How do I install Greynoise?

Greynoise is a local plugin. Install it using npm package: mcp-greynoise and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Greynoise need?

Greynoise requires the following credentials or environment variables: GREYNOISE_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Greynoise?

Greynoise uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Greynoise MCP Server

by Nickjlucker

Developer ToolsLow Risk8.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server for GreyNoise API - Check if IPs are internet background noise or targeted attacks

About

MCP server for GreyNoise API - Check if IPs are internet background noise or targeted attacks

Security Report

8.0

Low Risk8.0Low Risk

Valid MCP server (2 strong, 3 medium validity signals). 2 known CVEs in dependencies (0 critical, 2 high severity) Package registry verified. Imported from the Official MCP Registry.

3 files analyzed · 3 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

GreyNoise API key (free Community tier: 50 req/day)Required

Environment variable: GREYNOISE_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-nickjlucker-greynoise": {
      "env": {
        "GREYNOISE_API_KEY": "your-greynoise-api-key-here"
      },
      "args": [
        "-y",
        "mcp-greynoise"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

mcp-greynoise

MCP server for the GreyNoise API — check if IP addresses are internet background noise or potentially targeted attacks.

Quick Start

npx mcp-greynoise

That's it. Works out of the box with 10 lookups/day (no API key needed).

What is GreyNoise?

GreyNoise collects and analyzes internet-wide scan traffic. It tells you:

Noise: Is this IP mass-scanning the internet? (botnets, researchers, crawlers)
RIOT: Is this IP a known benign service? (Google, Cloudflare, Microsoft, etc.)
Classification: Malicious, benign, or unknown

Why this matters for security

When you see suspicious traffic in your logs:

GreyNoise Result	Interpretation
NOISE + Malicious	Background attack traffic (scanners, botnets) — likely untargeted
NOISE + Benign	Security researchers, search crawlers — usually safe
RIOT	Known good service (CDN, DNS, cloud) — almost certainly benign
NOT NOISE	⚠️ This IP is NOT mass-scanning — traffic may be targeted at you

The "NOT NOISE" case is often the most important — it suggests someone is specifically interested in your systems.

Demo

Example output from check_ip:

IP: 51.91.185.74
Classification: MALICIOUS
Noise: YES - This IP has been observed scanning the internet
RIOT: NO - Not a known benign service IP
Last Seen: 2024-01-15
Details: https://viz.greynoise.io/ip/51.91.185.74

--- Interpretation ---
🚨 This IP is actively scanning the internet and classified as MALICIOUS. 
   Likely a scanner, botnet, or threat actor.

Installation

npm (recommended)

npm install -g mcp-greynoise

npx (no install)

npx mcp-greynoise

From source

git clone https://github.com/nickjlucker/mcp-greynoise.git
cd mcp-greynoise
npm install
npm run build
node build/index.js

Configuration

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "greynoise": {
      "command": "npx",
      "args": ["mcp-greynoise"],
      "env": {
        "GREYNOISE_API_KEY": "your-api-key-here"
      }
    }
  }
}

Environment Variables

Variable	Required	Description
`GREYNOISE_API_KEY`	No	API key for higher rate limits (50/day vs 10/day)

Get a free API key at viz.greynoise.io/signup.

⚠️ Never commit API keys. See .env.example for the recommended setup.

Tools

`check_ip`

Check a single IP address against GreyNoise.

Input:

ip (string): IPv4 address to check

`check_ips`

Check multiple IP addresses in one call (max 10).

Input:

ips (string[]): Array of IPv4 addresses

Example output:

=== Results ===
8.8.8.8: RIOT (benign service) [Google]
51.91.185.74: NOISE - MALICIOUS
192.168.1.1: NOT NOISE (potentially targeted)

--- Legend ---
RIOT: Known benign service (CDN, DNS, etc.)
NOISE: IP is mass-scanning the internet
NOT NOISE: IP is NOT mass-scanning (traffic may be targeted)

Resources

`greynoise://status`

Returns API status and rate limit information.

Rate Limits

Tier	Daily Lookups
Unauthenticated	10
Free account	50
Paid plans	Higher

Rate limits are shared between API calls and the GreyNoise Visualizer.

Security

This server:

Only reads from the GreyNoise API (no scanning, no exploitation)
Does not store any data beyond the current request
Does not transmit your API key anywhere except to GreyNoise
Performs reputation/telemetry enrichment only

Your API key is passed via environment variable and never logged.

Use Cases

SOC Triage: Quickly determine if alert IPs are background noise or targeted
Incident Response: Identify if attacker IPs are mass-scanners or focused threats
Threat Hunting: Find IPs in your logs that aren't mass-scanners (potentially targeted)
Log Analysis: Reduce false positives by filtering out known scanners

Development

# Install dependencies
npm install

# Run in development mode
npm run dev

# Build for production
npm run build

# Run built version
npm start

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Greynoise MCP Server

About

Security Report

Findings (3)Action required

Permissions Required

What You'll Need

How to Install

Documentation

mcp-greynoise

Quick Start

What is GreyNoise?

Why this matters for security

Demo

Installation

npm (recommended)

npx (no install)

From source

Configuration

Claude Desktop

Environment Variables

Tools

`check_ip`

`check_ips`

Resources

`greynoise://status`

Rate Limits

Security

Use Cases

Development

License

Links

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent