@tocharianou/abuseipdb-mcp 1.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 MCP AbuseIPDB Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,306 @@
+# MCP AbuseIPDB Server
+
+An MCP (Model Context Protocol) server that provides threat intelligence lookups against the AbuseIPDB database. This server enables any MCP-capable client to perform IP reputation checks, CIDR block analysis, and access curated blacklists with intelligent caching and rate limiting.
+
+## Features
+
+- **IP Reputation Checks**: Single IP address lookups with detailed abuse data
+- **CIDR Block Analysis**: Check entire network ranges for malicious activity
+- **Blacklist Access**: Retrieve current AbuseIPDB blacklist with configurable confidence levels
+- **Bulk Operations**: Check multiple IP addresses efficiently
+- **Log Enrichment**: Extract and analyze IP addresses from log lines
+- **Intelligent Caching**: SQLite-based caching with TTL to minimize API usage
+- **Rate Limiting**: Built-in quota management for AbuseIPDB API limits
+- **Security Focused**: Input validation, private IP filtering, and secure defaults
+
+## Quick Start
+
+### Prerequisites
+
+- Python 3.11 or higher
+- AbuseIPDB API key (get one at [abuseipdb.com](https://www.abuseipdb.com/api))
+
+### Installation
+
+1. Clone the repository:
+```bash
+git clone <repository-url>
+cd AbuseIPDB-MCP
+```
+
+2. Install the package:
+```bash
+pip install -e .
+```
+
+3. Set up your environment:
+```bash
+cp .env.example .env
+# Edit .env and add your ABUSEIPDB_API_KEY
+```
+
+4. Run the server:
+```bash
+python -m mcp_abuseipdb.server
+```
+
+### MCP Client Configuration
+
+#### Option 1: Using the Enhanced Startup Script (Recommended)
+
+Add to your MCP client configuration (e.g., `mcp.json`):
+
+```json
+{
+  "mcpServers": {
+    "mcp-abuseipdb": {
+      "command": "python",
+      "args": ["scripts/start_mcp_server.py"],
+      "cwd": "/path/to/AbuseIPDB-MCP",
+      "env": {
+        "ABUSEIPDB_API_KEY": "your_api_key_here"
+      }
+    }
+  }
+}
+```
+
+#### Option 2: Direct Module Execution
+
+```json
+{
+  "mcpServers": {
+    "mcp-abuseipdb": {
+      "command": "python",
+      "args": ["-m", "mcp_abuseipdb.server"],
+      "cwd": "/path/to/AbuseIPDB-MCP",
+      "env": {
+        "ABUSEIPDB_API_KEY": "your_api_key_here"
+      }
+    }
+  }
+}
+```
+
+**Important Notes:**
+- Replace `your_api_key_here` with your actual AbuseIPDB API key
+- Update `/path/to/AbuseIPDB-MCP` to the actual path where you cloned this repository
+- The enhanced startup script (Option 1) provides better error diagnostics
+- Ensure your API key is valid and not expired on the AbuseIPDB website
+
+## Available Tools
+
+### `check_ip`
+Check the reputation of a single IP address.
+
+**Parameters:**
+- `ip_address` (required): IP address to check
+- `max_age_days` (optional): Maximum age of reports (default: 30)
+- `verbose` (optional): Include detailed reports (default: false)
+- `threshold` (optional): Confidence threshold for flagging (default: 75)
+
+### `check_block`
+Check the reputation of a CIDR network block.
+
+**Parameters:**
+- `network` (required): CIDR network (e.g., "192.168.1.0/24")
+- `max_age_days` (optional): Maximum age of reports (default: 30)
+
+### `get_blacklist`
+Retrieve the AbuseIPDB blacklist.
+
+**Parameters:**
+- `confidence_minimum` (optional): Minimum confidence level (default: 90)
+- `limit` (optional): Maximum entries to retrieve
+
+### `bulk_check`
+Check multiple IP addresses efficiently.
