Basic Network Data Query Tool

About XLab

XLab is a research team under QiAnXin focused on large-scale network security, threat analysis and attribution, and the development of multidimensional security data platforms.

As one of the earliest teams in China to conduct security research and threat intelligence production using large-scale data, XLab has built the country’s first PassiveDNS system. It has also developed several leading foundational data systems, including those for Netflow, Whois, digital certificates, IP addresses, and malicious samples.

Core Network Security Data

Core network security data includes PassiveDNS resolution records, domain and IP registration details, website certificate information, and IOC (Indicators of Compromise) database queries.

Tools

1. flint rrset
   • Queries flint rrset data from the PassiveDNS system.
   • Used to retrieve Resource Record Sets (RRsets) for specific domain names and DNS record types.
   • Supports wildcard queries such as *.example.com to search for subdomain rrset records.
   • Returns: FQDN, DNS access count, first seen time, last seen time, DNS record type, DNS record data.
2. flint rdata
   • Queries flint rdata from the PassiveDNS system.
   • Used for reverse lookups of DNS responses based on rdata values.
   • Returns: FQDN, DNS access count, first seen time, last seen time, DNS record type, DNS record data.
3. whois history
   • Retrieves historical WHOIS registration information for domains or IP addresses.
   • Returns: Registrant name, registrant email, registrar, registry, registration time, current domain status, etc.
4. certdb domain
   • Looks up digital certificate information for a given domain.
   • Returns: Certificate validity period, issue date, fingerprint, subject details, and more.
5. ioc
   • Queries the IOC (Indicators of Compromise) database maintained by XLab.
   • Returns: Tagging and categorization information for specific entities.

Installation & Usage

Notes

This toolset is currently in its trial version for basic security data queries. Under high-concurrency conditions, the backend may throttle network access.

For high-frequency or production-level use cases, please switch to the official version.

MCP Service Endpoint

The endpoint for QiAnXin XLab's remote MCP service is: https://fdp.qianxin.com/mcp/v1/basic/mcp/

Official Version Installation Guide

1. The official version supports streamable-http access.
2. When using the tool, you must include two HTTP headers: fdp-access and fdp-secret.
   • To obtain these credentials, please contact QiAnXin XLab.
3. When writing agent code to connect with the MCP service, include the fdp-access and fdp-secret headers in your HTTP requests. Here's an example using smolagents:

   from smolagents import ToolCollection
   from smolagents.agents import ToolCallingAgent
   from smolagents.models import OpenAIServerModel
   
   def main():
   	with ToolCollection.from_mcp(
   		{
   			"url": "https://fdp.qianxin.com/mcp/v1/basic/mcp/",
   			"transport": "streamable-http",
   			"headers": {
   				"fdp-access": "xxxx",
   				"fdp-secret": "yyyy",
   			},
   		},
   		trust_remote_code=True,
   	) as tools:
   		agent = ToolCallingAgent(
   			tools=[*tools.tools],
   			model=OpenAIServerModel(
   				model_id="YOUR-LLM-MODEL-ID",
   				api_base="YOUR-LLM-MODEL-API-URL",
   				api_key="YOUR-LLM-MODEL-API-KEY",
   			),
   		)
   		agent.run("Query the registration information for www.example.com and summarize the results.")
   
   if __name__ == "__main__":
   	main()
   

4. If you are using Claude Desktop, you can leverage the mcp-remote library for proxy forwarding. During the forwarding process, configure the necessary HTTP headers as shown below:

   {
   	"mcpServers": {
   		"fdp_basic": {
   			"command": "npx",
   			"args": [
   				"-y",
   				"mcp-remote@latest",
   				"https://fdp.qianxin.com/mcp/v1/basic/mcp/",
   				"--header",
   				"fdp-access:xxxx",
   				"--header",
   				"fdp-secret:yyyy"
   			]
   		}
   	}
   }