WhisperGraph MCP
officielOpen-source, self-hostable MCP server for WhisperGraph — a graph of 7.39B nodes / 39B edges mapping DNS, BGP, GeoIP, WHOIS, and threat intelligence. Six read-only tools (Cypher query + schema introspection + threat assessment), six resources, eight investigation prompts. stdio and Streamable HTTP transports.
WhisperGraph MCP Server
The internet's largest infrastructure graph — DNS, BGP, GeoIP, WHOIS, and threat intelligence — over the Model Context Protocol.
WhisperGraph is a graph database of internet infrastructure: 7.39B nodes, 39B edges, and 5.6M threat-intelligence edges mapping DNS resolution, domain hierarchy, BGP routing, IP allocation, GeoIP, web hyperlinks, email infrastructure, DNSSEC, WHOIS, and threat feeds.
This is the open-source MCP server for it. It exposes WhisperGraph to any MCP client (Claude Desktop, Claude Code, Cursor, …) as one Cypher query tool plus read-only schema-introspection and threat-assessment tools. It validates every query against a safety rule set, then relays it to the hosted WhisperGraph API using your API key.
Learn more: WhisperGraph intro · Cypher API reference · Query guide · Cypher syntax · Functions · Best practices · MCP setup
Quick start
You need a WhisperGraph API key — get a free one.
Claude Desktop / Claude Code / Cursor (stdio)
Add this to your MCP client config:
{
"mcpServers": {
"whisper-graph": {
"command": "npx",
"args": ["-y", "@whisper-security/whisper-graph-mcp"],
"env": { "WHISPER_API_KEY": "your-api-key" }
}
}
}
Or with Claude Code:
claude mcp add whisper-graph -e WHISPER_API_KEY=your-api-key -- npx -y @whisper-security/whisper-graph-mcp
Hosted remote server (no install)
Whisper also runs a hosted MCP server at https://mcp.whisper.security — point any MCP client that supports remote servers at it and authenticate with your API key. Self-hosting this repo is for teams who want to run the MCP layer in their own environment. See How to set up.
Tools
All six tools are read-only.
| Tool | What it does |
|---|---|
query | Execute a Cypher query against WhisperGraph. Validated against a safety rule set before it reaches the backend. |
list_labels | List every node label with counts. Call it before writing a query when you're unsure which label to anchor on. |
describe_label | Confirm a label exists and enumerate its property keys. |
explain_indicator | Threat assessment for an IP, hostname, CIDR, or ASN — score, level, factors, sources. |
whisper_history | Historical WHOIS or BGP data for an indicator. |
domain_variants | Typosquatting / brand-protection variants of a domain, checked against the graph. |
Resources
Six MCP resources: the full schema, the relationship map, a Cypher function reference, a query cookbook, plus live whisper://stats and whisper://quota.
Prompts
Eight investigation-workflow prompt templates: investigate-ip, map-attack-surface, compare-domains, blast-radius, threat-triage, whois-pivot, bgp-investigation, typosquat-sweep.
Self-hosting (Docker / HTTP)
For remote or team deployments, run the server over Streamable HTTP:
docker run -p 8080:8080 -e MCP_TRANSPORT=http \
ghcr.io/whisper-sec/whisper-graph-mcp:latest
Or with Docker Compose:
docker compose up
In HTTP mode the server does not authenticate inbound requests — it relays the
caller's X-API-Key or Authorization: Bearer header to the hosted WhisperGraph
API, falling back to the WHISPER_API_KEY environment variable when no header is
present. Put it behind your own gateway if you need access control.
Configuration
All configuration is via environment variables.
| Variable | Default | Description |
|---|---|---|
WHISPER_API_KEY | (none) | Your WhisperGraph API key. Get a free one. |
MCP_TRANSPORT | stdio | stdio for local CLI use, http for remote/Docker. |
HTTP_HOST | 0.0.0.0 | Bind host for the HTTP transport. |
HTTP_PORT | 8080 | Bind port for the HTTP transport. |
WHISPER_ALLOWED_HOSTS | (none) | Comma-separated Host header allowlist for DNS-rebinding protection in HTTP mode. Leave empty only behind a trusted gateway. |
WHISPER_DB_URL | https://graph.whisper.security | Base URL of the hosted WhisperGraph API. |
WHISPER_QUERY_TIMEOUT_MS | 60000 | Hard per-query deadline forwarded to the API. |
WHISPER_DB_TIMEOUT_MS | 10000 | HTTP timeout for non-query calls. |
LOG_LEVEL | info | debug, info, warn, or error. |
Development
npm install
npm run dev # run from source over stdio
npm test # unit + integration tests (no secrets needed)
npm run build # bundle to dist/
npm run lint # eslint
npm run typecheck # tsc --noEmit
The test suite runs entirely offline against a fake backend — no API key required.
Contributing
Contributions are welcome. See CONTRIBUTING.md and our Code of Conduct. Security issues: see SECURITY.md.
License
Apache-2.0. "Whisper", the Whisper logo, and "WhisperGraph" are trademarks of Whisper Security — see NOTICE.
Serveurs connexes
FinancialData.Net MCP Server
Turn Claude or Cursor into your personal AI Financial Analyst.
Discode (Code Mode MCP)
Code Mode enabled MCP server - save 90% of token usage for any MCP-compatible agent
MedTerms
Medical terminology intelligence for AI agents — ICD-10-CM lookup, MedDRA hierarchy and SOC mapping, RxNorm drug concepts, CTCAE v5.0 grading, and cross-terminology mapping.
Inferventis MCP
20 financial tools for AI agents: real-time FX conversion, stock quotes, crypto prices, open banking, Stripe payments, calculators, news headlines and web reading. Free and standard tiers.
D&D MCP Server
A server for managing Dungeons & Dragons campaigns, storing all data in local JSON files.
Compliance Intelligence
Access 692+ compliance frameworks, 13,700+ controls, and 280,000+ cross-framework mappings via MCP. Query ISO 27001, NIST CSF, GDPR, SOC 2, HIPAA, PCI DSS and more.
Omics AI MCP Server
Interact with Omics AI Explorer networks for genomics research and data analysis.
AI Bias Detection MCP
Detects bias in AI model outputs across protected characteristics — statistical parity checks, disparate impact analysis, intersectional fairness audits, and EU AI Act Article 10 compliance reporting.
responsible-gambling-mcp
MCP server for responsible gambling budget calculator and habit assessment
Utilify
AI agents compare and sign up for Texas utility plans — electricity, internet, gas, water, trash — ▎ at any ZIP code via MCP. Works with Claude, ChatGPT, Cursor, Ollama, LM Studio, LangChain. OpenAPI ▎ spec included. No auth.