A
securityA
licenseA
qualityA MCP server for querying the VirusTotal API. This server provides tools for scanning URLs, analyzing file hashes, and retrieving IP address reports.
Last updated -
7
44
17
TypeScript
MIT License
The MalwareAnalyzerMCP server provides tools for executing terminal commands and performing specialized malware analysis on files:
- Execute terminal commands with configurable timeouts and manage processes
- Read output from running or completed processes by their ID
- Analyze files using specialized malware analysis tools:
file: Identify file typesstrings: Extract printable strings with configurable encoding and minimum lengthhexdump: Display file contents in hexadecimal format with options for length and offsetobjdump: Disassemble and analyze object files, show headersxxd: Create hexdumps with ASCII representation and column formatting
- Integrate with Claude Desktop for seamless malware analysis workflows
Offers a Node.js-based implementation for malware analysis capabilities, requiring Node.js 18 or higher with compatibility for Node.js v22+ using ESM modules.
Provides a secure interface to execute terminal commands with configurable timeouts and process management for malware analysis tasks.
MalwareAnalyzerMCP
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.
Features
- Execute terminal commands with configurable timeouts
- Read output from running or completed processes
- Specialized malware analysis commands (
file,strings,hexdump,objdump,xxd) - Clean process management with graceful shutdowns
- Pure JavaScript implementation - no build step required
Installation
Usage
Running the Server
Integration with Claude Desktop
To integrate this MCP server with Claude Desktop:
- Open Claude Desktop's settings (Claude menu → Settings)
- Click on "Developer" and then "Edit Config"
- Update your configuration to include:
Note: Replace
/path/to/MalwareAnalysisMCPwith the actual path to your project directory.
- Restart Claude Desktop
Debugging
To see all communication between Claude Desktop and the MCP server:
- Update your Claude Desktop configuration to use the debug proxy:
- Check the logs in the
logsdirectory
Compatibility Notes
- Requires Node.js 18 or higher
- Compatible with Node.js v22+ using ESM modules
API
Basic Tools
shell_command
Executes a terminal command and returns its process ID, output, and blocked status.
Parameters:
command(string): The command to execute in the terminaltimeout_ms(number, optional): Timeout in milliseconds (default: 30000)
Returns:
pid(number): Process IDoutput(string): Command outputisBlocked(boolean): Whether the command execution is blocked/timed out
read_output
Reads output from a running or completed process.
Parameters:
pid(number): The process ID to read output from
Returns:
output(string | null): The process output, or null if the process is not found
Specialized Malware Analysis Tools
The following specialized tools are available for malware analysis:
file
Analyze a file and determine its type.
Parameters:
target(string): Target file to analyzeoptions(string, optional): Additional command-line options
Example:
strings
Extract printable strings from a file.
Parameters:
target(string): Target file to analyzeminLength(number, optional): Minimum string length to displayencoding(string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)options(string, optional): Additional command-line options
Example:
hexdump
Display file contents in hexadecimal format.
Parameters:
target(string): Target file to analyzelength(number, optional): Number of bytes to displayoffset(number, optional): Starting offset in the fileoptions(string, optional): Additional command-line options
Example:
objdump
Display information from object files.
Parameters:
target(string): Target file to analyzedisassemble(boolean, optional): Disassemble executable sectionsheaders(boolean, optional): Display the contents of the section headersoptions(string, optional): Additional command-line options
Example:
xxd
Create a hexdump with ASCII representation.
Parameters:
target(string): Target file to analyzelength(number, optional): Number of bytes to displayoffset(number, optional): Starting offset in the filecols(number, optional): Format output into specified number of columnsbits(boolean, optional): Switch to bits (binary) dumpoptions(string, optional): Additional command-line options
Example:
License
ISC
You must be authenticated.
local-only server
The server can only run on the client's local machine because it depends on local resources.
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis with support for common analysis tools like file, strings, hexdump, objdump, and xxd.
Related MCP Servers
Semgrep MCP Serverofficial
AsecurityAlicenseAqualityAn MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.Last updated -6140PythonMIT License- -securityFlicense-qualityAn MCP server that allows secure execution of macOS terminal commands through Claude or Roo Code with built-in security whitelisting and approval mechanisms.Last updated -1JavaScript
- -securityAlicense-qualityAn MCP server that implements Claude Code-like functionality, allowing the AI to analyze codebases, modify files, execute commands, and manage projects through direct file system interactions.Last updated -163PythonMIT License