For AI assistants
Ask your AI about an IP.
HoneyLabs ships a first-class Model Context Protocol server. Wire it into Claude, Cursor, or any MCP-compatible assistant once and your AI can answer questions about live honeypot telemetry directly. No glue code, no JSON juggling.
Add it to your AI tool
One click for Cursor and VS Code, or copy the config for everything else. Works with Claude Code, Claude Desktop, Cursor, VS Code, Cline, and any client that speaks MCP.
claude mcp add honeylabs \ --transport http \ https://mcp.honeylabs.net/mcp \ --header "Authorization: Bearer <hlk_…>"
Key from your dashboard, or drop the --header line and sign in via OAuth on first connect.
One click for Cursor and VS Code. Sign in on first use (OAuth), nothing to paste.
Settings, Connectors, Add custom connector. Paste https://mcp.honeylabs.net/mcp and authenticate.
{
"mcpServers": {
"honeylabs": {
"url": "https://mcp.honeylabs.net/mcp"
}
}
}Remote streamable HTTP at https://mcp.honeylabs.net/mcp. Bearer key or OAuth 2.1 with PKCE.
Try these prompts
Six real questions a defender would ask their AI on a Monday morning. Click any to copy.
Tools the server exposes
You don't call these directly; your AI does, based on whatever you ask. Listed here so you know what's in reach.
| Tool | What it does |
|---|---|
| ioc_lookup | Start here. Look up an IP or domain and get its full honeypot profile. |
| top_attackers | Leaderboard of source IPs by event volume, with country and ASN. |
| search_events | Raw events with every field. Use when you want fingerprints in the response. |
| payload_search | Substring search across URL paths and user-agents. |
| attack_timeline | Hourly or daily attack volume over a window. |
| asn_enrich | Full profile for an ASN: top sources, ports, paths, fingerprints. |
| fingerprint_search | Find activity by TLS, HTTP, or SSH fingerprint. |
| scanner_lookup | Resolve an IP or rDNS to a known scanner / hosting provider / ISP / Tor exit. |
Next
- Get an API key →Free tier is 100 lookups/day. No card required.
- Full MCP reference in /docs →JSON-RPC examples for plain HTTP callers.
- Need more headroom? Request Pro →10k/day plus the port_spikes tool.