Honeypot Server
БесплатноНе проверенEnables querying a honeypot threat-intelligence database via natural language to analyze attacker activity, without writing SQL. Provides read-only tools for ov
Описание
Enables querying a honeypot threat-intelligence database via natural language to analyze attacker activity, without writing SQL. Provides read-only tools for overview, top attackers, credentials, commands, and more.
README
A small Model Context Protocol server that exposes my live honeypot's threat-intelligence database to an MCP client (Claude Desktop / Claude Code) as read-only tools — so I can investigate attacker activity by just asking, instead of writing SQL.
The data comes from a self-hosted honeypot stack (Cowrie SSH/Telnet + a custom HTTP honeypot) writing into PostgreSQL — currently ~530k attack sessions, ~33k login attempts, and thousands of captured attacker commands and file-staging events.
Tools
| Tool | What it returns |
|---|---|
honeypot_overview(days) |
Totals (sessions, unique IPs, logins, commands, file events) + breakdown by honeypot/protocol |
top_attackers(days, limit) |
Busiest source IPs with country + ASN org |
top_credentials(days, limit) |
Most-tried username/password pairs |
recent_commands(days, limit) |
Commands attackers ran post-login (TTPs) |
attacks_by_country(days, limit) |
Sessions grouped by source country |
malware_downloads(days, limit) |
Captured file/malware staging (filename, URL, sha256) |
lookup_ip(ip) |
Full profile for one IP: sessions, geo/ASN, creds tried, commands, ban status |
Safety
- Read-only by construction. Every connection opens a read-only transaction
and every query is a
SELECT. No tool mutates data. - The IP passed to
lookup_ipis validated withipaddressand bound as a query parameter — never string-formatted into SQL. - Recommended: point
HONEYPOT_DATABASE_URLat a DB role grantedSELECTonly.
Setup
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # then edit with your connection string
export HONEYPOT_DATABASE_URL="postgresql://user:[email protected]:5433/honeypot"
python server.py selftest # verify DB connectivity
python server.py # run as an MCP (stdio) server
Connecting a client
Claude Code (claude mcp add):
claude mcp add honeypot -- bash -lc 'cd /path/to/honeypot-mcp && \
HONEYPOT_DATABASE_URL="postgresql://user:[email protected]:5433/honeypot" \
.venv/bin/python server.py'
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"honeypot": {
"command": "/path/to/honeypot-mcp/.venv/bin/python",
"args": ["/path/to/honeypot-mcp/server.py"],
"env": { "HONEYPOT_DATABASE_URL": "postgresql://user:[email protected]:5433/honeypot" }
}
}
}
The DB lives on my server (bound to localhost), so I either run this server there, or launch it over SSH stdio from my laptop:
{ "mcpServers": { "honeypot": {
"command": "ssh",
"args": ["ubuntu", "cd honeypot-mcp && .venv/bin/python server.py"]
}}}
Установка Honeypot Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/FradleyJ/honeypot-mcpFAQ
Honeypot Server MCP бесплатный?
Да, Honeypot Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Honeypot Server?
Нет, Honeypot Server работает без API-ключей и переменных окружения.
Honeypot Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Honeypot Server в Claude Desktop, Claude Code или Cursor?
Открой Honeypot Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
wenb1n-dev/SmartDB_MCP
A universal database MCP server supporting simultaneous connections to multiple databases. It provides tools for database operations, health analysis, SQL optim
автор: wenb1n-devPostgres Server
This server enables interaction with PostgreSQL databases through the Model Context Protocol, optimized for the AWS Bedrock AgentCore Runtime. It provides tools
автор: madhurprashPostgres
Query your database in natural language
автор: AnthropicPostgreSQL
Read-only database access with schema inspection.
автор: modelcontextprotocolCompare Honeypot Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории data
