sec-mcp: Security Checking Toolkit
@Montimage
A Python toolkit providing security checks for domains, URLs, IPs, and more. Integrate easily into any Python application, use via terminal CLI, or run as an MCP server to enrich LLM context with real-time threat insights.
Overview
What is sec-mcp?
sec-mcp is a Python toolkit providing security checks for domains, URLs, IP addresses, and more against multiple blacklist feeds. It can be integrated into Python applications, used via terminal CLI, or run as an MCP server to enrich LLM context with real-time threat insights. Developed by Montimage.
How to use sec-mcp?
Install via pip install sec-mcp, then use the CLI commands (sec-mcp status, sec-mcp update, sec-mcp check, sec-mcp batch) or import the SecMCP class in Python. To use it as an MCP server, configure your MCP client (e.g., Claude, Windsurf, Cursor) to run python -m sec_mcp.start_server from a virtual environment with the absolute path to the Python executable.
Key features of sec-mcp
- Checks domains, URLs, IP addresses against multiple blacklist feeds
- On-demand updates from OpenPhish, PhishStats, URLhaus and custom sources
- Thread-safe SQLite storage with in-memory caching for fast lookups
- Python API via the
SecMCPclass - Click-based CLI for interactive single or batch scans
- Built-in MCP server support for LLM/AI integrations over JSON/STDIO
Use cases of sec-mcp
- Real-time security checks for domains, URLs, or IPs in LLM workflows
- Batch scanning of multiple indicators from a file
- Monitoring and managing blacklist entries via MCP tools
- Integrating threat intelligence into custom Python applications
FAQ from sec-mcp
How do I install sec-mcp?
Install with pip install sec-mcp. A virtual environment is recommended.
Where is the database stored?
By default, the SQLite database mcp.db is stored in a cross-platform location: ~/Library/Application Support/sec-mcp/ on macOS, ~/.local/share/sec-mcp/ on Linux, or %APPDATA%\sec-mcp\ on Windows. Override with the MCP_DB_PATH environment variable.
How do I update the blacklists?
Use the CLI command sec-mcp update or call the update() method on a SecMCP instance.
Which MCP clients are supported?
Sec-mcp is designed for MCP-compatible clients such as Claude, Windsurf, and Cursor.
What tools does the MCP server expose?
It exposes tools like check_blacklist, check_batch, get_blacklist_status, sample_blacklist, get_source_stats, get_update_history, flush_cache, add_entry, remove_entry, update_blacklists, and health_check.