Skip to main content
Glama
deenesjakoruzh

Zeek-MCP

by Gabbo01
GitHub
Python
Apache 2.0
2
  • Linux
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Logo

Zeek-MCP

This repository provides a set of utilities to build an MCP server (Model Context Protocol) that you can integrate with your conversational AI client.

Table of Contents

Prerequisites

  • Python 3.7+
  • Zeek installed and available in your PATH (for the execzeek tool)
  • pip (for installing Python dependencies)

Installation

1. Clone the repository

git clone https://github.com/Gabbo01/Zeek-MCP cd Zeek-MCP

2. Install dependencies

It's recommended to use a virtual environment:

python -m venv venv source venv/bin/activate # Linux/macOS venv\Scripts\activate # Windows pip install -r requirements.txt

Note: If you don’t have a requirements.txt, install directly:

pip install pandas mcp

Usage

The repository exposes two main MCP tools and a command-line entry point:

3. Run the MCP server

python Bridge_Zeek_MCP.py --mcp-host 127.0.0.1 --mcp-port 8081 --transport sse
  • --mcp-host: Host for the MCP server (default: 127.0.0.1).
  • --mcp-port: Port for the MCP server (default: 8081).
  • --transport: Transport protocol, either sse (Server-Sent Events) or stdio.

start

4. Use the MCP tools

You need to use an LLM that can support the MCP tools usage by calling the following tools:

  1. execzeek(pcap_path: str) -> str
    • Description: Runs Zeek on the given PCAP file after deleting existing .log files in the working directory.
    • Returns: A string listing generated .log filenames or "1" on error.
  2. parselogs(logfile: str) -> DataFrame
    • Description: Parses a single Zeek .log file and returns the parsed content.

You can interact with these endpoints via HTTP (if using SSE transport) or by embedding in LLM client (eg: Claude Desktop):

Claude Desktop integration:

To set up Claude Desktop as a Zeek MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:

{ "mcpServers": { "Zeek-mcp": { "command": "python", "args": [ "/ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py", ] } } }

Alternatively, edit this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json
5ire Integration:

Another MCP client that supports multiple models on the backend is 5ire. To set up Zeek-MCP, open 5ire and go to Tools -> New and set the following configurations:

  1. Tool Key: ZeekMCP
  2. Name: Zeek-MCP
  3. Command: python /ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py
Alternatively you can use Chainlit framework and follow the documentation to integrate the MCP server.

Examples

An example of MCP tools usage from a chainlit chatbot client, it was used an example pcap file (you can find fews in pcaps folder)

In that case the used model was claude-3.7-sonnet-reasoning-gemma3-12b

example1

example2

example3

License

See LICENSE for more information.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

A Model Context Protocol server that integrates Zeek network analysis capabilities with LLM chatbots, allowing them to analyze PCAP files and parse network logs through natural language interactions.

  1. Table of Contents
    1. Prerequisites
      1. Installation
        1. Clone the repository
        2. Install dependencies
      2. Usage
        1. Run the MCP server
        2. Use the MCP tools
      3. Examples
        1. License

          Related MCP Servers

          • MCP Word Counter

            qpd-v
            A
            security
            A
            license
            A
            quality
            A Model Context Protocol server that provides tools for analyzing text documents, including counting words and characters. This server helps LLMs perform text analysis tasks by exposing simple document statistics functionality.
            Last updated -
            1
            8
            7
            JavaScript
            Apache 2.0

          • MCP Server for JIRA

            kuvanov-2
            A
            security
            F
            license
            A
            quality
            A Model Context Protocol server that enables ChatGPT and other AI assistants to directly interact with JIRA issues, currently offering the ability to retrieve issue details.
            Last updated -
            TypeScript
            • Apple

          • MCP Conversation Server

            bsmi021
            -
            security
            A
            license
            -
            quality
            A Model Context Protocol server implementation that provides a standardized interface for applications to interact with OpenRouter's language models through a unified conversation management system.
            Last updated -
            TypeScript
            MIT License

          • Pentest MCP

            DMontgomery40
            A
            security
            A
            license
            A
            quality
            A Model Context Protocol server that integrates essential penetration testing tools (Nmap, Gobuster, Nikto, John the Ripper) into a unified natural language interface, allowing security professionals to execute and chain multiple tools through conversational commands.
            Last updated -
            8
            38
            48
            JavaScript
            MIT License
            • Linux
            • Apple

          View all related MCP servers

          New MCP Servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/Gabbo01/Zeek-MCP'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server