Skip to main content
Glama
Hackerobi

Velociraptor Forensic MCP Server

by Hackerobi

๐Ÿฆ– Velociraptor Forensic MCP Server

Turn Claude Desktop into a DFIR workstation.

A unified Model Context Protocol (MCP) server that connects Claude Desktop to your Velociraptor instance AND local forensic tools. Remote endpoint investigation + local evidence analysis in one server. Docker deployment for Velociraptor included.

Python Docker Velociraptor Tools License


What This Does

Instead of switching between the Velociraptor GUI, terminal VQL sessions, and forensic scripts, you talk to Claude and it runs them for you. Ask Claude to:

  • "Look up workstation-01 and tell me when it was last seen" โ†’ Queries Velociraptor for client info

  • "Collect the user list from that endpoint" โ†’ Starts a Linux.Sys.Users artifact collection and retrieves results

  • "Hash all files in /evidence/malware-samples/" โ†’ Recursively SHA-256 hashes a local directory

  • "Check syslog for any mentions of that binary" โ†’ Scans system logs with keyword search

  • "Cross-reference the file metadata with log entries" โ†’ Correlates timestamps, hashes, and log hits into a forensic report

  • "Run a VQL query to show all running processes on the endpoint" โ†’ Executes custom VQL directly

All results come back in the chat. No copy-pasting. No tab switching. Full forensic chain from endpoint to evidence.


Related MCP server: Velociraptor MCP

๐Ÿ› ๏ธ Integrated Tools (12)

Remote โ€” Velociraptor (vr_*)

Tool

Description

vr_authenticate

Test gRPC connection to Velociraptor

vr_get_agent_info

Look up a client by hostname โ†’ client_id, OS, agent version, last seen

vr_run_vql

Execute arbitrary VQL queries on the server

vr_list_artifacts

List all available client artifacts with descriptions

vr_artifact_details

Get full specs for a specific artifact

vr_collect_artifact

Start artifact collection on a remote endpoint (returns flow_id)

vr_get_collection_results

Poll and retrieve completed collection results (with retry logic)

Local Forensic (local_*)

Tool

Description

local_file_metadata

SHA-256, size, timestamps for a file (sandboxed to SAFE_BASE)

local_hash_directory

Recursively hash every file in a directory

local_scan_syslog

Search Linux syslog or macOS unified log by keyword

local_correlate

Cross-reference file metadata with log entries

local_forensic_report

Generate structured forensic report combining file + log data

Key Features

  • Dual-mode: Either toolkit works independently โ€” deploy with just Velociraptor, just local tools, or both

  • Path sandboxing: All local_* tools validate paths stay within SAFE_BASE

  • Async flow polling: Collection results auto-retry until the flow completes

  • Multi-source artifacts: Handles artifacts with multiple data sources automatically

  • Tool filtering: Disable individual tools via DISABLED_TOOLS env var

  • Read-only mode: Block write operations (artifact collection) with READ_ONLY=true


๐Ÿš€ Quick Start

Prerequisites

  • Docker & Docker Compose

  • Python 3.11+

  • Claude Desktop

1. Deploy Velociraptor (Docker)

cd docker/
docker compose up -d

# Wait ~30 seconds for initialization
docker logs velociraptor --tail 10
# Should see: "Starting gRPC API server" and "Frontend is ready"

Default GUI: https://localhost:9889 (admin/admin โ€” change this!)

2. Generate API Key

chmod +x generate-api-key.sh
./generate-api-key.sh

This creates api.config.yaml with the gRPC credentials and automatically fixes the connection string for host access.

3. Install the MCP Server

cd ../
python3.11 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"

4. Configure

cp .env.example .env
# Edit .env โ€” set your paths:
#   VELOCIRAPTOR_API_KEY=/path/to/api.config.yaml
#   SAFE_BASE=/home/youruser/evidence

5. Configure Claude Desktop

Add to ~/.config/Claude/claude_desktop_config.json (Linux) or ~/Library/Application Support/Claude/claude_desktop_config.json (macOS):

{
  "mcpServers": {
    "velociraptor-forensic": {
      "command": "/path/to/velociraptor-forensic-mcp/.venv/bin/python",
      "args": ["-m", "velociraptor_forensic_mcp"],
      "cwd": "/path/to/velociraptor-forensic-mcp",
      "env": {
        "VELOCIRAPTOR_API_KEY": "/path/to/api.config.yaml",
        "VELOCIRAPTOR_SSL_VERIFY": "false",
        "SAFE_BASE": "/home/youruser/evidence",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

6. Restart Claude Desktop

The tools will appear automatically. Start investigating.