+
+**Parameters:**
+- `ip_addresses` (required): List of IP addresses
+- `max_age_days` (optional): Maximum age of reports (default: 30)
+- `threshold` (optional): Confidence threshold for flagging (default: 75)
+
+### `enrich_log_line`
+Extract and analyze IP addresses from log entries.
+
+**Parameters:**
+- `log_line` (required): Log line containing IP addresses
+- `threshold` (optional): Confidence threshold for flagging (default: 75)
+- `max_age_days` (optional): Maximum age of reports (default: 30)
+
+## Available Resources
+
+### `cache://info`
+Get current cache statistics and rate limiter status.
+
+### `doc://usage`
+Complete API usage documentation and examples.
+
+## Available Prompts
+
+### `triage_ip`
+Generate security analyst triage notes for an IP address.
+
+**Parameters:**
+- `ip_data` (required): IP check data from AbuseIPDB
+
+## Configuration
+
+All configuration is done via environment variables. Copy `.env.example` to `.env` and customize:
+
+### Required Settings
+- `ABUSEIPDB_API_KEY`: Your AbuseIPDB API key
+
+### Optional Settings
+- `MAX_AGE_DAYS`: Default report age limit (default: 30)
+- `CONFIDENCE_THRESHOLD`: Default confidence threshold (default: 75)
+- `DAILY_QUOTA`: API request quota (default: 1000)
+- `CACHE_DB_PATH`: SQLite cache file location (default: ./cache.db)
+- `LOG_LEVEL`: Logging level (default: INFO)
+- `ALLOW_PRIVATE_IPS`: Allow checking private IPs (default: false)
+
+## Usage Examples
+
+### Basic IP Check
+```
+Check the reputation of 8.8.8.8
+```
+
+### Log Analysis
+```
+Analyze this log line for threats:
+192.168.1.100 - - [10/Jan/2024:10:00:00 +0000] "GET /admin/login.php HTTP/1.1" 200 1234
+```
+
+### Bulk Analysis
+```
+Check these IPs for malicious activity:
+- 203.0.113.100
+- 198.51.100.50
+- 192.0.2.25
+```
+
+### Security Investigation
+```
+I'm investigating suspicious activity from 203.0.113.100. Can you:
+1. Check its reputation with detailed reports
+2. Analyze the surrounding network block
+3. Generate triage notes for our security team
+```
+
+See `examples/queries.md` for more detailed examples.
+
+## Docker Deployment
+
+Build and run with Docker:
+
+```bash
+# Build the image
+docker build -f docker/Dockerfile -t mcp-abuseipdb .
+
+# Run the container
+docker run -e ABUSEIPDB_API_KEY=your_key_here mcp-abuseipdb
+```
+
+## Development
+
+### Setup Development Environment
+```bash
+pip install -e ".[dev]"
+pre-commit install
+```
+
+### Run Tests
+```bash
+pytest
+```
+
+
+## Security Considerations
+
+- **API Key Protection**: Never commit API keys to version control
+- **Private IP Filtering**: Private IPs are blocked by default
+- **Rate Limiting**: Built-in quota management prevents API abuse
+- **Input Validation**: All inputs are validated and sanitized
+- **Caching**: Reduces API calls and improves performance
+
+## Rate Limits
+
+AbuseIPDB free tier provides 1,000 requests per day. This server:
+- Implements intelligent caching to minimize API usage
+- Provides rate limiting with configurable quotas
+- Gracefully handles rate limit errors with backoff
+
+## Troubleshooting
+
+### "Unauthorized API key" Error in Claude App
+
+If you're getting unauthorized API key errors when using the MCP server with Claude:
+
+1. **Verify API Key Configuration**:
+   ```bash
+   # Test your API key with the diagnostic script
+   python diagnostics/api_auth_diagnostic.py
+   ```
+
+2. **Check Claude App Configuration**:
+   - Ensure your `mcp.json` has the correct API key in the `env` section
+   - Verify the `cwd` path points to your project directory
+   - Make sure the API key value matches exactly (no extra spaces)
+
+3. **Use Enhanced Startup Script**:
+   - Switch to Option 1 configuration (enhanced startup script)
+   - Check the server logs in Claude app for diagnostic messages
+   - Look for `[MCP AbuseIPDB]` prefixed messages
+
+4. **Environment Variable Issues**:
+   - Ensure your `.env` file is in the project root directory
+   - Verify the API key in `.env` matches your Claude app configuration
+   - Check that the API key is valid on the AbuseIPDB website
+
+5. **Debug Steps**:
+   ```bash
+   # Test local server startup
+   python scripts/start_mcp_server.py
