Labsco
Salmanwz logo

AbuseIpDB MCP Server

โ˜… 2

from Salmanwz

A Model Context Protocol (MCP) server implementation that provides seamless integration with the AbuseIPDB API for IP reputation checking and abuse report management.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedPaid serviceAdvanced setup

AbuseIPDB MCP Server

A Model Context Protocol (MCP) server implementation that provides seamless integration with the AbuseIPDB API for IP reputation checking and abuse report management.

Overview

This MCP server enables AI assistants and automated systems to query AbuseIPDB's threat intelligence database, allowing you to check IP addresses for malicious activity, retrieve abuse confidence scores, and access detailed historical report data through a standardized protocol interface.

Features

  • IP Reputation Checks - Query any IPv4 or IPv6 address for abuse reports
  • Confidence Scoring - Get abuse confidence scores (0-100) based on report frequency and severity
  • Detailed Reporting - Access comprehensive abuse report metadata and categories
  • Historical Data - Query abuse reports within configurable time windows (up to 365 days)
  • Flexible Output - Toggle between concise summaries and verbose detailed responses
  • Standards-Based - Built on the Model Context Protocol for seamless integration

Use Cases

  • Security Operations: Integrate IP reputation checks into SOC workflows
  • Incident Response: Quickly assess threat levels during investigations
  • Threat Intelligence: Enrich security alerts with abuse data
  • Network Monitoring: Automate suspicious IP detection and blocking
  • Log Analysis: Cross-reference connection logs with known malicious IPs

API Rate Limits

Free tier API keys are limited to 1,000 checks per day. Upgrade to a premium plan for higher limits.

Development

Project Structure

mcp-abuseipdb/
โ”œโ”€โ”€ abusedb.py          # Main MCP server implementation
โ”œโ”€โ”€ pyproject.toml      # UV/Python dependencies
โ”œโ”€โ”€ README.md           # This file
โ””โ”€โ”€ LICENSE            # License information

Running Tests

# Add test dependencies
uv add pytest pytest-asyncio httpx

# Run tests
uv run pytest

Security

This server handles sensitive threat intelligence data. Best practices:

  • Never commit API keys to version control
  • Store API keys in environment variables or secure vaults
  • Use HTTPS for all API communications (enforced by default)
  • Implement rate limiting in production deployments
  • Monitor API usage for anomalies

Resources