Integrations
Offers a Node.js-based implementation for malware analysis capabilities, requiring Node.js 18 or higher with compatibility for Node.js v22+ using ESM modules.
Provides a secure interface to execute terminal commands with configurable timeouts and process management for malware analysis tasks.
MalwareAnalyzerMCP
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.
Features
- Execute terminal commands with configurable timeouts
- Read output from running or completed processes
- Specialized malware analysis commands (
file
,strings
,hexdump
,objdump
,xxd
) - Clean process management with graceful shutdowns
- Pure JavaScript implementation - no build step required
Installation
Usage
Running the Server
Integration with Claude Desktop
To integrate this MCP server with Claude Desktop:
- Open Claude Desktop's settings (Claude menu → Settings)
- Click on "Developer" and then "Edit Config"
- Update your configuration to include:
Note: Replace
/path/to/MalwareAnalysisMCP
with the actual path to your project directory.
- Restart Claude Desktop
Debugging
To see all communication between Claude Desktop and the MCP server:
- Update your Claude Desktop configuration to use the debug proxy:
- Check the logs in the
logs
directory
Compatibility Notes
- Requires Node.js 18 or higher
- Compatible with Node.js v22+ using ESM modules
API
Basic Tools
shell_command
Executes a terminal command and returns its process ID, output, and blocked status.
Parameters:
command
(string): The command to execute in the terminaltimeout_ms
(number, optional): Timeout in milliseconds (default: 30000)
Returns:
pid
(number): Process IDoutput
(string): Command outputisBlocked
(boolean): Whether the command execution is blocked/timed out
read_output
Reads output from a running or completed process.
Parameters:
pid
(number): The process ID to read output from
Returns:
output
(string | null): The process output, or null if the process is not found
Specialized Malware Analysis Tools
The following specialized tools are available for malware analysis:
file
Analyze a file and determine its type.
Parameters:
target
(string): Target file to analyzeoptions
(string, optional): Additional command-line options
Example:
strings
Extract printable strings from a file.
Parameters:
target
(string): Target file to analyzeminLength
(number, optional): Minimum string length to displayencoding
(string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)options
(string, optional): Additional command-line options
Example:
hexdump
Display file contents in hexadecimal format.
Parameters:
target
(string): Target file to analyzelength
(number, optional): Number of bytes to displayoffset
(number, optional): Starting offset in the fileoptions
(string, optional): Additional command-line options
Example:
objdump
Display information from object files.
Parameters:
target
(string): Target file to analyzedisassemble
(boolean, optional): Disassemble executable sectionsheaders
(boolean, optional): Display the contents of the section headersoptions
(string, optional): Additional command-line options
Example:
xxd
Create a hexdump with ASCII representation.
Parameters:
target
(string): Target file to analyzelength
(number, optional): Number of bytes to displayoffset
(number, optional): Starting offset in the filecols
(number, optional): Format output into specified number of columnsbits
(boolean, optional): Switch to bits (binary) dumpoptions
(string, optional): Additional command-line options
Example:
License
ISC
You must be authenticated.
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis with support for common analysis tools like file, strings, hexdump, objdump, and xxd.
Related MCP Servers
- AsecurityAlicenseAqualityA MCP server for querying the VirusTotal API. This server provides tools for scanning URLs, analyzing file hashes, and retrieving IP address reports.Last updated -74417TypeScriptMIT License
- AsecurityAlicenseAqualityAn MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.Last updated -6140PythonMIT License
- -securityFlicense-qualityAn MCP server that allows secure execution of macOS terminal commands through Claude or Roo Code with built-in security whitelisting and approval mechanisms.Last updated -1JavaScript
- -securityAlicense-qualityAn MCP server that implements Claude Code-like functionality, allowing the AI to analyze codebases, modify files, execute commands, and manage projects through direct file system interactions.Last updated -132PythonMIT License