phishunt for AI agents

Connect Claude Desktop, Cursor, Zed, or any Model Context Protocol (MCP) client to phishunt's public phishing-domains feed. Free, CC0, no auth, no rate limits beyond Cloudflare's.

Model Context Protocol Agent Skills (RFC v0.2.0) API Catalog (RFC 9727) CC0 licensed

Option 1MCP server

Remote MCP server at https://mcp.phishunt.io/ over HTTP JSON-RPC 2.0 (protocolVersion 2025-03-26). Works with any SDK-based client.

Config for Claude Desktop / Cursor / Zed

// Add to your MCP client config
{
  "mcpServers": {
    "phishunt": {
      "url": "https://mcp.phishunt.io/"
    }
  }
}

Available tools

check_domain

Is a given domain or URL substring flagged in the active phishunt feed? Returns matching entries with full metadata.

list_brand_phishings

List active phishing sites targeting a specific brand (e.g. microsoft, binance).

get_recent_detections

Delta sync: detections since a given ISO date. Useful for periodic blocklist refresh.

Try it

curl -sX POST https://mcp.phishunt.io/ \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","method":"tools/list","id":1}'

Source on GitHub Service card

Option 2Agent Skills

For agents that consume Agent Skills (RFC v0.2.0) instructions instead of MCP tools. Each skill is a markdown file explaining how to call a specific phishunt endpoint.

Skill	Purpose
`fetch-feed`	Download the full feed in TXT, JSON, or CSV.
`lookup-brand`	Query the API for sites targeting a brand.
`check-recent`	Pull detections since a date (pagination pattern included).

Skills index (JSON)

Option 3Direct REST API

If your agent doesn't do MCP or Agent Skills, call the REST API directly. Public, CORS-enabled, CC0 data.

Endpoint	Purpose
`GET /api/`	Full API documentation.
`GET /openapi.yaml`	OpenAPI 3.1 spec.
`GET /api/v1/domains`	Query endpoint (filter by brand, date, format).
`GET /feed.txt` / `.json` / `.csv`	Bulk feed download.

ReferenceDiscovery endpoints

Agents crawling phishunt.io can programmatically discover these integrations.

Path	Format	Spec
`/.well-known/api-catalog`	linkset+json	RFC 9727
`/.well-known/agent-skills/index.json`	JSON	Agent Skills RFC v0.2.0
`/.well-known/mcp/server-card.json`	JSON	MCP SEP-1649 draft
`Link` HTTP headers	HTTP header	RFC 8288

Every response from phishunt.io advertises Link: <...>; rel="mcp-server", rel="api-catalog", rel="service-desc", rel="service-doc", and rel="agent-skills" so a crawler only needs a single HEAD / to discover everything.

LicenseData & code

Data (feed contents, API responses, MCP tool outputs): CC0 1.0 Public Domain. No attribution required, no warranty. Attribution still appreciated.

Source code for the MCP server: 0xDanielLopez/phishunt-mcp (MIT).