a bunch of ones i use personally with Gemini CLI but should work with any LLM that supports MCP.
see settings.json, add your API keys as needed, and install for your environment.
hits a bunch of free or community APIs for cyber threat intelligence use cases
- blockchain_mcp - explore the blockchain by ID and transaction
- greynoise_mcp - community Greynoise API lookups
- malpedia_mcp - leverage Malpedia
- opencti_mcp - hit an OpenCTI server
- otx_simple_mcp - query OTX by indicator, get passive DNS, etc
- ransomware-live-mcp - hit the ransomware.live API
- reddit_netsec_mcp - get the latest stories or search r/blueteamsec and r/netsec
- xforce_mcp - hit IBM's XForce CTI stuff
- yarahub-mcp - hit YaraHub
ues a bunch of OSX tools to discover and hack devices on the local network, "nmap" is the only third-party dependency.