MalwareAnalyzerMCP

MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis with support for common analysis tools like file, strings, hexdump, objdump, and xxd.

Category
Visit Server

Tools

shell_command

Execute a command in the terminal with timeout. Command will continue running in background if it doesn't complete within timeout.

hexdump

Display file contents in hexadecimal format Example usage: - Standard hexdump: { "target": "suspicious.exe" } - With length limit: { "target": "suspicious.exe", "length": 256 } - With offset: { "target": "suspicious.exe", "offset": 1024 }

xxd

Create a hexdump with ASCII representation Example usage: - Standard xxd dump: { "target": "suspicious.exe" } - With length limit: { "target": "suspicious.exe", "length": 256 } - With column formatting: { "target": "suspicious.exe", "cols": 16 } - Binary bits mode: { "target": "suspicious.exe", "bits": true }

read_output

Read output from a running or completed process.

file

Analyze a file and determine its type Example usage: - Basic file identification: { "target": "suspicious.exe" } - With options: { "target": "suspicious.exe", "options": "-b" }

strings

Extract printable strings from a file Example usage: - Basic strings extraction: { "target": "suspicious.exe" } - With minimum length: { "target": "suspicious.exe", "minLength": 10 } - With encoding: { "target": "suspicious.exe", "encoding": "l" }

objdump

Display information from object files Example usage: - Display file headers: { "target": "suspicious.o" } - Disassemble code: { "target": "suspicious.exe", "disassemble": true } - Show section headers: { "target": "suspicious.exe", "headers": true }

README

MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.

Features

  • Execute terminal commands with configurable timeouts
  • Read output from running or completed processes
  • Specialized malware analysis commands (file, strings, hexdump, objdump, xxd)
  • Clean process management with graceful shutdowns
  • Pure JavaScript implementation - no build step required

Installation

# Install dependencies
npm install

Usage

Running the Server

# Start the server directly
node index.js

# Or use npm script
npm start

# With debugging proxy (logs all communications)
npm run debug

Integration with Claude Desktop

To integrate this MCP server with Claude Desktop:

  1. Open Claude Desktop's settings (Claude menu → Settings)
  2. Click on "Developer" and then "Edit Config"
  3. Update your configuration to include:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/index.js"
      ]
    }
  }
}

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

  1. Restart Claude Desktop

Debugging

To see all communication between Claude Desktop and the MCP server:

  1. Update your Claude Desktop configuration to use the debug proxy:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js"
      ]
    }
  }
}
  1. Check the logs in the logs directory

Compatibility Notes

  • Requires Node.js 18 or higher
  • Compatible with Node.js v22+ using ESM modules

API

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

  • command (string): The command to execute in the terminal
  • timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

  • pid (number): Process ID
  • output (string): Command output
  • isBlocked (boolean): Whether the command execution is blocked/timed out

read_output

Reads output from a running or completed process.

Parameters:

  • pid (number): The process ID to read output from

Returns:

  • output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

The following specialized tools are available for malware analysis:

file

Analyze a file and determine its type.

Parameters:

  • target (string): Target file to analyze
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "options": "-b"
}

strings

Extract printable strings from a file.

Parameters:

  • target (string): Target file to analyze
  • minLength (number, optional): Minimum string length to display
  • encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "minLength": 10,
  "encoding": "l"
}

hexdump

Display file contents in hexadecimal format.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "length": 256,
  "offset": 1024
}

objdump

Display information from object files.

Parameters:

  • target (string): Target file to analyze
  • disassemble (boolean, optional): Disassemble executable sections
  • headers (boolean, optional): Display the contents of the section headers
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "disassemble": true
}

xxd

Create a hexdump with ASCII representation.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • cols (number, optional): Format output into specified number of columns
  • bits (boolean, optional): Switch to bits (binary) dump
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "cols": 16,
  "bits": true
}

License

ISC

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured