MalwareAnalyzerMCP

# MalwareAnalyzerMCP A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis. ## Features - Execute terminal commands with configurable timeouts - Read output from running or completed processes - Specialized malware analysis commands (`file`, `strings`, `hexdump`, `objdump`, `xxd`) - Clean process management with graceful shutdowns - Pure JavaScript implementation - no build step required ## Installation ```bash # Install dependencies npm install ``` ## Usage ### Running the Server ```bash # Start the server directly node index.js # Or use npm script npm start # With debugging proxy (logs all communications) npm run debug ``` ### Integration with Claude Desktop To integrate this MCP server with Claude Desktop: 1. Open Claude Desktop's settings (Claude menu → Settings) 2. Click on "Developer" and then "Edit Config" 3. Update your configuration to include: ```json { "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/index.js" ] } } } ``` > **Note**: Replace `/path/to/MalwareAnalysisMCP` with the actual path to your project directory. 4. Restart Claude Desktop ## Debugging To see all communication between Claude Desktop and the MCP server: 1. Update your Claude Desktop configuration to use the debug proxy: ```json { "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js" ] } } } ``` 2. Check the logs in the `logs` directory ## Compatibility Notes - Requires Node.js 18 or higher - Compatible with Node.js v22+ using ESM modules ## API ### Basic Tools #### shell_command Executes a terminal command and returns its process ID, output, and blocked status. Parameters: - `command` (string): The command to execute in the terminal - `timeout_ms` (number, optional): Timeout in milliseconds (default: 30000) Returns: - `pid` (number): Process ID - `output` (string): Command output - `isBlocked` (boolean): Whether the command execution is blocked/timed out #### read_output Reads output from a running or completed process. Parameters: - `pid` (number): The process ID to read output from Returns: - `output` (string | null): The process output, or null if the process is not found ### Specialized Malware Analysis Tools The following specialized tools are available for malware analysis: #### file Analyze a file and determine its type. Parameters: - `target` (string): Target file to analyze - `options` (string, optional): Additional command-line options Example: ```json { "target": "suspicious.exe", "options": "-b" } ``` #### strings Extract printable strings from a file. Parameters: - `target` (string): Target file to analyze - `minLength` (number, optional): Minimum string length to display - `encoding` (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.) - `options` (string, optional): Additional command-line options Example: ```json { "target": "suspicious.exe", "minLength": 10, "encoding": "l" } ``` #### hexdump Display file contents in hexadecimal format. Parameters: - `target` (string): Target file to analyze - `length` (number, optional): Number of bytes to display - `offset` (number, optional): Starting offset in the file - `options` (string, optional): Additional command-line options Example: ```json { "target": "suspicious.exe", "length": 256, "offset": 1024 } ``` #### objdump Display information from object files. Parameters: - `target` (string): Target file to analyze - `disassemble` (boolean, optional): Disassemble executable sections - `headers` (boolean, optional): Display the contents of the section headers - `options` (string, optional): Additional command-line options Example: ```json { "target": "suspicious.exe", "disassemble": true } ``` #### xxd Create a hexdump with ASCII representation. Parameters: - `target` (string): Target file to analyze - `length` (number, optional): Number of bytes to display - `offset` (number, optional): Starting offset in the file - `cols` (number, optional): Format output into specified number of columns - `bits` (boolean, optional): Switch to bits (binary) dump - `options` (string, optional): Additional command-line options Example: ```json { "target": "suspicious.exe", "cols": 16, "bits": true } ``` ## License ISC