IR Toolshed FAQs

Question 1

What are the prerequisites for running IR Toolshed?

Accepted Answer

IR Toolshed requires Python 3.8 or newer (3.13+ recommended) and the `uv` Python package manager. You'll also need a MaxMind license key for the geolocation tool.

Question 2

What is the Model Context Protocol (MCP)?

Accepted Answer

MCP allows AI agents like Claude to interact with and utilize external tools and services. IR Toolshed uses MCP to enable AI-driven security investigations.

Question 3

What is IR Toolshed?

Accepted Answer

IR Toolshed is an MCP server providing network incident response and analysis tools for security professionals, enabling tasks like ASN, DNS, WHOIS lookups, and IP geolocation.

Question 4

What kind of network lookups can IR Toolshed perform?

Accepted Answer

IR Toolshed currently supports ASN, DNS, and WHOIS lookups, as well as IP geolocation using MaxMind's GeoLite2 database. More network analysis capabilities are planned for future releases.

Question 5

How do I use the tools in IR Toolshed?

Accepted Answer

After setting up and running the server, connect using an MCP client like Claude Desktop. Then, use the tool commands (e.g., `asnlookup("8.8.8.8")`) to perform the desired lookups.

IR Toolshed

About

Key Features

Use Cases