Skip to content
@lidless-labs

Lidless Labs

Open-source SOC, network, and homelab tooling for MCP clients and AI-assisted operations. The eye does not close.

Lidless Labs

The eye does not close.

Lidless Labs builds open-source SOC, network, and homelab tooling for MCP clients and AI-assisted operations. The work is local-first, MIT licensed where possible, and shaped around real systems that have to be queried under pressure.

Security / SOC

  • wazuh-mcp - Wazuh SIEM/XDR: alerts, agents, vulnerabilities, and rules.
  • misp-mcp - MISP threat intelligence: IOC lookups, correlation, and exports.
  • suricata-mcp - Suricata IDS/IPS EVE JSON alert analysis and rule workflows.
  • thehive-mcp - TheHive incident response: cases, alerts, tasks, and observables.
  • cortex-mcp - Cortex analyzers and responders for observable analysis.
  • mitre-mcp - MITRE ATT&CK mapping, group profiling, and detection-gap analysis.
  • zeek-mcp - Zeek + Suricata NSM log querying and correlation.
  • hotwash - SOC playbook parser with mermaid diagrams and Wazuh alert ingestion.
  • soc-stack - Full open-source SOC architecture: MCP servers, detection pipelines, and playbooks.

Threat Intelligence & OSINT

  • cyberbrief - AI threat-intel briefings with BLUF reports and ATT&CK mapping.
  • intel-workbench - Structured analytic techniques: ACH matrices and STIX export.
  • maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, and ASN.
  • vervet - Threat hunting for Zeek and Suricata logs with per-host risk scoring.

Network

  • librenmsctrl - LibreNMS devices, ports, alerts, acknowledgements, and maintenance windows.
  • n8nctrl - n8n workflow inspection, validation, execution, and ops automation.
  • watchtower - NOC dashboard with interactive topology and LibreNMS/Proxmox integration.
  • portgrid - Switch-port visualization for LibreNMS with color-coded views and search.
  • cutsheet - Network change intelligence: watches device configs and tells you what changed.
  • eero-cli - CLI for the eero mesh API with non-interactive auth and device filtering.

Homelab

  • proxmox-mcp - Proxmox VE inventory and safe-write VM, container, and node operations.
  • adguardctrl - AdGuard Home DNS filtering across read, safe-write, and destructive tiers.
  • immichctrl - Immich photo library search, albums, people, and duplicate workflows.
  • jellyctrl - Jellyfin playback sessions, library scans, and user admin.
  • proxguard - Proxmox security auditor with CIS benchmarks and remediation scripts.
  • samba-ad-migration - Windows AD to Samba file-share migration scripts for Proxmox.

Start Here

Visit lidless.dev for the watch floor, then start with the tool that matches the system you already run.

Popular repositories Loading

  1. maltego-mcp maltego-mcp Public

    Maltego MCP server: an LLM authors .mtgx OSINT graphs and runs whois/DNS/ASN/crt.sh lookups for threat intel

    TypeScript 6 1

  2. mitre-mcp mitre-mcp Public

    MCP server for the MITRE ATT&CK knowledge base: map alerts to techniques, profile threat groups, analyze detection coverage, and enrich SOC workflows from an AI client.

    TypeScript 3

  3. immichctrl immichctrl Public

    immichctrl operator control CLI for Immich, with an MCP adapter for safe photo search, curation, memories, duplicate audits, and agent workflows.

    TypeScript 3 1

  4. wazuh-mcp wazuh-mcp Public

    MCP server for Wazuh SIEM/XDR: query alerts, agents, vulnerabilities, and rules from Claude or any AI client. Read-only.

    TypeScript 2

  5. proxguard proxguard Public

    Proxmox security auditor with config parsers, CIS benchmarks, and remediation scripts

    TypeScript 2

  6. samba-ad-migration samba-ad-migration Public

    Automation scripts for migrating Windows AD file shares to Samba on Proxmox with full domain integration

    Shell 1

Repositories

Showing 10 of 27 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…