darknet-mcp-server

Name: darknet-mcp-server
Author: badchars

Pending

66-tool MCP server for dark web intelligence — breach data, ransomware tracking, Tor .onion access, malware analysis, blockchain intel, exploit search, stealer logs

53stars

7forks

TypeScript

Installation

# Add to your Claude Code skills
git clone https://github.com/badchars/darknet-mcp-server

Getting Started

Guides for using ai agents skills like darknet-mcp-server.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

README.md

Frequently Asked Questions

What is darknet-mcp-server?

darknet-mcp-server is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by badchars. 66-tool MCP server for dark web intelligence — breach data, ransomware tracking, Tor .onion access, malware analysis, blockchain intel, exploit search, stealer logs. It has 53 GitHub stars.

Is darknet-mcp-server safe to use?

darknet-mcp-server's catalog security scan is still queued. You can run an instant dependency and prompt-injection check now with the "Scan for vulnerabilities" button above.

How do I install darknet-mcp-server?

Clone the repository with "git clone https://github.com/badchars/darknet-mcp-server" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is darknet-mcp-server written in?

darknet-mcp-server is primarily written in TypeScript. It is open-source under badchars on GitHub, so you can review or fork the full source.

Are there alternatives to darknet-mcp-server?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh darknet-mcp-server against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

superpowers

by obra

An agentic skills framework & software development methodology that works.

234,966

awesome-claude-fable-5 Mythos-Claude-Orchestrator

The Problem

Dark web intelligence is the missing layer in every security investigation. Breach databases, ransomware trackers, Tor hidden services, malware sandboxes, stealer logs, blockchain forensics, exploit databases — the data you need is scattered across dozens of platforms, each with its own API, its own auth, its own rate limits, its own output format. Today you check HIBP in one tab, ThreatFox in another, browse ransomware leak sites through Tor, pull up MalwareBazaar for a hash, check blockchain transactions on a block explorer, and then spend an hour manually piecing it all together.

Traditional dark web intel workflow:
  check breach exposure           ->  HIBP web interface (paid API)
  search leaked credentials       ->  IntelligenceX web interface
  track ransomware groups         ->  ransomware.live + ransomlook.io (2 separate UIs)
  access .onion hidden services   ->  Tor Browser manually
  analyze malware samples         ->  Hybrid Analysis + MalwareBazaar (2 more UIs)
  check IP abuse history          ->  AbuseIPDB + GreyNoise (2 more UIs)
  trace cryptocurrency            ->  blockchain.info + ChainAbuse
  search for exploits             ->  Vulners web interface
  check phishing URLs             ->  PhishTank web interface
  correlate everything            ->  copy-paste into a report
  ────────────────────────────────
  Total: 60+ minutes per investigation, most of it switching contexts

darknet-mcp-server gives your AI agent 66 tools across 16 data sources via the Model Context Protocol. The agent queries all sources in parallel, correlates data across the surface and dark web, identifies threats, and presents a unified intelligence picture — in a single conversation.

With darknet-mcp-server:
  You: "Investigate the breach exposure and threat landscape for target.com"

  Agent: -> HIBP: 3 known breaches (Adobe 2013, LinkedIn 2021, Collection #1)
         -> ThreatFox: 2 IOCs associated with domain (C2 callback, phishing)
         -> URLhaus: 1 malicious URL hosted on subdomain
         -> Ransomware: No victim listings found (good)
         -> Stealer logs: 47 compromised employee credentials found
         -> OTX: 5 threat pulses referencing the domain
         -> AbuseIPDB: Primary IP has 12 abuse reports (brute force)
         -> "target.com has been in 3 data breaches exposing 2.1M records.
            47 employee credentials found in stealer logs — immediate
            password reset recommended. 2 active ThreatFox IOCs suggest
            ongoing targeting. No ransomware listings, but the abuse
            reports on the primary IP warrant investigation."

How It's Different

Existing tools give you raw data one source at a time. darknet-mcp-server gives your AI agent the ability to reason across surface web and dark web intelligence simultaneously.

Quick Start

Option 1: npx (no install)

npx darknet-mcp-server

Free tools work immediately. No API keys required for ransomware tracking, breach listings, GreyNoise, blockchain, OTX, and more.

Option 2: Clone

git clone https://github.com/badchars/darknet-mcp-server.git
cd darknet-mcp-server
bun install

Environment variables (optional)

# Breach & credential intelligence
export HIBP_API_KEY=your-key           # Enables breach account search & paste search
export INTELX_API_KEY=your-key         # Enables 4 IntelligenceX tools

# Threat intelligence
export OTX_API_KEY=your-key            # Increases AlienVault OTX rate limits
export ABUSEIPDB_API_KEY=your-key      # Enables 4 AbuseIPDB tools
export ABUSECH_AUTH_KEY=your-key       # Higher rate limits for abuse.ch suite
export PULSEDIVE_API_KEY=your-key      # Higher rate limits for Pulsedive

# Stealer logs & credentials
export HUDSONROCK_API_KEY=your-key     # Enables 3 Hudson Rock stealer log tools

# Exploit & malware analysis
export VULNERS_API_KEY=your-key        # Enables Vulners search & exploit tools
export HYBRID_API_KEY=your-key         # Enables 3 Hybrid Analysis malware tools

# Phishing
export PHISHTANK_API_KEY=your-key      # Higher rate limits for PhishTank

# Tor SOCKS5 proxy (for .onion access)
export TOR_SOCKS_HOST=127.0.0.1       # Default: 127.0.0.1
export TOR_SOCKS_PORT=9050            # Default: 9050

All API keys are optional. Without them, you still get ransomware tracking, breach listings, GreyNoise, blockchain intelligence, OTX, Tor exit node checks, onion search, CIRCL onion lookup, and more.

Connect to your AI agent

# With npx
claude mcp add darknet-mcp-server -- npx darknet-mcp-server

# With local clone
claude mcp add darknet-mcp-server -- bun run /path/to/darknet-mcp-server/src/index.ts

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "darknet": {
      "command": "npx",
      "args": ["-y", "darknet-mcp-server"],
      "env": {
        "HIBP_API_KEY": "optional",
        "INTELX_API_KEY": "optional",
        "ABUSEIPDB_API_KEY": "optional",
        "HUDSONROCK_API_KEY": "optional",
        "HYBRID_API_KEY": "optional",
        "VULNERS_API_KEY": "optional"
      }
    }
  }
}

Same JSON config format. Point the command to npx darknet-mcp-server