irtoolshed-mcp-server

irtoolshed-mcp-server

1
security

IR Toolshed MCP Server offers a comprehensive suite of tools focused on network incident response and security analysis. It provides functionalities such as ASN lookups, DNS analysis, WHOIS information retrieval, and IP geolocation, aiding security professionals and AI systems in security investigations and research.

IR Toolshed MCP Server

  • Provides incident response and network analysis tools via the Model Context Protocol for security professionals.
  • Offers capabilities like ASN lookups, DNS analysis, WHOIS record retrieval, and IP geolocation.
  • Detailed documentation for each tool is included to aid AI systems in understanding tool usage.

Current Tools

  • ASN Lookup Tool: Queries IP addresses for AS numbers and ownership.
  • DNS Lookup Tool: Supports multiple record types and handles IPv4 and IPv6 queries.
  • WHOIS Lookup Tool: Retrieves domain registration details.
  • Geolocation Tool: Provides location data using MaxMind's GeoLite2 database.

Future Plans

  • Domain reputation scoring, SSL analysis, port scanning, threat intelligence, and more.

Requirements

  • Python 3.8+, uv package manager.

Installation & Setup

  • Instructions provided for cloning, environment setup, and running the server.

Testing and Code Quality

  • Tests are in tests/ directory.
  • Tools for code quality: Black, isort, mypy, ruff.

Contributions

  • Guide to contribute new tools or enhancements.

License

  • Apache 2.0

Security

  • Compliance with legal regulations required when using these tools.