI) and Business Service Intelligence (BSI). Returns classification, tags, scanning activity, HTTP/TLS/SSH fingerprints, geographic info, and more.
quick-check-ip - Fast, lightweight check returning just classification and BSI status.
multi-ip-check - Check up to 10,000 IP addresses at once. Returns classification, BSI status, and trust level for each IP.
GNQL (GreyNoise Query Language)
gnql-query - Search GreyNoise data with GNQL. Returns full IP context results including raw scan data. Supports scroll pagination.
gnql-metadata-query - Lightweight GNQL search returning IP metadata without raw scan data. Supports CSV output format.
gnql-stats - Get aggregate statistics for GNQL query results (classification breakdown, top organizations, countries, tags, etc).
Recall (Temporal Analysis)
gnql-timeseries - Retrieve hourly IP activity records for a time range. Enables temporal analysis of scanning patterns.
gnql-timeseries-stats - Get unique IP counts per hour/day over a time range for trend analysis.
Tags
get-tag-list - Retrieve the complete list of GreyNoise tags with metadata.
search-tags - Search for tags matching a query.
get-tag-details - Get comprehensive metadata about a specific tag.
get-tag-activity - Get activity data for a tag including trends over time.
analyze-tags-activity - Analyze activity patterns across multiple tags.
Vulnerabilities
get-trending-vulnerabilities - Get vulnerabilities actively being exploited in the wild.
get-cve-details - Get detailed CVE information including GreyNoise exploitation observations.
Sessions (PCAP)
get-session - Get full metadata and connection details for a single sensor session by ID.
get-session-pcap - Download the raw PCAP capture for a single session. Saves to a temporary file and returns the path.
export-sessions-pcap - Export a PCAP file containing packets from multiple sessions matching a time range and optional Lucene query. Saves to a temporary file and returns the path.
Usage Examples
IP Analysis
// Get detailed context for an IP
{ "tool_name": "lookup-ip-context", "parameters": { "ip": "71.6.135.131" } }
// Quick check
{ "tool_name": "quick-check-ip", "parameters": { "ip": "8.8.8.8" } }
// Bulk check
{ "tool_name": "multi-ip-check", "parameters": { "ips": ["8.8.8.8", "1.1.1.1"] } }
GNQL Queries
// Search for malicious IPs seen today
{ "tool_name": "gnql-query", "parameters": { "query": "classification:malicious last_seen:1d", "size": 10 } }
// Lightweight metadata search
{ "tool_name": "gnql-metadata-query", "parameters": { "query": "tags:Mirai", "size": 25 } }
// Get stats for a query
{ "tool_name": "gnql-stats", "parameters": { "query": "classification:malicious", "count": 10 } }
Temporal Analysis (Recall)
// Hourly activity for an IP
{ "tool_name": "gnql-timeseries", "parameters": { "query": "ip:71.6.135.131" } }
// Daily unique IP counts for malicious activity
{ "tool_name": "gnql-timeseries-stats", "parameters": { "query": "classification:malicious", "interval": "day" } }
Sessions
// Get session metadata
{ "tool_name": "get-session", "parameters": { "session_id": "7e98a36cf76f29a020876691892c5f" } }
// Download session PCAP
{ "tool_name": "get-session-pcap", "parameters": { "session_id": "7e98a36cf76f29a020876691892c5f" } }
// Export PCAPs for sessions matching a query
{ "tool_name": "export-sessions-pcap", "parameters": { "start_time": "2026-01-01T00:00:00Z", "end_time": "2026-01-07T23:59:59Z", "query": "destination.port:443", "size": 50 } }
Available Prompts
vendor-threat-report - Comprehensive threat report for a vendor technology. Parameters: vendor (required), technology (optional), timeframe 1-90 days (required)
ip-threat-analysis - Detailed IP threat analysis with classification, tags, history, and recommendations. Parameters: ip (required), include_related (optional)
cve-analysis - CVE analysis including exploitation status and risk assessment. Parameters: cve_id (required), timeframe 1-90 days (optional)
emerging-threat-report - Report on emerging threats based on trending activity. Parameters: days (optional: 1/7/30), focus_area (optional)
security-posture-assessment - Security posture assessment for an organization's technology stack. Parameters: organization (required), technologies (required), industry (optional)
threat-hunting - Threat hunting plan for specific indicators or patterns. Parameters: indicator_type (required: ip/tag/behavior/actor/cve), indicator_value (required), environment (required)
Changelog
See NEWS.md for release notes.
Установить Greynoise Mcp Server в Claude Desktop, Claude Code, Cursor
unyly install greynoise-mcp-serverСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add greynoise-mcp-server -- npx -y @greynoise/greynoise-mcp-serverFAQ
Greynoise Mcp Server MCP бесплатный?
Да, Greynoise Mcp Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Greynoise Mcp Server?
Нет, Greynoise Mcp Server работает без API-ключей и переменных окружения.
Greynoise Mcp Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Greynoise Mcp Server в Claude Desktop, Claude Code или Cursor?
Открой Greynoise Mcp Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Greynoise Mcp Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
