IR Toolshed
Provides network incident response and analysis tools for security professionals via the Model Context Protocol.
About
The IR Toolshed provides a suite of networking and security tools accessible via the Model Context Protocol (MCP), designed for network incident responders. It enables basic lookups using ASN, DNS, WHOIS, and IP geolocation, accompanied by detailed documentation to facilitate AI system usage. Future tools are planned for inclusion such as domain reputation scoring and threat intelligence integration.
Key Features
- Conducts DNS lookups and analysis, supporting multiple record types.
- Provides IP geolocation using MaxMind's GeoLite2 database.
- Performs ASN lookups to retrieve information about IP addresses.
- Retrieves domain registration information using WHOIS.
- Supports integration with MCP clients like Claude Desktop.
- 1 GitHub stars
Use Cases
- Network incident response
- Security investigations
- Network analysis