Odel
Threatfox

Threatfox

@pipeworx-ioDeveloper ToolsTypeScriptMITUpdated 2w ago

ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)

View on GitHubSign in to connect
Server endpointStreamable HTTP
https://gateway.pipeworx.io/threatfox/mcp

This is the third-party server itself — Odel doesn't run it. Hitting this URL directly talks straight to the upstream server with no auth or proxying. Connect through Odel to front it with managed auth.

mcp-threatfox

ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)

Part of Pipeworx — an MCP gateway connecting AI agents to 673+ live data sources.

Tools

ToolDescription
search_hashIOCs associated with a file hash (md5 / sha1 / sha256).
search_malwareIOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot").

Quick Start

Add to your MCP client (Claude Desktop, Cursor, Windsurf, etc.):

{
  "mcpServers": {
    "threatfox": {
      "url": "https://gateway.pipeworx.io/threatfox/mcp"
    }
  }
}

Or connect to the full Pipeworx gateway for access to all 673+ data sources:

{
  "mcpServers": {
    "pipeworx": {
      "url": "https://gateway.pipeworx.io/mcp"
    }
  }
}

Using with ask_pipeworx

Instead of calling tools directly, you can ask questions in plain English:

ask_pipeworx({ question: "your question about Threatfox data" })

The gateway picks the right tool and fills the arguments automatically.

More

License

MIT