MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.

Features

Execute terminal commands with configurable timeouts
Read output from running or completed processes
Specialized malware analysis commands (file, strings, hexdump, objdump, xxd)
Clean process management with graceful shutdowns
Pure JavaScript implementation - no build step required

Installation

# Install dependencies
npm install

Usage

Running the Server

# Start the server directly
node index.js

# Or use npm script
npm start

# With debugging proxy (logs all communications)
npm run debug

Integration with Claude Desktop

To integrate this MCP server with Claude Desktop:

Open Claude Desktop's settings (Claude menu → Settings)
Click on "Developer" and then "Edit Config"
Update your configuration to include:

{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/index.js"
      ]
    }
  }
}

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

Restart Claude Desktop

Debugging

To see all communication between Claude Desktop and the MCP server:

Update your Claude Desktop configuration to use the debug proxy:

{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js"
      ]
    }
  }
}

Check the logs in the logs directory

Compatibility Notes

Requires Node.js 18 or higher
Compatible with Node.js v22+ using ESM modules

API

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

command (string): The command to execute in the terminal
timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

pid (number): Process ID
output (string): Command output
isBlocked (boolean): Whether the command execution is blocked/timed out

read_output

Reads output from a running or completed process.

Parameters:

pid (number): The process ID to read output from

Returns:

output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

The following specialized tools are available for malware analysis:

file

Analyze a file and determine its type.

Parameters:

target (string): Target file to analyze
options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "options": "-b"
}

strings

Extract printable strings from a file.

Parameters:

target (string): Target file to analyze
minLength (number, optional): Minimum string length to display
encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)
options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "minLength": 10,
  "encoding": "l"
}

hexdump

Display file contents in hexadecimal format.

Parameters:

target (string): Target file to analyze
length (number, optional): Number of bytes to display
offset (number, optional): Starting offset in the file
options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "length": 256,
  "offset": 1024
}

objdump

Display information from object files.

Parameters:

target (string): Target file to analyze
disassemble (boolean, optional): Disassemble executable sections
headers (boolean, optional): Display the contents of the section headers
options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "disassemble": true
}

xxd

Create a hexdump with ASCII representation.

Parameters:

target (string): Target file to analyze
length (number, optional): Number of bytes to display
offset (number, optional): Starting offset in the file
cols (number, optional): Format output into specified number of columns
bits (boolean, optional): Switch to bits (binary) dump
options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "cols": 16,
  "bits": true
}

License

ISC

Install Server

HTTP connection URL

security – no known vulnerabilities

license - not found

quality - confirmed to work

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

Tools

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis with support for common analysis tools like file, strings, hexdump, objdump, and xxd.

Related MCP Servers

Claude Desktop Commander MCP
wonderwhy-er
A
security
A
license
A
quality
Allows Claude desktop app to execute terminal commands and edit files on your computer through MCP, with features including command execution, process management, and diff-based file editing.
Last updated -
19
29,418
4,054
JavaScript
MIT License
Model Context Protocol Server
hyen43
A
security
F
license
A
quality
A server built with mcp-framework that allows users to extend Claude's capabilities by adding custom tools that can be used through the Claude Desktop client.
Last updated -
3
423
TypeScript
Pentest Tools MCP Server
ch1nhpd
-
security
F
license
-
quality
An MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.
Last updated -
3
Python
Claude Kali MCP Commander
house-of-stark
A
security
F
license
A
quality
An MCP server that provides secure access to Kali Linux cybersecurity tools through Claude's interface, enabling users to run Kali Linux commands directly from Claude Desktop.
Last updated -
18
JavaScript

View all related MCP servers

MalwareAnalyzerMCP