Plug SwarmHawk into Claude, Cursor, or any MCP-compatible assistant. Scan domains, check breaches, and get AI threat analysis β without leaving your conversation.
{
"mcpServers": {
"swarmhawk": {
"url": "https://swarmhawk.com/mcp",
"headers": {
"X-API-Key": "YOUR_KEY"
}
}
}
}Free: 10 scans/month Β· Pro: β¬29/mo Β· Business: β¬99/mo
Ask Claude to scan vendor domains before signing contracts. Risk assessment without leaving your conversation.
Batch scan acquisition targets. Claude ranks domains by risk and flags deal-breaker findings automatically.
Wire into your CI/CD pipeline. Catch SSL expiry and misconfigs before they hit production.
Build internal security agents that monitor your entire domain portfolio on autopilot.
18 automated security checks, AI threat analysis, and monthly PDF reports delivered to your inbox β across 25 European countries. No technical knowledge required.
Free scan Β· No credit card required
Enterprise-grade security monitoring at β¬50/year. Know instantly if your domain appears on malware lists or breach databases.
Monthly reports serve as audit evidence for EU regulations. Stay compliant without hiring a dedicated security team.
Detect typosquat domains registered by attackers. Protect customers from phishing sites impersonating your brand.
Plain-language PDF every month. Risk score, new findings, and step-by-step fixes β no technical knowledge needed.
Banks, fintechs, and insurance firms use SwarmHawk for continuous domain monitoring required under DORA and NIS2.
Hospitals and government bodies monitor domains for breach exposure and blocklist presence to meet GDPR obligations.
Online shops monitor for typosquats and SSL issues that could send customers to fake checkout pages.
Law firms and accountancies protect client trust by ensuring their domain is clean, verified, and not impersonated.
18 checks drawing from 12 independent threat intelligence sources, updated in real-time. Every scan queries live APIs β no cached or stale data.
Certificate validity, expiry, TLS version, cipher strength graded AβF. Checks HTTPS enforcement and redirect chain. Source: direct TLS handshake + Python ssl library.
SPF, DKIM, DMARC record validation. DNSSEC status. MX record health. Checks for dangling DNS records that enable subdomain takeover. Source: dnspython + direct DNS resolution.
OWASP-recommended HTTP headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Strict-Transport-Security. Source: direct HTTP inspection.
Aggregates results from 94 antivirus engines and URL scanners. Detects malware, phishing, and suspicious activity. Used by Google, Cisco, and major security teams globally. Source: VirusTotal API v3.
Spamhaus Domain Block List β the world's most widely used DNS-based blocklist. Used by over 3 billion mailboxes. A listing here means significant email deliverability impact. Source: Spamhaus DBL DNS query.
Checks 12+ billion breached accounts from 700+ data breaches. Created by Troy Hunt, trusted by FBI and NCA. Identifies if your domain's email accounts appear in known breach dumps. Source: HIBP API v3.
Internet-wide port scanner and CVE database. Crawls the entire internet continuously and maps every exposed service, software version, and known vulnerability. Source: Shodan REST API.
Google's threat intelligence database used to protect Chrome, Firefox, and Safari users. Flags domains used for phishing, malware distribution, and unwanted software. Source: Safe Browsing API v4.
Community-driven malware URL database maintained by abuse.ch. Tracks active malware distribution sites, botnet C&C servers, and phishing campaigns in real-time. Source: URLhaus API.
Generates 200+ domain permutations per scan (character swap, omission, addition, homoglyph attacks) and checks DNS registration for each. Detects active phishing infrastructure. Source: dnstwist + DNS.
Claude (Anthropic) synthesises all 18 check results into a plain-language executive summary with prioritised remediation steps. Trained on security reports, CVE databases, and OWASP guidelines. Source: Anthropic Claude API.
Identifies CMS (WordPress, Drupal, Joomla), frameworks (React, Vue, Angular), server software, CDN, and jQuery versions. Maps detected versions to CVE database for vulnerability scoring. Source: HTTP headers + HTML parsing.
Loadingβ¦