We Shipped a Tiny Free Tool That Tells You if an IP Is Bad. It's Also an AI Plugin Now. Here's What That Means.

Open a terminal. Type npx dugganusa-cli 185.39.19.176 and hit enter.

You get back an answer. The IP is a known Cobalt Strike command-and-control server. We have blocked it forty-seven times. Three different threat-intel feeds have it on a list. There is a link to the full report.

That is what we shipped today. A tiny free tool. No install. No signup. One command, one answer. We call it dugganusa-cli.

It is also something else, but we will get to that.

The everyday version

Most days, you don't care about Cobalt Strike. But you might have a config file with a list of IP addresses, or a log file from your firewall, or a CSV your vendor sent over, and you want to know if anything in there is known-bad before you trust it.

The tool does that. Point it at a file. It scans for IPs, domains, file hashes, and CVE numbers anywhere they appear and looks each one up against our database. If something matches, you get an alert and the tool's "exit code" is set to one — which is nerd talk for "this script failed, stop the build."

That is the part that makes it useful in automated pipelines. You drop one line into your deployment script. If the config you are about to deploy contains a known-malicious indicator, the deploy stops before the bad stuff reaches production. We have customers who use this exact pattern.

You can also pipe stuff into it. cat firewall.log | npx dugganusa-cli --stdin reads the entire log and flags anything bad. Same for grep output, curl output, anything that produces text.

It is just a binary. Three hundred and fifty lines of JavaScript. It reads things, looks them up, prints results, exits. That is the whole job.

The free tier is actually free

Five hundred lookups per day. No key required. No credit card. No "free trial" that secretly bills you.

The reason we can give that away is that the cost to us per lookup is rounding-error small. We already run the index. We already publish it as a feed that big companies pull every day. Letting individual developers and small teams hit the same database costs us roughly nothing.

If you do more than five hundred lookups a day, we have a free key option with higher limits. You get it at analytics.dugganusa.com/stix/register. Still free. Just trackable so we can size capacity.

The "and also" part — it's an AI plugin

The same install ships a second little program called dugganusa-mcp. MCP stands for Model Context Protocol — it is the standard way modern AI assistants like Claude Desktop and Cursor connect to outside tools. Think of it as a USB-C port for AI.

You add one block of configuration to Claude Desktop or Cursor, point it at dugganusa-mcp, and now your AI assistant has access to our threat intelligence as a built-in skill. You can ask Claude "what do you know about this IP" and it actually checks — against the same database the CLI uses, in real time.

That is the second binary. Same install, same package, no extra steps. People who only want the scanner can ignore the MCP server entirely. People who want both get both.

"Wait, but I read your post that said MCP is dangerous"

Yes. Three weeks ago we published a piece called "Anthropic's MCP Has a Critical RCE Vulnerability. We Don't Use MCP. Here's Why." We named six different MCP servers that were either vulnerable or actively exploited. We explained that the protocol's architecture trusted the connection between AI and tool too much, which let attackers turn "tool description" into "execute commands on your computer."

That post is still correct. We still do not trust most MCP servers. The architectural problem is real and the supply-chain attacks are ongoing.

What changed is we built one that does not have the dangerous shape. Our MCP server only reads from our database. It cannot write anything. It cannot touch your files. It cannot run other programs. There are exactly three things it can do: search the database, look up details on an IP, and report the size of our threat feed. That is the entire surface area.

You can audit this. The whole MCP code is about two hundred and sixty-five lines of JavaScript split across four small files. Read it. Grep it for the dangerous functions — exec, spawn, shell, eval, child_process. You will not find any. We will not find any either, because we wrote it deliberately to not have any.

The point is not that you have to trust us. The point is that you can verify us in fifteen minutes.

"Just meta" — how do you know we didn't lie about the source code?

Here is where it gets fun. Every time we publish a new version, GitHub's servers automatically prove to npm's servers that the code came from our actual repository at a specific point in time. npm signs that proof and attaches it to the published package. The signature lives on a public log that anyone in the world can read — including us — and once an entry is on the log, no one can change it or delete it without leaving a trace.

That is the part security people call "provenance." It is not a trust-us claim. It is a math claim. You can run one command (npm audit signatures dugganusa-cli) and see the receipt.

We also do not have a password file sitting on any computer that publishes the package. Most software gets uploaded using a long-lived secret — basically a password that, if stolen, lets the attacker publish bad versions of your software. We do not have that. The handshake between GitHub and npm happens fresh on every release, and the credential expires the moment the release is done. There is no static secret to steal.

This is what supply-chain hygiene actually looks like in 2026. Most projects still ship with a long-lived password and no provenance signatures. We do not.

Why this matters more than usual

The same database the tool reads from has been forty-five days early on LiteLLM, twenty days early on NGINX-UI, forty-three days early on Lynx ransomware before they hit ACN Healthcare, twenty-eight days early on Handala before they exfiltrated six petabytes from Dubai, and thirty-nine days early on the Medtronic vish chain. Five for five against named adversaries that the rest of the industry caught up to weeks later.

The CLI puts that same database in your terminal. Same data, same query engine, same indexes — just on your laptop instead of in a SOC dashboard somewhere.

If you have ever paid a vendor four figures a month for less-current threat intel, that should bother you.

Install

npm install -g dugganusa-cli if you want it on your PATH.

npx dugganusa-cli 185.39.19.176 if you just want to try it right now without installing.

npx -y -p dugganusa-cli dugganusa-mcp for the AI plugin version.

The full README, the audit recipe, the Claude Desktop config snippet, and the receipts are at github.com/pduggusa/dugganusa-cli.

Fork it. Audit it. Use it. Tell us when something is wrong. The free tier is actually free and the bytes are actually signed.

— Patrick Duggan, May 10, 2026

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com