The MalwareAnalyzerMCP server provides tools for executing terminal commands and performing specialized malware analysis on files:
- Execute terminal commands with configurable timeouts and manage processes
- Read output from running or completed processes by their ID
- Analyze files using specialized malware analysis tools:
file
: Identify file typesstrings
: Extract printable strings with configurable encoding and minimum lengthhexdump
: Display file contents in hexadecimal format with options for length and offsetobjdump
: Disassemble and analyze object files, show headersxxd
: Create hexdumps with ASCII representation and column formatting
- Integrate with Claude Desktop for seamless malware analysis workflows
Offers a Node.js-based implementation for malware analysis capabilities, requiring Node.js 18 or higher with compatibility for Node.js v22+ using ESM modules.
Provides a secure interface to execute terminal commands with configurable timeouts and process management for malware analysis tasks.
MalwareAnalyzerMCP
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.
Features
- Execute terminal commands with configurable timeouts
- Read output from running or completed processes
- Specialized malware analysis commands (
file
,strings
,hexdump
,objdump
,xxd
) - Clean process management with graceful shutdowns
- Pure JavaScript implementation - no build step required
Installation
Usage
Running the Server
Integration with Claude Desktop
To integrate this MCP server with Claude Desktop:
- Open Claude Desktop's settings (Claude menu → Settings)
- Click on "Developer" and then "Edit Config"
- Update your configuration to include:
Note: Replace
/path/to/MalwareAnalysisMCP
with the actual path to your project directory.
- Restart Claude Desktop
Debugging
To see all communication between Claude Desktop and the MCP server:
- Update your Claude Desktop configuration to use the debug proxy:
- Check the logs in the
logs
directory
Compatibility Notes
- Requires Node.js 18 or higher
- Compatible with Node.js v22+ using ESM modules
API
Basic Tools
shell_command
Executes a terminal command and returns its process ID, output, and blocked status.
Parameters:
command
(string): The command to execute in the terminaltimeout_ms
(number, optional): Timeout in milliseconds (default: 30000)
Returns:
pid
(number): Process IDoutput
(string): Command outputisBlocked
(boolean): Whether the command execution is blocked/timed out
read_output
Reads output from a running or completed process.
Parameters:
pid
(number): The process ID to read output from
Returns:
output
(string | null): The process output, or null if the process is not found
Specialized Malware Analysis Tools
The following specialized tools are available for malware analysis:
file
Analyze a file and determine its type.
Parameters:
target
(string): Target file to analyzeoptions
(string, optional): Additional command-line options
Example:
strings
Extract printable strings from a file.
Parameters:
target
(string): Target file to analyzeminLength
(number, optional): Minimum string length to displayencoding
(string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)options
(string, optional): Additional command-line options
Example:
hexdump
Display file contents in hexadecimal format.
Parameters:
target
(string): Target file to analyzelength
(number, optional): Number of bytes to displayoffset
(number, optional): Starting offset in the fileoptions
(string, optional): Additional command-line options
Example:
objdump
Display information from object files.
Parameters:
target
(string): Target file to analyzedisassemble
(boolean, optional): Disassemble executable sectionsheaders
(boolean, optional): Display the contents of the section headersoptions
(string, optional): Additional command-line options
Example:
xxd
Create a hexdump with ASCII representation.
Parameters:
target
(string): Target file to analyzelength
(number, optional): Number of bytes to displayoffset
(number, optional): Starting offset in the filecols
(number, optional): Format output into specified number of columnsbits
(boolean, optional): Switch to bits (binary) dumpoptions
(string, optional): Additional command-line options
Example:
License
ISC
local-only server
The server can only run on the client's local machine because it depends on local resources.
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis with support for common analysis tools like file, strings, hexdump, objdump, and xxd.
Related MCP Servers
- AsecurityAlicenseAqualityAllows Claude desktop app to execute terminal commands and edit files on your computer through MCP, with features including command execution, process management, and diff-based file editing.Last updated -1929,4184,054JavaScriptMIT License
- AsecurityFlicenseAqualityA server built with mcp-framework that allows users to extend Claude's capabilities by adding custom tools that can be used through the Claude Desktop client.Last updated -3423TypeScript
- -securityFlicense-qualityAn MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.Last updated -3Python
- AsecurityFlicenseAqualityAn MCP server that provides secure access to Kali Linux cybersecurity tools through Claude's interface, enabling users to run Kali Linux commands directly from Claude Desktop.Last updated -18JavaScript