Give your AI agents live honeypot threat intelligence
The BlackDome MCP server lets Claude, Cursor, Claude Code, and other MCP-compatible clients query attacker IPs, IOCs, credential previews, payloads, detonation reports, threat actors, and notable attacker sessions directly from BlackDome.
Install
Install the stdio MCP package locally. Free public tools work with no API key.
pip install blackdome-mcpConnect BlackDome to your AI client
The MCP server runs locally and proxies read-only requests to the BlackDome API over HTTPS.
Claude Desktop
Add this server block to your Claude Desktop MCP configuration.
{
"mcpServers": {
"blackdome": {
"command": "blackdome-mcp",
"env": {
"BLACKDOME_API_KEY": "bd_your_key_here"
}
}
}
}Claude Code
Register the server from your shell. Export the key only when you need paid tools.
claude mcp add blackdome -- blackdome-mcp
# Optional, only needed for paid tools:
export BLACKDOME_API_KEY="bd_your_key_here"Cursor
Add the command to Cursor MCP settings. The environment block is optional.
{
"blackdome": {
"command": "blackdome-mcp",
"env": {
"BLACKDOME_API_KEY": "bd_your_key_here"
}
}
}Free community tools and paid intelligence tools
BlackDome exposes a safe public tier for exploration, then unlocks higher-value intelligence when your API key includes the required plan features.
Free, no API key required
lookup_attacker_iptop_attackersattack_mapattack_heatmapcredential_previewverify_sigilrecent_iocsioc_trendsexport_iocs as JSON or CSVPaid feature-gated tools
search_credentials and credential_stats require Credential Intelligence or Enterprise
list_payloads, get_actor, warboard, list_detonations, get_detonation_report, and get_artifact require Pro or higher
list_notable_sessions and get_session_transcript require Enterprise session intelligence
export_iocs as STIX requires Pro or higher
whoami requires any valid API key and reports tenant plan, features, scopes, and quota
Optional runtime variables
You can start with no environment variables. Add a BlackDome API key when you need Pro or Enterprise tools.
| Variable | Required | Use |
|---|---|---|
| BLACKDOME_API_KEY | No | Optional Bearer API key. Free public tools work without it; paid tools require a key. |
| BLACKDOME_BASE_URL | No | Defaults to https://api.blackdome.ai. Override only for local or private deployments. |
| BLACKDOME_TIMEOUT | No | HTTP request timeout in seconds. Defaults to 15. |
Questions your AI client can answer
Ask about attacker behavior, live IOCs, detonation evidence, and paid-session transcripts from the same assistant you already use for security work.
Need a key for paid intelligence?
Start with the free public tools, then upgrade when your workflow needs credential intelligence, detonation reports, actor clustering, STIX export, or hands-on-keyboard session transcripts.