# StealthMole

Investigate cyber threats across the dark web, Telegram, and leak repositories with unified search. Monitor ransomware activity and exposed credentials to quickly assess risk. Drill into detailed fin…

## Quick Start

```bash
# Connect this server (installs CLI if needed)
npx -y @smithery/cli@latest mcp add StealthMole/stealthmole-mcp

# Browse available tools
npx -y @smithery/cli@latest tool list StealthMole/stealthmole-mcp

# Get full schema for a tool
npx -y @smithery/cli@latest tool get StealthMole/stealthmole-mcp dark_web_search

# Call a tool
npx -y @smithery/cli@latest tool call StealthMole/stealthmole-mcp dark_web_search '{}'
```

## Direct MCP Connection

Endpoint: `https://stealthmole-mcp.run.tools`

## Tools (22)

- `dark_web_search` — Search dark web content by indicator. Use for investigating threats on the dark web and deep web.
- `dark_web_targets` — Get available targets for dark web search by indicator.
- `telegram_search` — Search Telegram content by indicator. Use for investigating threats on Telegram.
- `telegram_targets` — Get available targets for Telegram search by indicator.
- `credential_search` — Search for leaked credentials. Use for identifying compromised accounts.
- `credential_export` — Export leaked credentials to CSV/JSON file.
- `compromised_dataset_search` — Search compromised dataset information. Use for finding leaked credentials with host/URL info.
- `compromised_dataset_node` — Get detailed compromised dataset node information.
- `compromised_dataset_export` — Export compromised dataset information to CSV/JSON file.
- `combo_binder_search` — Search leaked ID/Password combo information from deep and dark web.
- `combo_binder_export` — Export combo binder information to CSV/JSON file.
- `ulp_binder_search` — Search URL-Login-Password combination information from deep and dark web.
- `ulp_binder_export` — Export ULP binder information to CSV/JSON file.
- `ransomware_monitoring_search` — Search ransomware monitoring data. Use for tracking ransomware threats and attack groups.
- `government_monitoring_search` — Search government sector threat monitoring data.
- `leaked_monitoring_search` — Search enterprise sector threat monitoring data and data leaks.
- `node_details` — Get detailed information about a specific node from any service.
- `search_pagination` — Paginate through search results for dt or tt service using search cache ID.
- `api_usage` — Get API usage quotas by service. Shows quota and usage for each service.
- `search_targets` — Get available targets for a service and indicator.
- `download_dark_web_file` — Download file by SHA256 hash from Dark Web service.
- `download_telegram_file` — Download file by SHA256 hash from Telegram service.

```bash
# Get full input/output schema for a tool
npx -y @smithery/cli@latest tool get StealthMole/stealthmole-mcp <tool-name>
```

---

Source: https://github.com/StealthMole/stealthmole-mcp