MCP Spotlight: WhisperGraph — 7.39B-Node DNS/BGP/Threat-Intel Graph MCP With 6 Tools & Open Cypher Query
Server: whisper-graph-mcp by Whisper Security
Graph size: 7.39B nodes · 39B edges · License: Self-hostable, free open data tier
Tools: 6 (read-only) · Resources: 6 · Prompts: 8
Coverage: DNS · BGP · WHOIS · GeoIP · DNSSEC · SPF · certificates · 40 threat feeds
MCP Tracker: glama.ai/mcp/servers/whisper-sec/whisper-graph-mcp
Docs / GitHub: github.com/whisper-sec/whisper-graph-mcp
The hardest part of any threat investigation isn't finding one IP. It's stitching together DNS, BGP, WHOIS, GeoIP, certificates, ASNs, routing paths, and 40 threat feeds into a coherent picture of who owns what, what talks to what, and what looks suspicious. Most security teams glue this together with a dozen API calls and Python joins. The result: hours of investigation per incident, missed cross-feed correlations, and an agent that can read one feed at a time but not reason across them.
WhisperGraph MCP gives your agent a single knowledge graph of the entire internet's infrastructure — 7.39 billion nodes, 39 billion edges, one schema, one query language (Open Cypher), six read-only MCP tools, six resources, eight pre-built prompts. The agent reasons across DNS, BGP, WHOIS, certificates, threat reputation, and routing paths in a single Cypher query.
The Six Tools
| Tool | What It Does |
|---|---|
run_query | Execute a Cypher query against the graph (read-only) |
get_schema | Return the current graph schema — node types, edge types, properties |
assess_threat | Risk assessment for an IP, domain, or ASN — pulls reputation across all 40 feeds |
whois_lookup | WHOIS record for a domain or IP with structured fields |
dns_lookup | DNS resolution with DNSSEC chain, record types, TTLs, nameserver topology |
trace_route | BGP routing path between any two IPs/ASNs |
The killer combination: assess_threat doesn't just return a score. It runs a Cypher query that pulls the IP's neighbors in the graph — what other IPs does it talk to, what domains point to it, what ASNs route through it, what's the reputation across the 40 feeds — and returns a unified picture.
The Six Resources
| Resource | What It Is |
|---|---|
schema://graph | Live graph schema for the agent to introspect |
feeds://threat-intel | List of all 40 threat feeds with refresh cadence and coverage |
stats://graph | Current node/edge counts, growth rate, freshness |
examples://cypher | Pre-built Cypher query templates for common investigations |
coverage://geographic | Geographic coverage map — which countries and regions are well-mapped |
changelog://graph | Recent schema changes, new feed additions, breaking changes |
Resources are the MCP pattern that lets the agent learn the schema before querying. Without schema://graph, the agent would have to guess the node types and edge labels. With it, the agent introspects the live schema and constructs accurate queries.
The Eight Prompts
Pre-built investigation workflows the agent can invoke directly:
| Prompt | What It Does |
|---|---|
investigate-ip | Full IP investigation — neighbors, threats, ownership, geolocation |
investigate-domain | Domain forensics — DNS, WHOIS, certificates, subdomains, threat reputation |
trace-c2-channel | Hunt for command-and-control infrastructure patterns |
find-related-domains | Pivot from a known indicator to find unregistered / parked / related domains |
map-infrastructure | Visualize an org's full internet footprint |
detect-shadow-it | Find unsanctioned cloud assets belonging to your organization |
validate-blocklist | Verify a list of indicators against current threat feeds |
discover-lookalike-domains | Find typosquat / homoglyph domains targeting your brand |
The prompts are the "templates" layer — well-trodden investigation paths the agent can call without writing a Cypher query from scratch. The agent can still write custom queries, but the prompts cover 80% of routine work.
The Coverage: What's in 7.39B Nodes
| Data Layer | What It Maps |
|---|---|
| DNS | All registered domains, subdomains, nameservers, glue records, zone cuts |
| BGP | ASN relationships, routing paths, prefix announcements, peerings |
| WHOIS | Registrant data, registrar, creation/expiry dates, contact records |
| GeoIP | Country, region, city, ISP, organization, datacenter mapping |
| DNSSEC | Chain of trust, DS records, DNSKEY, signing status |
| SPF | Sender Policy Framework records, authorized senders |
| Certificates | CT logs, certificate transparency, SANs, issuers, validity |
| Threat feeds | 40 sources — abuse.ch, PhishTank, URLhaus, Spamhaus DBL, AlienVault OTX, GreyNoise, etc. |
The 40-feed threat reputation layer is what makes assess_threat actionable. A single IP that appears on 3 of 40 feeds is suspect. An IP that appears on 18 of 40 feeds with high confidence, hosted on a known bulletproof ASN, with rapidly rotating DNS records, is a C2 candidate.