+
+   # Check environment loading
+   python -c "from mcp_abuseipdb.settings import Settings; print('API key loaded:', bool(Settings().abuseipdb_api_key))"
+   ```
+
+### Common Issues
+
+- **"No .env file found"**: Make sure `.env` exists in project root or set API key in Claude app config
+- **"Settings API key: EMPTY"**: API key not properly loaded from environment
+- **"Environment var: EMPTY"**: API key not set in Claude app MCP configuration
+- **Connection timeouts**: Check your internet connection and AbuseIPDB service status
+
+## Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes with tests
+4. Run the test suite and linting
+5. Submit a pull request
+
+## License
+
+MIT License — see [LICENSE](LICENSE) for details.
+
+## Support
+
+- Documentation: See `examples/` directory
+- Issues: Please report bugs and feature requests via GitHub issues
+- API Documentation: [AbuseIPDB API Docs](https://docs.abuseipdb.com/)
+
+## Changelog
+
+### v0.1.0
+- Initial release
+- Basic IP checking functionality
+- CIDR block analysis
+- Blacklist access
+- Bulk operations
+- Log enrichment
+- Caching and rate limiting
+- Docker support

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+import 'dotenv/config';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { AbuseIPDBConfig } from './src/types.js';
+interface ServerCreationOptions {
+    name: string;
+    version: string;
+    config: AbuseIPDBConfig;
+    description?: string;
+}
+export declare function createAbuseIPDBMcpServer(options: ServerCreationOptions): Promise<McpServer>;
+export {};

package/dist/index.js

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2024 TocharianOU Contributors
+import 'dotenv/config';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import express from 'express';
+import { randomUUID } from 'crypto';
+import { AbuseIPDBConfigSchema } from './src/types.js';
+import { createAbuseIPDBClient } from './src/utils/api.js';
+import { registerIpTools } from './src/ip-tools.js';
+import { registerBlockTools } from './src/block-tools.js';
+import { registerBlacklistTools } from './src/blacklist-tools.js';
+export async function createAbuseIPDBMcpServer(options) {
+    const { name, version, config, description } = options;
+    const validatedConfig = AbuseIPDBConfigSchema.parse(config);
+    const client = createAbuseIPDBClient(validatedConfig);
+    const server = new McpServer({
+        name,
+        version,
+        ...(description ? { description } : {}),
+    });
+    const maxTokenCall = parseInt(process.env.MAX_TOKEN_CALL ?? '20000', 10);
+    registerIpTools(server, client, maxTokenCall);
+    registerBlockTools(server, client, maxTokenCall);
+    registerBlacklistTools(server, client, maxTokenCall);
+    registerBlockTools(server, client, maxTokenCall);
+    registerBlacklistTools(server, client, maxTokenCall);
+    return server;
+}
+async function main() {
+    const config = {
+        apiKey: process.env.ABUSEIPDB_API_KEY,
+        baseUrl: process.env.ABUSEIPDB_BASE_URL,
+        authToken: process.env.ABUSEIPDB_AUTH_TOKEN,
+        timeout: parseInt(process.env.ABUSEIPDB_TIMEOUT ?? '30000', 10),
+    };
+    const SERVER_NAME = 'abuseipdb-mcp-server';
+    const SERVER_VERSION = '1.0.0';
+    const SERVER_DESCRIPTION = 'AbuseIPDB MCP Server – IP reputation, abuse confidence scoring, and threat blacklist';
+    const useHttp = process.env.MCP_TRANSPORT === 'http';
+    const httpPort = parseInt(process.env.MCP_HTTP_PORT ?? '3000', 10);
+    const httpHost = process.env.MCP_HTTP_HOST ?? 'localhost';
+    if (useHttp) {
+        process.stderr.write(`Starting AbuseIPDB MCP Server in HTTP mode on ${httpHost}:${httpPort}\n`);
+        const app = express();
+        app.use(express.json());
+        const transports = new Map();
+        app.get('/health', (_req, res) => {
+            res.json({ status: 'ok', transport: 'streamable-http' });
+        });
+        app.post('/mcp', async (req, res) => {
+            const sessionId = req.headers['mcp-session-id'];
+            try {
+                let transport;
+                if (sessionId !== undefined && transports.has(sessionId)) {
+                    transport = transports.get(sessionId);
+                }
+                else {
+                    transport = new StreamableHTTPServerTransport({
+                        sessionIdGenerator: () => randomUUID(),
+                        onsessioninitialized: async (newSessionId) => {
+                            transports.set(newSessionId, transport);
+                            process.stderr.write(`MCP session initialized: ${newSessionId}\n`);
+                        },
+                        onsessionclosed: async (closedSessionId) => {
+                            transports.delete(closedSessionId);
+                            process.stderr.write(`MCP session closed: ${closedSessionId}\n`);
+                        },
+                    });
+                    const server = await createAbuseIPDBMcpServer({
+                        name: SERVER_NAME,
+                        version: SERVER_VERSION,
+                        config,
+                        description: SERVER_DESCRIPTION,
+                    });
+                    await server.connect(transport);
+                }
+                await transport.handleRequest(req, res, req.body);
+            }
+            catch (error) {
+                process.stderr.write(`Error handling MCP request: ${error}\n`);
+                if (!res.headersSent) {
+                    res.status(500).json({
+                        jsonrpc: '2.0',
+                        error: { code: -32603, message: 'Internal server error' },
+                        id: null,
+                    });
+                }
+            }
+        });
+        app.get('/mcp', async (req, res) => {
+            const sessionId = req.headers['mcp-session-id'];
+            if (sessionId === undefined || !transports.has(sessionId)) {
+                res.status(400).json({
+                    jsonrpc: '2.0',
+                    error: { code: -32000, message: 'Invalid or missing session ID' },
+                    id: null,
+                });
+                return;
+            }
+            try {
+                const transport = transports.get(sessionId);
+                await transport.handleRequest(req, res);
+            }
+            catch (error) {
+                process.stderr.write(`Error handling SSE stream: ${error}\n`);
+                if (!res.headersSent) {
+                    res.status(500).json({
+                        jsonrpc: '2.0',
+                        error: { code: -32603, message: 'Failed to establish SSE stream' },
+                        id: null,
+                    });
+                }
+            }
+        });
+        app.listen(httpPort, httpHost, () => {
+            process.stderr.write(`AbuseIPDB MCP Server (HTTP mode) started on http://${httpHost}:${httpPort}\n`);
+        });
+        process.on('SIGINT', async () => {
+            for (const [, transport] of transports.entries()) {
+                await transport.close();
+            }
+            process.exit(0);
+        });
+    }
+    else {
+        process.stderr.write('Starting AbuseIPDB MCP Server in Stdio mode\n');
+        const server = await createAbuseIPDBMcpServer({
+            name: SERVER_NAME,
+            version: SERVER_VERSION,
+            config,
+            description: SERVER_DESCRIPTION,
+        });
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+        process.on('SIGINT', async () => {
+            await server.close();
+            process.exit(0);
+        });
+    }
+}
+main().catch((error) => {
+    process.stderr.write(`Fatal error: ${error instanceof Error ? error.message : String(error)}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";AACA,sCAAsC;AACtC,8CAA8C;AAE9C,OAAO,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAmB,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AASlE,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,OAA8B;IAC3E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEvD,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,qBAAqB,CAAC,eAAe,CAAC,CAAC;IAEtD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI;QACJ,OAAO;QACP,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;IAEzE,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC9C,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACjD,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACrD,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACjD,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAoB;QAC9B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QACrC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;QACvC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAC3C,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,EAAE,EAAE,CAAC;KAChE,CAAC;IAEF,MAAM,WAAW,GAAG,sBAAsB,CAAC;IAC3C,MAAM,cAAc,GAAG,OAAO,CAAC;IAC/B,MAAM,kBAAkB,GACtB,sFAAsF,CAAC;IAEzF,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,CAAC;IACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,WAAW,CAAC;IAE1D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iDAAiD,QAAQ,IAAI,QAAQ,IAAI,CAC1E,CAAC;QAEF,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAExB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAyC,CAAC;QAEpE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;YAEtE,IAAI,CAAC;gBACH,IAAI,SAAwC,CAAC;gBAE7C,IAAI,SAAS,KAAK,SAAS,IAAI,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACzD,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;gBACzC,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,IAAI,6BAA6B,CAAC;wBAC5C,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;wBACtC,oBAAoB,EAAE,KAAK,EAAE,YAAoB,EAAE,EAAE;4BACnD,UAAU,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;4BACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,YAAY,IAAI,CAAC,CAAC;wBACrE,CAAC;wBACD,eAAe,EAAE,KAAK,EAAE,eAAuB,EAAE,EAAE;4BACjD,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;4BACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,eAAe,IAAI,CAAC,CAAC;wBACnE,CAAC;qBACF,CAAC,CAAC;oBAEH,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC;wBAC5C,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,cAAc;wBACvB,MAAM;wBACN,WAAW,EAAE,kBAAkB;qBAChC,CAAC,CAAC;oBAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAClC,CAAC;gBAED,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,IAAI,CAAC,CAAC;gBAC/D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,uBAAuB,EAAE;wBACzD,EAAE,EAAE,IAAI;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;YAEtE,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,+BAA+B,EAAE;oBACjE,EAAE,EAAE,IAAI;iBACT,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;gBAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,KAAK,IAAI,CAAC,CAAC;gBAC9D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,gCAAgC,EAAE;wBAClE,EAAE,EAAE,IAAI;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE;YAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sDAAsD,QAAQ,IAAI,QAAQ,IAAI,CAC/E,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC9B,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;gBACjD,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;YAC1B,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAEtE,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC;YAC5C,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,cAAc;YACvB,MAAM;YACN,WAAW,EAAE,kBAAkB;SAChC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gBAAgB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAC3E,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/blacklist-tools.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { AxiosInstance } from 'axios';
+export declare function registerBlacklistTools(server: McpServer, client: AxiosInstance, maxTokenCall?: number): void;

package/dist/src/blacklist-tools.js

@@ -0,0 +1,41 @@
+import { z } from 'zod';
+import { handleGetBlacklist } from './handlers/blacklist.js';
+import { checkTokenLimit } from './utils/token-limiter.js';
+const GetBlacklistSchema = z.object({
+    confidence_minimum: z
+        .number()
+        .int()
+        .min(25)
+        .max(100)
+        .optional()
+        .describe('Minimum abuse confidence score to include in blacklist (25–100, default: 90)'),
+    limit: z
+        .number()
+        .int()
+        .min(1)
+        .max(500000)
+        .optional()
+        .describe('Maximum number of entries to return (default: all entries up to plan limit)'),
+    plain_text: z
+        .boolean()
