- Home
- MCP servers
- Cyber Sentinel
Cyber Sentinel
- python
6
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"jx888-max-cyber-sentinel-mcp": {
"command": "python",
"args": [
"-m",
"cyber_sentinel.server"
],
"env": {
"SHODAN_API_KEY": "YOUR_SHODAN_API_KEY",
"ABUSEIPDB_API_KEY": "YOUR_ABUSEIPDB_API_KEY",
"VIRUSTOTAL_API_KEY": "YOUR_VIRUSTOTAL_API_KEY"
}
}
}
}Cyber Sentinel MCP Server provides a unified interface to analyze threat indicators and security data from multiple sources. You deploy a local MCP server and connect it with your MCP client to run threat intelligence queries, code security analysis, dependency security checks, and infrastructure security assessments all in one place. The server coordinates multiple data sources, performs intelligent aggregation, and returns structured results with confidence scoring for faster, centralized security analysis.
How to use
You connect to Cyber Sentinel using an MCP client and configure it to run the local server as a standard MCP endpoint. Once configured, you can ask it to analyze indicators such as IPs, domains, file hashes, and URLs across all supported sources, request code and dependency security analyses, and generate comprehensive security reports. Use natural language prompts to trigger multi-source lookups, risk scoring, and visualizations.
How to install
Prerequisites: Python 3.8 or higher. A Python environment with access to install packages.
# Step 1: Clone the project repository
git clone https://github.com/jx888-max/cyber-sentinel-mcp.git
cd cyber-sentinel-mcp
# Step 2: Install dependencies
pip install -e .
Step 3: Set up API keys and environment variables. You can run the setup wizard or set keys directly in your environment. The following keys are used by the server: VIRUSTOTAL_API_KEY, ABUSEIPDB_API_KEY, SHODAN_API_KEY.
# Run setup wizard
python -m cyber_sentinel.setup_wizard
# Or export keys directly
export VIRUSTOTAL_API_KEY=your_virustotal_api_key_here
export ABUSEIPDB_API_KEY=your_abuseipdb_api_key_here
export SHODAN_API_KEY=your_shodan_key_here
Step 4: Verify the installation by running the server module directly from Python. This confirms the server starts correctly and is ready to accept MCP client connections.
python -c "from cyber_sentinel.server import app; print('✅ Installation successful!')"
Additional configuration notes
The server is designed to work with an MCP client such as Claude Desktop or Cursor. You provide your API keys via environment variables or a local configuration. The server concentrates data from VirusTotal, AbuseIPDB, URLhaus, Shodan, ThreatFox, and MalwareBazaar and returns aggregated results with confidence scores.
Available tools
analyze_indicator
Analyzes security indicators across multiple threat intelligence sources and returns overall reputation, confidence, per-source results, and supplemental data like country/ISP mappings for IPs.
check_api_status
Checks configuration and status of all threat intelligence sources, including API key validation, capabilities, rate limits, and system health.
analyze_code_security
Performs security analysis on source code to identify vulnerabilities, hardcoded secrets, network indicators, secure recommendations, and a risk score.
scan_project_dependencies
Scans project dependencies for known vulnerabilities, outdated packages, and security recommendations with a risk assessment.
analyze_docker_security
Analyzes Dockerfile configurations for security best practices and hardening recommendations.
scan_kubernetes_config
Examines Kubernetes manifests for security misconfigurations, privilege risks, and network policy issues.
generate_security_report
Generates comprehensive security reports with visualizations and an remediation roadmap.