For AI assistants

Ask your AI about an IP.

HoneyLabs ships a first-class Model Context Protocol server. Wire it into Claude, Cursor, or any MCP-compatible assistant once and your AI can answer questions about live honeypot telemetry directly. No glue code, no JSON juggling.

Add it to your AI tool

One click for Cursor and VS Code, or copy the config for everything else. Works with Claude Code, Claude Desktop, Cursor, VS Code, Cline, and any client that speaks MCP.

Claude Code
claude mcp add honeylabs \
  --transport http \
  https://mcp.honeylabs.net/mcp \
  --header "Authorization: Bearer <hlk_…>"

Key from your dashboard, or drop the --header line and sign in via OAuth on first connect.

One click for Cursor and VS Code. Sign in on first use (OAuth), nothing to paste.

Claude Desktop / claude.ai

Settings, Connectors, Add custom connector. Paste https://mcp.honeylabs.net/mcp and authenticate.

Any other MCP client
{
  "mcpServers": {
    "honeylabs": {
      "url": "https://mcp.honeylabs.net/mcp"
    }
  }
}

Remote streamable HTTP at https://mcp.honeylabs.net/mcp. Bearer key or OAuth 2.1 with PKCE.

Try these prompts

Six real questions a defender would ask their AI on a Monday morning. Click any to copy.

Tools the server exposes

You don't call these directly; your AI does, based on whatever you ask. Listed here so you know what's in reach.

ToolWhat it does
ioc_lookupStart here. Look up an IP or domain and get its full honeypot profile.
top_attackersLeaderboard of source IPs by event volume, with country and ASN.
search_eventsRaw events with every field. Use when you want fingerprints in the response.
payload_searchSubstring search across URL paths and user-agents.
attack_timelineHourly or daily attack volume over a window.
asn_enrichFull profile for an ASN: top sources, ports, paths, fingerprints.
fingerprint_searchFind activity by TLS, HTTP, or SSH fingerprint.
scanner_lookupResolve an IP or rDNS to a known scanner / hosting provider / ISP / Tor exit.

Next