+        .optional()
+        .describe('Return plain text IP list instead of JSON (default: false)'),
+    break_token_rule: z
+        .boolean()
+        .optional()
+        .default(false)
+        .describe('Set to true to bypass token limits in critical situations (default: false)'),
+});
+export function registerBlacklistTools(server, client, maxTokenCall = 20000) {
+    const registerTool = server.tool.bind(server);
+    registerTool('get_blacklist', 'Retrieve the AbuseIPDB blacklist of most-reported malicious IP addresses. Returns confidence distribution, top countries, and sample entries. Requires AbuseIPDB subscription plan.', GetBlacklistSchema.shape, async (args) => {
+        const parsed = GetBlacklistSchema.parse(args);
+        const text = await handleGetBlacklist(client, parsed);
+        const tokenCheck = checkTokenLimit(text, maxTokenCall, parsed.break_token_rule ?? false);
+        if (!tokenCheck.allowed) {
+            return { content: [{ type: 'text', text: tokenCheck.error }] };
+        }
+        return { content: [{ type: 'text', text }] };
+    });
+}
+//# sourceMappingURL=blacklist-tools.js.map

package/dist/src/blacklist-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blacklist-tools.js","sourceRoot":"","sources":["../../src/blacklist-tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAK3D,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,kBAAkB,EAAE,CAAC;SAClB,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,EAAE,CAAC;SACP,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,8EAA8E,CAAC;IAC3F,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,MAAM,CAAC;SACX,QAAQ,EAAE;SACV,QAAQ,CAAC,6EAA6E,CAAC;IAC1F,UAAU,EAAE,CAAC;SACV,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CAAC,4DAA4D,CAAC;IACzE,gBAAgB,EAAE,CAAC;SAChB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,4EAA4E,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,MAAiB,EAAE,MAAqB,EAAE,YAAY,GAAG,KAAK;IACnG,MAAM,YAAY,GAAI,MAAc,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAY,CAAC;IAElE,YAAY,CACV,eAAe,EACf,qLAAqL,EACrL,kBAAkB,CAAC,KAAK,EACxB,KAAK,EAAE,IAAa,EAAE,EAAE;QACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC;QACzF,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAM,EAAE,CAAC,EAAE,CAAC;QAClE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/block-tools.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { AxiosInstance } from 'axios';
+export declare function registerBlockTools(server: McpServer, client: AxiosInstance, maxTokenCall?: number): void;

package/dist/src/block-tools.js

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+import { handleCheckBlock } from './handlers/block.js';
+import { checkTokenLimit } from './utils/token-limiter.js';
+const CheckBlockSchema = z.object({
+    network: z.string().describe('CIDR network block to check, e.g. "198.51.100.0/24"'),
+    max_age_days: z
+        .number()
+        .int()
+        .min(1)
+        .max(365)
+        .optional()
+        .describe('Look-back window in days for abuse reports (1–365, default: 30)'),
+    confidence_threshold: z
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .optional()
+        .describe('Confidence % to classify addresses as high-confidence threats (default: 75)'),
+    break_token_rule: z
+        .boolean()
+        .optional()
+        .default(false)
+        .describe('Set to true to bypass token limits in critical situations (default: false)'),
+});
+export function registerBlockTools(server, client, maxTokenCall = 20000) {
+    const registerTool = server.tool.bind(server);
+    registerTool('check_block', 'Check all reported IP addresses within a CIDR network block against AbuseIPDB. Returns network summary, total reported addresses, and top threats sorted by confidence score. Requires AbuseIPDB subscription plan.', CheckBlockSchema.shape, async (args) => {
+        const parsed = CheckBlockSchema.parse(args);
+        const text = await handleCheckBlock(client, parsed);
+        const tokenCheck = checkTokenLimit(text, maxTokenCall, parsed.break_token_rule ?? false);
+        if (!tokenCheck.allowed) {
+            return { content: [{ type: 'text', text: tokenCheck.error }] };
+        }
