Read-only breach-intelligence MCP: reports THAT a domain was breached and which data types leaked, from public feeds (HaveIBeenPwned, ransomwatch). Never the leaked data.
Project description
data-breach-detector
A read-only breach-intelligence MCP server. It answers "has this domain been breached, what's the recent breach news, how severe is this threat text" from public threat-intelligence disclosure feeds — and reports intelligence, not contents: the existence, timing, scale, category and exposed data-types of a breach, never the leaked records themselves.
Built for defenders. Comparable in spirit to HaveIBeenPwned's own directory.
What it does not do
- No arbitrary URL fetch, no crawl, no proxy — no general scraping primitives.
- No
.onionmarketplace access, no transactions. - Never returns the raw text of a dump, paste or leak. A redaction layer strips emails, hashes, IPs, crypto addresses and credential-shaped tokens from every string returned.
Sources (public, no key)
- HaveIBeenPwned
/api/v3/breaches— the public breach directory: domain, breach date, pwn count, and the categories of data exposed. - ransomwatch (
joshhighet/ransomwatch) — public ransomware leak-site tracker.
Tools
| tool | what it returns |
|---|---|
breach_news(since_days, sector, limit) |
recent disclosures — entity, date, scale, exposed data types, severity |
check_exposure(query) |
does a domain/company appear in breach data — yes/no + metadata |
assess_threat(text) |
classify a piece of security text — level, categories, action (no network) |
feed_sources() |
which feeds are aggregated + cache freshness |
Run
pip install data-breach-detector
data-breach-detector # stdio (for MCP clients)
data-breach-detector --http # streamable-HTTP on 127.0.0.1:8790/mcp
Or point an MCP client at the config:
{ "mcpServers": { "data_breach_detector": {
"command": "data-breach-detector"
} } }
License
MIT. The breach data belongs to its sources (HaveIBeenPwned, ransomwatch); this tool only aggregates their public disclosure metadata, with attribution.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file data_breach_detector-0.1.0.tar.gz.
File metadata
- Download URL: data_breach_detector-0.1.0.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dba2ee43c8a5925b2360beb5e787aa124ed142022fb9549a9b439e582a136c79
|
|
| MD5 |
d739f72aeaf7392ec7fcc01ceb7d4519
|
|
| BLAKE2b-256 |
8cd792705586826426f8f7e05141b319e5ee3fbc136d1acaed929c0e2b8a9845
|
Provenance
The following attestation bundles were made for data_breach_detector-0.1.0.tar.gz:
Publisher:
publish-pypi.yml on beepboop2025/data-breach-detector
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
data_breach_detector-0.1.0.tar.gz -
Subject digest:
dba2ee43c8a5925b2360beb5e787aa124ed142022fb9549a9b439e582a136c79 - Sigstore transparency entry: 2157782213
- Sigstore integration time:
-
Permalink:
beepboop2025/data-breach-detector@eacc0c5db00a95596d529f6908877edc3ad40180 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/beepboop2025
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@eacc0c5db00a95596d529f6908877edc3ad40180 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file data_breach_detector-0.1.0-py3-none-any.whl.
File metadata
- Download URL: data_breach_detector-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e2c1eda08342ef01090ad7723658b4798db649beb1d2e4c002f1c6aa5ca02e62
|
|
| MD5 |
ae9ce326aa50d6779127cbabdf017d31
|
|
| BLAKE2b-256 |
41c103a1453aa3f11a7a032ad1d6ae11add7535c47ada9b34321305b2eba3b89
|
Provenance
The following attestation bundles were made for data_breach_detector-0.1.0-py3-none-any.whl:
Publisher:
publish-pypi.yml on beepboop2025/data-breach-detector
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
data_breach_detector-0.1.0-py3-none-any.whl -
Subject digest:
e2c1eda08342ef01090ad7723658b4798db649beb1d2e4c002f1c6aa5ca02e62 - Sigstore transparency entry: 2157782428
- Sigstore integration time:
-
Permalink:
beepboop2025/data-breach-detector@eacc0c5db00a95596d529f6908877edc3ad40180 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/beepboop2025
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@eacc0c5db00a95596d529f6908877edc3ad40180 -
Trigger Event:
workflow_dispatch
-
Statement type: