Skip to main content
Glama
deenesjakoruzh

MalwareAnalyzerMCP

by abdessamad-elamrani
GitHub
JavaScript
3
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.

Features

  • Execute terminal commands with configurable timeouts
  • Read output from running or completed processes
  • Specialized malware analysis commands (file, strings, hexdump, objdump, xxd)
  • Clean process management with graceful shutdowns
  • Pure JavaScript implementation - no build step required

Installation

# Install dependencies npm install

Usage

Running the Server

# Start the server directly node index.js # Or use npm script npm start # With debugging proxy (logs all communications) npm run debug

Integration with Claude Desktop

To integrate this MCP server with Claude Desktop:

  1. Open Claude Desktop's settings (Claude menu → Settings)
  2. Click on "Developer" and then "Edit Config"
  3. Update your configuration to include:
{ "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/index.js" ] } } }

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

  1. Restart Claude Desktop

Debugging

To see all communication between Claude Desktop and the MCP server:

  1. Update your Claude Desktop configuration to use the debug proxy:
{ "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js" ] } } }
  1. Check the logs in the logs directory

Compatibility Notes

  • Requires Node.js 18 or higher
  • Compatible with Node.js v22+ using ESM modules

API

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

  • command (string): The command to execute in the terminal
  • timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

  • pid (number): Process ID
  • output (string): Command output
  • isBlocked (boolean): Whether the command execution is blocked/timed out
read_output

Reads output from a running or completed process.

Parameters:

  • pid (number): The process ID to read output from

Returns:

  • output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

The following specialized tools are available for malware analysis:

file

Analyze a file and determine its type.

Parameters:

  • target (string): Target file to analyze
  • options (string, optional): Additional command-line options

Example:

{ "target": "suspicious.exe", "options": "-b" }
strings

Extract printable strings from a file.

Parameters:

  • target (string): Target file to analyze
  • minLength (number, optional): Minimum string length to display
  • encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)
  • options (string, optional): Additional command-line options

Example:

{ "target": "suspicious.exe", "minLength": 10, "encoding": "l" }
hexdump

Display file contents in hexadecimal format.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • options (string, optional): Additional command-line options

Example:

{ "target": "suspicious.exe", "length": 256, "offset": 1024 }
objdump

Display information from object files.

Parameters:

  • target (string): Target file to analyze
  • disassemble (boolean, optional): Disassemble executable sections
  • headers (boolean, optional): Display the contents of the section headers
  • options (string, optional): Additional command-line options

Example:

{ "target": "suspicious.exe", "disassemble": true }
xxd

Create a hexdump with ASCII representation.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • cols (number, optional): Format output into specified number of columns
  • bits (boolean, optional): Switch to bits (binary) dump
  • options (string, optional): Additional command-line options

Example:

{ "target": "suspicious.exe", "cols": 16, "bits": true }

License

ISC

Deploy Server
A
security – no known vulnerabilities
F
license - not found
A
quality - confirmed to work

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

Tools

Un servidor MCP especializado para Claude Desktop que permite ejecutar comandos de terminal para el análisis de malware con soporte para herramientas de análisis comunes como archivos, cadenas, hexdump, objdump y xxd.

  1. Características
    1. Instalación
      1. Uso
        1. Ejecución del servidor
        2. Integración con Claude Desktop
      2. Depuración
        1. Notas de compatibilidad
          1. API
            1. Herramientas básicas
            2. Herramientas especializadas de análisis de malware
          2. Licencia

            Related MCP Servers

            • Claude Desktop Commander MCP

              wonderwhy-er
              A
              security
              A
              license
              A
              quality
              Allows Claude desktop app to execute terminal commands and edit files on your computer through MCP, with features including command execution, process management, and diff-based file editing.
              Last updated -
              21
              23,971
              4,214
              JavaScript
              MIT License
              • Apple

            • Model Context Protocol Server

              hyen43
              A
              security
              F
              license
              A
              quality
              A server built with mcp-framework that allows users to extend Claude's capabilities by adding custom tools that can be used through the Claude Desktop client.
              Last updated -
              3
              603
              TypeScript

            • Claude Kali MCP Commander

              house-of-stark
              A
              security
              F
              license
              A
              quality
              An MCP server that provides secure access to Kali Linux cybersecurity tools through Claude's interface, enabling users to run Kali Linux commands directly from Claude Desktop.
              Last updated -
              18
              JavaScript
              • Linux
              • Apple

            • MCP Terminal Server

              ivannafigueroa
              -
              security
              F
              license
              -
              quality
              A simple MCP server that allows running terminal commands with output capture, enabling command execution on the host system from MCP-compatible clients like Claude Desktop.
              Last updated -
              1
              Python

            View all related MCP servers

            Appeared in Searches

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/abdessamad-elamrani/MalwareAnalyzerMCP'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server