Best VirusTotal MCP Servers

VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. It aggregates many antivirus products and online scan engines to check for threats that the user's own antivirus may have missed.

View all VirusTotal MCP Servers

Why this server?
Allows querying the VirusTotal API for comprehensive security analysis reports including URL analysis, file analysis, IP analysis, domain analysis, and relationship tools.
VirusTotal MCP Server
Security Monitoring Web Scraping
BurtTheCoder
A
security
A
license
A
quality
A MCP server for querying the VirusTotal API. This server provides tools for scanning URLs, analyzing file hashes, and retrieving IP address reports.
Last updated a year ago
234
105
MIT
Why this server?
Allows for the submission of observables like IPs and hashes to VirusTotal through Cortex's analysis pipeline for security enrichment.
cortex-mcp
Security Autonomous Agents Monitoring
solomonneas
A
security
F
license
A
quality
An MCP server for the Cortex observable analysis and active response engine. It enables LLMs to automate security investigations by running analyzers on observables like IPs and URLs and executing automated response actions.
Last updated 2 days ago
12
Why this server?
Performs enrichment lookups for IP addresses, domains, and URLs to obtain threat intelligence data from VirusTotal
Enrichment MCP Server
Security RAG Systems Vector Databases
MSAdministrator
A
security
F
license
A
quality
A Model Context Protocol server that enables users to perform third-party enrichment lookups for security observables (IP addresses, domains, URLs, emails) through services like VirusTotal, Shodan, and others.
Last updated 9 months ago
1
3
Why this server?
Enables checking file hash (MD5/SHA1/SHA256) and IP reputation with detection ratios and vendor verdicts from VirusTotal's threat intelligence database.
Threat Intelligence MCP Server
Security Monitoring Observability
marc-shade
A
security
F
license
A
quality
Aggregates real-time threat intelligence from multiple sources including Feodo Tracker, URLhaus, CISA KEV, and ThreatFox, with IP/hash reputation checking via VirusTotal, AbuseIPDB, and Shodan for comprehensive security monitoring.
Last updated a month ago
11
Why this server?
Scans URLs for malicious content using the VirusTotal service through the Cortex analyzer, providing threat intelligence on potential security risks.
Cortex MCP Server
Security Autonomous Agents Remote
gbrigandi
-
security
A
license
-
quality
Cortex MCP Server
Last updated 2 months ago
13
MIT
Why this server?
Aggregates IP, domain, hash, and URL analysis data from VirusTotal v3 API, providing comprehensive malware analysis and reputation scoring.
Cyber Sentinel MCP Server
jx888-max
-
security
A
license
-
quality
A threat intelligence aggregation server that provides unified access to multiple security sources for analyzing indicators (IPs, domains, hashes, URLs) with confidence scoring.
Last updated 7 months ago
6
MIT
Why this server?
Provides comprehensive security analysis tools for querying the VirusTotal API, including URL analysis, file analysis, IP analysis, domain analysis, relationship analysis, and advanced search capabilities across the VirusTotal dataset.
VirusTotal MCP Server
Security Monitoring Autonomous Agents
emeryray2002
-
security
A
license
-
quality
Provides comprehensive security analysis tools for querying the VirusTotal API, enabling detailed security reports on URLs, files, IP addresses, and domains with automatic relationship data fetching.
Last updated 10 months ago
3
Apache 2.0
Why this server?
Integrates with VirusTotal's threat intelligence database to scan extracted Indicators of Compromise (IoCs) from email headers and content, providing detection ratios and threat classifications for domains, IPs, and file hashes.
HeaderHawk
Security Hybrid
nervpeng
-
security
A
license
-
quality
An advanced email security analysis MCP server for real-time phishing detection, comprehensive header analysis, and threat intelligence integration. It enables users to extract indicators of compromise and validate email authentication protocols like DKIM, SPF, and DMARC.
Last updated 20 days ago
MIT
Why this server?
Incorporates VirusTotal's threat intelligence for malware detection and security analysis of network traffic
Wireshark MCP Server
Security Monitoring Hybrid
PreistlyPython
-
security
-
license
-
quality
Enterprise network analysis platform that enables AI-powered packet analysis, threat detection, and network security capabilities through Claude Desktop integration.
Last updated 6 months ago
1