MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.

Features

• Execute terminal commands with configurable timeouts

• Read output from running or completed processes

• Specialized malware analysis commands (file, strings, hexdump, objdump, xxd)

• Clean process management with graceful shutdowns

• Pure JavaScript implementation - no build step required

Related MCP server: Model Context Protocol Server

Installation

Usage

Running the Server

Integration with Claude Desktop

To integrate this MCP server with Claude Desktop:

1. Open Claude Desktop's settings (Claude menu → Settings)

2. Click on "Developer" and then "Edit Config"

3. Update your configuration to include:

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

4. Restart Claude Desktop

Debugging

To see all communication between Claude Desktop and the MCP server:

1. Update your Claude Desktop configuration to use the debug proxy:

2. Check the logs in the logs directory

Compatibility Notes

• Requires Node.js 18 or higher

• Compatible with Node.js v22+ using ESM modules

API

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

• command (string): The command to execute in the terminal

• timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

• pid (number): Process ID

• output (string): Command output

• isBlocked (boolean): Whether the command execution is blocked/timed out

read_output

Reads output from a running or completed process.

Parameters:

• pid (number): The process ID to read output from

Returns:

• output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

The following specialized tools are available for malware analysis:

file

Analyze a file and determine its type.

Parameters:

• target (string): Target file to analyze

• options (string, optional): Additional command-line options

Example:

strings

Extract printable strings from a file.

Parameters:

• target (string): Target file to analyze

• minLength (number, optional): Minimum string length to display

• encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)

• options (string, optional): Additional command-line options

Example:

hexdump

Display file contents in hexadecimal format.

Parameters:

• target (string): Target file to analyze

• length (number, optional): Number of bytes to display

• offset (number, optional): Starting offset in the file

• options (string, optional): Additional command-line options

Example:

objdump

Display information from object files.

Parameters:

• target (string): Target file to analyze

• disassemble (boolean, optional): Disassemble executable sections

• headers (boolean, optional): Display the contents of the section headers

• options (string, optional): Additional command-line options

Example:

xxd

Create a hexdump with ASCII representation.

Parameters:

• target (string): Target file to analyze

• length (number, optional): Number of bytes to display

• offset (number, optional): Starting offset in the file

• cols (number, optional): Format output into specified number of columns

• bits (boolean, optional): Switch to bits (binary) dump

• options (string, optional): Additional command-line options

Example:

License

ISC