Why Open Cypher Matters
The query language is Open Cypher — the same Neo4j-compatible graph query language that ArcadeDB, Memgraph, and most modern graph databases speak. The agent writes standard Cypher:
MATCH (ip:IPv4 {address: '203.0.113.42'})-[:RESOLVES_TO]->(d:Domain)
-[:HAS_CERT]->(cert:Certificate)
-[:ISSUED_BY]->(ca:CertificateAuthority)
WHERE cert.not_after < date() + duration({days: 30})
RETURN ip.address, d.name, cert.not_after, ca.name
ORDER BY cert.not_after ASC
LIMIT 50
This is the same Cypher syntax that any graph-skilled LLM already knows. The agent doesn't need to learn a WhisperGraph-specific query language. It writes the query it would write for any property graph.
Self-Hostable, Free Tier Available
The MCP server is self-hostable — your team runs the binary against your own copy of the graph. There's also a free tier that exposes the public-data portion of the graph (DNS, BGP, WHOIS, GeoIP, certificates) without the commercial threat feeds.
For threat intel teams with strict data-residency requirements (DACH/EU regulated, defense, finance), the self-hostable design means:
- The graph runs on your hardware, in your VPC
- The MCP server connects to your local graph
- Your agent queries never leave your perimeter
- Threat intel from commercial feeds is added via your existing feed contracts
The architecture is the same as running Neo4j + a thin MCP bridge, except the graph comes pre-loaded with 7.39B nodes you don't have to ingest yourself.
Facio Integration
{
"mcpServers": {
"whispergraph": {
"url": "https://your-whispergraph-instance.example/mcp",
"headers": {
"Authorization": "Bearer ${credentials.WHISPERGRAPH_TOKEN}"
}
}
}
}
Facio's audit trail captures every threat investigation the agent runs: which IPs and domains were queried, what Cypher statements were executed, what threat assessments were returned, and what actions followed. For security operations, this creates a complete investigative record — perfect for incident retrospectives, regulatory evidence (DORA, NIS2, BAIT), and team handoff.
For HITL workflows, the entire MCP surface is read-only by design — run_query rejects any non-MATCH statement, assess_threat doesn't take actions, trace_route doesn't send probes. The agent investigates; the human takes the response action (block IP, sinkhole domain, open ticket). The MCP is the read-side; the human is the response-side; Facio captures both.
Quickstart
# 1. Deploy WhisperGraph (self-hosted)
docker run -d \
-p 7687:7687 -p 7474:7474 \
-v whispergraph-data:/data \
whisper-sec/whispergraph:latest
# 2. Install the MCP server
npm install -g @whisper-sec/whisper-graph-mcp
# 3. Add to your MCP client
{
"mcpServers": {
"whispergraph": {
"command": "whisper-graph-mcp",
"env": {
"WHISPERGRAPH_URL": "bolt://localhost:7687",
"WHISPERGRAPH_USER": "${credentials.WHISPERGRAPH_USER}",
"WHISPERGRAPH_PASSWORD": "${credentials.WHISPERGRAPH_PASSWORD}"
}
}
}
}
# 4. First prompts
# "Investigate 203.0.113.42 — what does it talk to, who's responsible, what's the threat posture?"
# "Trace the BGP path from our office IP to a known-malicious ASN"
# "Find all lookalike domains targeting our brand — homoglyphs and typosquats"
# "Detect shadow IT — find all AWS, GCP, Azure assets belonging to our organization"
# "What domains point to IPs that also host known C2 infrastructure?"
Use Cases
Incident response: "We're seeing beaconing from a finance subnet to 198.51.100.66 every 30 minutes. Investigate." Agent runs assess_threat + whois_lookup + a Cypher query for neighbors + DNS history. Returns a structured threat brief with indicators, owner, and reputation.
Threat hunting: "Find all domains registered in the last 30 days that have an SPF record pointing to a sender our org doesn't recognize." Cypher query with time-window and pattern match.
Brand protection: "Find all lookalike domains for ourbrand.com — character substitution, TLD swaps, hyphenation, homoglyphs." Runs the discover-lookalike-domains prompt.
M&A due diligence: "Map the full internet footprint of this acquisition target — what domains, IPs, ASNs, certificates do they own?" Runs map-infrastructure and produces a comprehensive asset inventory.
Shadow IT discovery: "We own the ASN and IP range. Find all cloud-hosted assets in our space we don't know about — AWS, Azure, GCP, DigitalOcean, Hetzner." Cypher query against the BGP and hosting-provider graph.
Supply chain risk: "For each of our 200 SaaS vendors, find what subdomains they have, what certificates they've issued, what hosting providers they use. Flag any vendor with infrastructure recently moved to high-risk ASNs." Mass investigation with Cypher joins.
Bottom Line
WhisperGraph MCP is the first internet-scale infrastructure graph your agent can query directly through MCP. 7.39 billion nodes, 39 billion edges, 40 threat feeds, Open Cypher, six read-only tools, six resources, eight investigation prompts. Self-hostable for regulated environments, free tier for the open data.
For security teams, this is the missing layer that turns "agent reads one feed at a time" into "agent reasons across the entire internet infrastructure graph in one query." The threat investigation workflow that used to take an analyst 4 hours of Python joins now runs as a single MCP call.
docker run whisper-sec/whispergraph:latest and your agent sees the entire internet.
MCP Spotlight is a series covering servers that give AI agents real capabilities. Every server is evaluated for graph coverage, query expressiveness, and integration fit with Facio's HITL-first agent runtime.