Related MCP Server Resources

Explore more AI models, providers, and integration options:

  • Explore AI Models
  • Explore AI Providers
  • Explore MCP Servers
  • LangDB Pricing
  • Documentation
  • AI Industry Blog
  • IR Toolshed MCP Server
  • sanderkooger-mcp-server-ragdocs
  • Math MCP Server for MacOS
  • DocGen MCP Server
  • Joern MCP Server
Back to MCP Servers
Enrichment MCP Server

Enrichment MCP Server

Public
synackpwn/enrichment-mcp

Performs observable enrichment using Model Context Protocol by integrating multiple third-party services like VirusTotal and Hybrid Analysis to provide IP, domain, URL, and email threat intelligence lookups.

python
0 tools
May 29, 2025
Updated Jun 4, 2025

Supercharge Your AI with Enrichment MCP Server

MCP Server

Unlock the full potential of Enrichment MCP Server through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.

Unified API Access
Complete Tracing
Instant Setup
Get Started Now

Free tier available • No credit card required

Instant Setup
99.9% Uptime
10,000+Monthly Requests

Enrichment MCP Server

A Model Context Protocol (MCP) server for performing enrichment given a provided observable. The combination of configured services and the provided observable(s) will determine which enrichment services to utilize.

This tool provides a simple implementation to perform third-party enrichment using common services (e.g. VirusTotal, Hybrid Analysis, etc.).

This project is has not been used in any production setting.

Features

This implementation of the enrichment-mcp MCP server exposes the following tools.

  • observable-lookup - A generic endpoint which examines and routes the given observable to the correct tool.
  • lookup-ipaddress - Performs enrichment on a given IPv4 address.
  • lookup-domain - Performs enrichment on a given domain name.
  • lookup-url - Performs enrichment on a given URL (and in some cases domain name).
  • lookup-email - Performs enrichment of a given email address.

If you encounter an issue with the determined observable type, then please create an issue or I can update the current implemented regex patterns.

Supported Services

The following services and observable types are currently supported:

If you have any suggestions or believe another service should be implemented, please create an issue or pull request!

NameAPI Key RequiredSupports IPSupports DomainSupports URLSupports Email
VirusTotalYesYesYesYesNo
HybridAnalysisYesYesYesYesNo
AlienVaultYesYesYesYesNo
ShodanYesYesYesYesNo
Urlscan.ioYesYesYesYesNo
AbuseIPDBYesYesNoNoNo
HaveIBeenPwnedYesNoNoNoYes

Requirements

This MCP service implements a custom config file that is used to determine which third-party enrichment services should be used for observable lookups.

Since this is purely for development / testing at this current time, the easiest way to run this on a local mac/system is:

uv run --env-file .env server.py

This requires that you use the provided template .env.exampl and create a new .env file with your secrets.

config.yaml

This project provides a custom configuration file and I believe it's pretty easy to understand.

First, copy the provided config.yaml.example config and remove the .example extension before using this service.

Within this configuration file there are two main sections of data; server and enrichments.

By default, all services supported are mapped to the current implemented enrichment action types. Currently, the only true enrichment action type is lookups but other may be implemented in the future.

Under the lookups we have the different supported enrichment types.

That being said, each individual service can have a key named apikey and the API key value from that service but please consider not doing so.

You can set this keys value directly in the config.yaml.example but the preferred way is to use a .env.

NOTE: It is highly recommended to set secrets as environmental variables when implementing this service. Stop storing secrets silly goose.

In order for this service to discover these variables, they must be in a specific format. Below is the list of currently supported variables:

  • ENRICHMENT_MCP_VIRUSTOTAL_KEY
  • ENRICHMENT_MCP_HYBRIDANALYSIS_KEY
  • ENRICHMENT_MCP_ALIENVAULT_KEY
  • ENRICHMENT_MCP_SHODAN_KEY
  • ENRICHMENT_MCP_URLSCAN_KEY
  • ENRICHMENT_MCP_HIBP_KEY

Server Configuration

There are minimal settings here as this is mostly for sandboxing and testing, but these settings typically do not need to be changed or altered for this service to work.

server: host: 0.0.0.0 # the host address port: 8000 # the port debug: false # whether to enable debug logging log_level: INFO # the default logging level

Enrichments Configuration

Each enrichment in our config file resides under the enrichments key. Additionally, I have broken out the different types of enrichment that can be performed. This means, in the current implementation, we only have a single action type called lookups but in the future this can be expanded for things like scans or queries etc.

Underneath these high-level actions, we list out the observable type followed by a list of services that support that type. The currently supported observable types are:

  • ipaddress - ipv4 addresses
  • domain - A domain or netloc
  • url - A fully qualified URL with schema, etc.
  • email - A standard email address

We also support these types but they are currently not implemented:

  • md5 - A file MD5 hash
  • sha1 - A file SHA1 hash
  • sha256 - A file SHA256 hash

Each service must have a name and a template. The apikey field can be provided but it is recommended to use environmental variables.

Prompt Templates

Each service and observable type can have it's own template. These reside in the templates directory and all templates are expected to exist here.

Each service defined has a prompt template using jinja2 templates. You can modify these are needed, but the format of the filename must remain the same.

These files have the following filename pattern.

{service.name}.{enrichment.type}.jinja2

Additionally, ensure that the response object has the correct fields in the template itself or you will receive an error.

Below is an example output for a prompt of Enrich this IP 91.195.240.94 with some errors mixed in:

{ "virustotal": "error occurred looking up ip 91.195.240.94 in virustotal", "alienvault": "Service: alienvault IPAddress: Reputation Score: 0 Total Votes: ", "shodan": "Service: shodan IPAddress: 91.195.240.94 Last Analysis Results: 2025-04-25T21:02:52.644602 Tags Additional information includes: * Latitude: 48.13743 * Longitude: 11.57549 * ASN: AS47846 * Domains: ["servervps.net"]", "hybridanalysis": "error occurred looking up ip 91.195.240.94 in hybridanalysis", "urlscan": "Service: urlscan Result: https://urlscan.io/api/v1/result/01966efe-c8fa-74a4-bfc0-1ed479838e85/ Stats * uniqIPs - 6 * uniqCountries - 2 * dataLength - 432561 * encodedDataLength - 218606 * requests - 14 Page * country - DE * server - Parking/1.0 * ip - 91.195.240.94 * mimeType - text/html * title - wearab.org\xa0-\xa0Informationen zum Thema wearab. * url - https://login.wearab.org/ * tlsValidDays - 364 * tlsAgeDays - 0 * tlsValidFrom - 2025-04-25T00:00:00.000Z * domain - login.wearab.org * apexDomain - wearab.org * asnname - SEDO-AS SEDO GmbH, DE * asn - AS47846 * tlsIssuer - Encryption Everywhere DV TLS CA - G2 * status - 200 ", "abuseipdb": "Service: abuseripdb IPAddress: 91.195.240.94 Last Analysis Result: 2025-03-30T14:04:45+00:00 Score: 7 Usage: Data Center/Web Hosting/Transit Is Tor: False Is Whitelisted: False ISP: Sedo Domain Parking" }

Usage

For using a pre-built server, instructions from here: https://modelcontextprotocol.io/quickstart/user

  • Download Claude for Desktop
  • Install uv
curl -LsSf https://astral.sh/uv/install.sh | sh
  • Download this repo and add to Claude for Desktop config
    • Claude for Desktop > Settings > Developer > Edit Config

This will create a configuration file at:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

Open up the configuration file in any text editor. Replace the file contents with this:

{ "mcpServers": { "enrichment-mcp": { "command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv", "args": [ "--directory", "/ABSOLUTE/PATH/TO/CLONED/REPOSITORY/enrichment-mcp", "run", "server.py" ] } } }
  1. Relaunch Claude for Desktop

You should now see two icons in the chat bar, a hammer which shows the tools available and a connection icon which shows the prompt defined and the input required.

Design

While building this server, I was learning astral uv as well as MCP. I definitely over engineered this but it was fun. I also had future uses for some of this code so I tried to design it with that in mind as well (more to come on that).

Additionally, I specifically moved to Jinja2 templates as this enables better management of the returned prompts/results and, again, furture use cases as well.

Please provide any feedback, improvements or feature requests; glad to hear them all.

Contributing

Contributions are welcome! Please feel free to submit pull requests.

Disclaimer

This tool is for educational and authorized testing purposes only.

Publicly Shared Threads0

Discover shared experiences

Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!

Share your threads to help others
Related MCPs5
  • IR Toolshed MCP Server
    IR Toolshed MCP Server

    Provides a Model Context Protocol (MCP) service offering advanced network incident response tools in...

    Added May 30, 2025
  • sanderkooger-mcp-server-ragdocs
    sanderkooger-mcp-server-ragdocs

    Provides vector-based semantic search and real-time context augmentation for AI assistants by retrie...

    Added May 30, 2025
  • Math MCP Server for MacOS
    Math MCP Server for MacOS

    Performs advanced mathematical calculations and visually presents results by drawing shapes and addi...

    Added May 30, 2025
  • DocGen MCP Server
    DocGen MCP Server

    Automates standardized documentation generation from GitHub and Google Drive sources using templates...

    3 tools
    Added May 30, 2025
  • Joern MCP Server
    Joern MCP Server

    A Python-based Model Context Protocol server integrating with Joern to facilitate advanced code revi...

    Added May 30, 2025