+        return { content: [{ type: 'text', text }] };
+    });
+}
+//# sourceMappingURL=block-tools.js.map

package/dist/src/block-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"block-tools.js","sourceRoot":"","sources":["../../src/block-tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAK3D,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;IACnF,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,iEAAiE,CAAC;IAC9E,oBAAoB,EAAE,CAAC;SACpB,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,6EAA6E,CAAC;IAC1F,gBAAgB,EAAE,CAAC;SAChB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,4EAA4E,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,UAAU,kBAAkB,CAAC,MAAiB,EAAE,MAAqB,EAAE,YAAY,GAAG,KAAK;IAC/F,MAAM,YAAY,GAAI,MAAc,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAY,CAAC;IAElE,YAAY,CACV,aAAa,EACb,qNAAqN,EACrN,gBAAgB,CAAC,KAAK,EACtB,KAAK,EAAE,IAAa,EAAE,EAAE;QACtB,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC;QACzF,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAM,EAAE,CAAC,EAAE,CAAC;QAClE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/handlers/blacklist.d.ts

@@ -0,0 +1,7 @@
+import { AxiosInstance } from 'axios';
+export interface GetBlacklistArgs {
+    confidence_minimum?: number;
+    limit?: number;
+    plain_text?: boolean;
+}
+export declare function handleGetBlacklist(client: AxiosInstance, args: GetBlacklistArgs): Promise<string>;

package/dist/src/handlers/blacklist.js

@@ -0,0 +1,57 @@
+import { assessRiskLevel } from '../types/abuseipdb.js';
+export async function handleGetBlacklist(client, args) {
+    const { confidence_minimum = 90, limit, plain_text = false } = args;
+    const params = { confidenceMinimum: confidence_minimum };
+    if (limit !== undefined)
+        params['limit'] = limit;
+    if (plain_text)
+        params['plaintext'] = true;
+    const { data: resp } = await client.get('/blacklist', { params });
+    const entries = resp.data ?? [];
+    const generatedAt = resp.meta?.generatedAt ?? 'Unknown';
+    const countryStats = {};
+    const confidenceDist = { '90-100': 0, '75-89': 0, '50-74': 0, '0-49': 0 };
+    for (const e of entries) {
+        const cc = e.countryCode ?? 'Unknown';
+        countryStats[cc] = (countryStats[cc] ?? 0) + 1;
+        const s = e.abuseConfidenceScore;
+        if (s >= 90)
+            confidenceDist['90-100']++;
+        else if (s >= 75)
+            confidenceDist['75-89']++;
+        else if (s >= 50)
+            confidenceDist['50-74']++;
+        else
+            confidenceDist['0-49']++;
+    }
+    const topCountries = Object.entries(countryStats)
+        .sort(([, a], [, b]) => b - a)
+        .slice(0, 10);
+    const lines = [
+        `Blacklist Retrieved: ${entries.length.toLocaleString()} entries`,
+        `Generated:           ${generatedAt}`,
+        `Minimum Confidence:  ${confidence_minimum}%`,
+    ];
+    if (limit !== undefined)
+        lines.push(`Limit Applied:       ${limit.toLocaleString()}`);
+    lines.push('\nConfidence Distribution:', `  • 90-100%: ${confidenceDist['90-100'].toLocaleString()}`, `  • 75-89%:  ${confidenceDist['75-89'].toLocaleString()}`, `  • 50-74%:  ${confidenceDist['50-74'].toLocaleString()}`, `  • 0-49%:   ${confidenceDist['0-49'].toLocaleString()}`);
+    if (topCountries.length > 0) {
+        lines.push('\nTop Countries:');
+        topCountries.forEach(([cc, count]) => {
+            lines.push(`  • ${cc}: ${count.toLocaleString()}`);
+        });
+    }
+    if (entries.length > 0) {
+        lines.push('\nSample Entries (top 20 by confidence):');
+        const sorted = [...entries].sort((a, b) => b.abuseConfidenceScore - a.abuseConfidenceScore);
+        sorted.slice(0, 20).forEach((e) => {
+            const level = assessRiskLevel(e.abuseConfidenceScore);
+            const last = e.lastReportedAt ? e.lastReportedAt.slice(0, 10) : 'Unknown';
+            lines.push(`  • ${e.ipAddress} (${e.countryCode ?? '?'}) – ${e.abuseConfidenceScore}% [${level}] – last: ${last}`);
+        });
+        if (entries.length > 20)
+            lines.push(`  ... and ${entries.length - 20} more entries`);
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=blacklist.js.map