๐Ÿ”‘ Environment Variables

Variable

Description

Default

Required

VELOCIRAPTOR_API_KEY

Path to api.config.yaml

โ€”

For remote tools

VELOCIRAPTOR_SSL_VERIFY

Verify gRPC TLS certs

true

VELOCIRAPTOR_TIMEOUT

gRPC timeout (seconds)

30

SAFE_BASE

Root directory for local forensic tools

โ€”

For local tools

MCP_SERVER_HOST

Bind host for SSE transport

127.0.0.1

MCP_SERVER_PORT

Bind port for SSE transport

8000

LOG_LEVEL

DEBUG/INFO/WARNING/ERROR

INFO

DISABLED_TOOLS

Comma-separated tool names to disable

โ€”

READ_ONLY

Block artifact collection

false


๐Ÿณ Docker Velociraptor Setup

The docker/ folder contains everything to run Velociraptor in Docker with ports mapped to avoid common conflicts:

Host Port

Service

Purpose

9000

Client frontend

Velociraptor agent check-in

9001

gRPC API

MCP server connects here

9889

Web GUI

Your browser

Enrolling a Test Client

To enroll the machine running Docker as a Velociraptor client:

cd docker/

# Copy client binary and config
docker cp velociraptor:/velociraptor/clients/linux/velociraptor_client_repacked ./velociraptor_client
chmod +x velociraptor_client

docker exec velociraptor cat client.config.yaml > client.config.yaml
sed -i 's|https://VelociraptorServer:8000/|https://localhost:9000/|' client.config.yaml

# Run the client (Ctrl+C to stop)
sudo ./velociraptor_client --config client.config.yaml client -v

๐Ÿ’ก Usage Examples

Full Endpoint Investigation

"Look up the endpoint pop-os, collect its user list, and check syslog for any suspicious entries"

Claude chains: vr_get_agent_info โ†’ vr_collect_artifact โ†’ vr_get_collection_results โ†’ local_scan_syslog

File Integrity Check

"Hash all files in /evidence/case-2024/ and check if any appear in the system logs"

Claude chains: local_hash_directory โ†’ local_correlate for each suspicious file

Custom VQL Investigation

"Run a VQL query to show me all listening network connections on client C.1393a876d1c48287"

Claude uses vr_collect_artifact with Linux.Network.Netstat or writes custom VQL via vr_run_vql

Quick Triage

"Scan syslog for 'authentication failure' and give me a summary"

Claude uses local_scan_syslog and synthesizes the results


๐Ÿ“ Project Structure

velociraptor-forensic-mcp/
โ”œโ”€โ”€ velociraptor_forensic_mcp/
โ”‚   โ”œโ”€โ”€ __init__.py            # Package metadata
โ”‚   โ”œโ”€โ”€ __main__.py            # CLI entry point
โ”‚   โ”œโ”€โ”€ config.py              # Dataclass configs (Velociraptor, Forensic, Server)
โ”‚   โ”œโ”€โ”€ exceptions.py          # Custom exception hierarchy
โ”‚   โ”œโ”€โ”€ vr_client.py           # Velociraptor gRPC client
โ”‚   โ”œโ”€โ”€ forensic_helpers.py    # Local forensic functions
โ”‚   โ””โ”€โ”€ server.py              # FastMCP server with all tools/prompts/resources
โ”œโ”€โ”€ docker/
โ”‚   โ”œโ”€โ”€ docker-compose.yaml    # Velociraptor Docker deployment
โ”‚   โ””โ”€โ”€ generate-api-key.sh    # API key generation script
โ”œโ”€โ”€ tests/
โ”‚   โ””โ”€โ”€ test_forensic.py       # Unit tests
โ”œโ”€โ”€ pyproject.toml             # Python packaging
โ”œโ”€โ”€ .env.example               # Configuration template
โ””โ”€โ”€ README.md

๐Ÿ”’ Security

  • API key protection: api.config.yaml contains a private key โ€” chmod 600 it

  • Path sandboxing: All local tools are restricted to the SAFE_BASE directory

  • Least privilege: Generate API keys with --role api,investigator not administrator

  • Tool filtering: Disable tools you don't need via DISABLED_TOOLS

  • Read-only mode: Set READ_ONLY=true to prevent artifact collection

  • Never commit api.config.yaml or .env to version control


๐Ÿงช Running Tests

source .venv/bin/activate
pytest -v

๐Ÿ—๏ธ Architecture

This server combines two open-source projects into a unified MCP interface:

Both toolkits activate independently based on which environment variables are set. You can run Velociraptor-only, local-only, or both together.


This tool is intended for authorized digital forensics and incident response only. Always ensure you have proper authorization before collecting artifacts from endpoints. Unauthorized access to computer systems is illegal.


๐Ÿค Contributing

Pull requests welcome. To add a new tool:

  1. Add the function in forensic_helpers.py (local) or vr_client.py (remote)

  2. Create a Pydantic input model in server.py

  3. Register the tool in _register_forensic_tools() or _register_velociraptor_tools()

  4. Add tests

  5. Submit a PR


๐Ÿ“ฌ Contact

White hat or no hat ๐ŸŽฉ


Built with Claude. Tested on live Velociraptor deployment. Stay legal.

A
license - permissive license
-
quality - not tested
D
maintenance

Maintenance

โ€“Maintainers
โ€“Response time
โ€“Release cycle
โ€“Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Hackerobi/velociraptor-forensic-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server