Velociraptor MCP Server
Provides containerized deployment of the MCP server for network-based access, allowing server platforms to connect via Server-Sent Events (SSE) for Velociraptor integration.
Enables n8n workflow automation platform to programmatically interface with Velociraptor for digital forensics and incident response operations through network-based MCP server deployment.
Recommended as a reverse proxy for network deployments to enforce security measures like Mutual TLS (mTLS) and IP-allowlisting when exposing the Velociraptor MCP server over networks.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Velociraptor MCP Serverscan endpoint ABC123 for suspicious processes using YARA rules"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Velociraptor MCP - Streamable Variation
This variant is optimized for Streamable HTTP transport (FastMCP 2.3.0+), making it directly compatible with modern MCP proxies and Open WebUI.
Deployment Options
1. Full Stack (Server + Proxy)
This is the recommended way to integrate with Open WebUI. It launches the Velociraptor MCP bridge and a sidecar proxy (mcpo) that exposes the tools via OpenAPI on port 8000.
docker compose up -dBridge URL (MCP):
http://localhost:8088/mcpProxy URL (OpenAPI):
http://localhost:8000/
2. Core Server Only (Direct Streamable)
Use this if your client already supports Streamable HTTP or if you are using an external proxy.
docker compose up -d velociraptor-mcpBridge URL (MCP):
http://localhost:8088/mcp
3. Local Development (No Docker)
Install dependencies:
pip install -r requirements.txtConfigure
.envandapi_client.yaml.Run:
python mcp_velociraptor_bridge.py
Troubleshooting n8n Timeouts
If you receive "MCP error -32001: Request timed out" in n8n, it is because forensic collections (like pslist) take longer than n8n's 60-second response window.
Solution: Async Mode
Set VELOCIRAPTOR_ASYNC_COLLECTIONS=true in your docker-compose.yml or .env.
In this mode:
Tools return a
flow_idimmediately without waiting for the endpoint.You can then use the
get_collection_resultstool (providing theflow_id) in a separate n8n node after a few moments to fetch the data.
Configuration
Port: 8088 (Bridge) / 8000 (Proxy)
Transport: Defaults to
streamable-httpDangerous Tools: Set
ENABLE_DANGEROUS_TOOLS=truein.env.Async Collections: Set
VELOCIRAPTOR_ASYNC_COLLECTIONS=truefor n8n compatibility.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/snoe-findley/mcp-velociraptor'
If you have feedback or need assistance with the MCP directory API, please join our Discord server