Enrichment MCP Server
@synackpwn
About Enrichment MCP Server
A Model Context Protocol (MCP) server for security data enrichment
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"enrichment-mcp-synackpwn": {
"command": "uv",
"args": [
"run",
"--env-file",
".env",
"server.py"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Enrichment MCP Server?
A Model Context Protocol (MCP) server that performs third-party enrichment on observables (IP addresses, domains, URLs, email addresses) using configured services such as VirusTotal, Hybrid Analysis, AlienVault, Shodan, Urlscan.io, AbuseIPDB, and HaveIBeenPwned. It is intended for development and testing, not production.
How to use Enrichment MCP Server?
Install uv, clone the repository, and configure Claude for Desktop with a custom config file pointing to the server. Alternatively, run locally with uv run --env-file .env server.py after creating a .env file with API keys and copying config.yaml.example to config.yaml. The server exposes tools like observable-lookup, lookup-ipaddress, lookup-domain, lookup-url, and lookup-email.
Key features of Enrichment MCP Server
- Routes observables to appropriate enrichment services automatically.
- Supports IPv4, domain, URL, and email lookups.
- Integrates with VirusTotal, HybridAnalysis, AlienVault, Shodan, Urlscan.io, AbuseIPDB, and HaveIBeenPwned.
- Uses a custom YAML config file for service and template management.
- Prompt templates are written in Jinja2 and customizable.
- All services require an API key, which can be set via environment variables.
Use cases of Enrichment MCP Server
- Enrich an IP address with reputation data from multiple threat intelligence feeds.
- Investigate a suspicious domain or URL using aggregated service results.
- Assess an email address against HaveIBeenPwned’s breach database.
- Automate observable enrichment for security analysts via Claude for Desktop.
- Test and develop MCP-based enrichment workflows in a sandboxed environment.
FAQ from Enrichment MCP Server
What services are supported and do they require API keys?
All supported services (VirusTotal, HybridAnalysis, AlienVault, Shodan, Urlscan.io, AbuseIPDB, HaveIBeenPwned) require an API key. Keys can be provided in a .env file using specific environment variable names (e.g., ENRICHMENT_MCP_VIRUSTOTAL_KEY).
Where are the API keys and configuration data stored?
API keys are stored in an environment file (.env) or optionally in config.yaml. The server itself does not store any data; third-party enrichment results are returned as prompts.
What transport does the server use?
The server is configured to run via the command line, typically launched by Claude for Desktop using the MCP stdio transport. The example Claude config specifies a command with arguments.
Are there any known limitations?
This project has not been used in production. The tool relies on regex patterns for observable type detection, which may need updates. Not all observable types (e.g., MD5, SHA1, SHA256) are currently implemented for enrichment.
What are the runtime requirements?
Python and uv (Astral’s package manager) are required. The server depends on a .env file for secrets and a config.yaml file for service and template configuration.
More Other MCP servers
Nginx UI
0xJackyYet another WebUI for Nginx
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser

Peekaboo MCP – lightning-fast macOS screenshots for AI agents
steipetePeekaboo is a macOS CLI & optional MCP server that enables AI agents to capture screenshots of applications, or the entire system, with optional visual question answering through local or remote AI models.
Blender
ahujasidOpen-source MCP to use Blender with any LLM
Comments