Velociraptor Forensic MCP Server

Velociraptor Forensic MCP Server

This MCP server connects Claude Desktop to a Velociraptor instance and local forensic tools. It enables remote endpoint investigation and local evidence analysis through natural language commands.

Category
Visit Server

README

๐Ÿฆ– Velociraptor Forensic MCP Server

Turn Claude Desktop into a DFIR workstation.

A unified Model Context Protocol (MCP) server that connects Claude Desktop to your Velociraptor instance AND local forensic tools. Remote endpoint investigation + local evidence analysis in one server. Docker deployment for Velociraptor included.

Python Docker Velociraptor Tools License

What This Does

Instead of switching between the Velociraptor GUI, terminal VQL sessions, and forensic scripts, you talk to Claude and it runs them for you. Ask Claude to:

  • "Look up workstation-01 and tell me when it was last seen" โ†’ Queries Velociraptor for client info
  • "Collect the user list from that endpoint" โ†’ Starts a Linux.Sys.Users artifact collection and retrieves results
  • "Hash all files in /evidence/malware-samples/" โ†’ Recursively SHA-256 hashes a local directory
  • "Check syslog for any mentions of that binary" โ†’ Scans system logs with keyword search
  • "Cross-reference the file metadata with log entries" โ†’ Correlates timestamps, hashes, and log hits into a forensic report
  • "Run a VQL query to show all running processes on the endpoint" โ†’ Executes custom VQL directly

All results come back in the chat. No copy-pasting. No tab switching. Full forensic chain from endpoint to evidence.

๐Ÿ› ๏ธ Integrated Tools (12)

Remote โ€” Velociraptor (vr_*)

Tool Description
vr_authenticate Test gRPC connection to Velociraptor
vr_get_agent_info Look up a client by hostname โ†’ client_id, OS, agent version, last seen
vr_run_vql Execute arbitrary VQL queries on the server
vr_list_artifacts List all available client artifacts with descriptions
vr_artifact_details Get full specs for a specific artifact
vr_collect_artifact Start artifact collection on a remote endpoint (returns flow_id)
vr_get_collection_results Poll and retrieve completed collection results (with retry logic)

Local Forensic (local_*)

Tool Description
local_file_metadata SHA-256, size, timestamps for a file (sandboxed to SAFE_BASE)
local_hash_directory Recursively hash every file in a directory
local_scan_syslog Search Linux syslog or macOS unified log by keyword
local_correlate Cross-reference file metadata with log entries
local_forensic_report Generate structured forensic report combining file + log data

Key Features

  • Dual-mode: Either toolkit works independently โ€” deploy with just Velociraptor, just local tools, or both
  • Path sandboxing: All local_* tools validate paths stay within SAFE_BASE
  • Async flow polling: Collection results auto-retry until the flow completes
  • Multi-source artifacts: Handles artifacts with multiple data sources automatically
  • Tool filtering: Disable individual tools via DISABLED_TOOLS env var
  • Read-only mode: Block write operations (artifact collection) with READ_ONLY=true

๐Ÿš€ Quick Start

Prerequisites

  • Docker & Docker Compose
  • Python 3.11+
  • Claude Desktop

1. Deploy Velociraptor (Docker)

cd docker/
docker compose up -d

# Wait ~30 seconds for initialization
docker logs velociraptor --tail 10
# Should see: "Starting gRPC API server" and "Frontend is ready"

Default GUI: https://localhost:9889 (admin/admin โ€” change this!)

2. Generate API Key

chmod +x generate-api-key.sh
./generate-api-key.sh

This creates api.config.yaml with the gRPC credentials and automatically fixes the connection string for host access.

3. Install the MCP Server

cd ../
python3.11 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"

4. Configure

cp .env.example .env
# Edit .env โ€” set your paths:
#   VELOCIRAPTOR_API_KEY=/path/to/api.config.yaml
#   SAFE_BASE=/home/youruser/evidence

5. Configure Claude Desktop

Add to ~/.config/Claude/claude_desktop_config.json (Linux) or ~/Library/Application Support/Claude/claude_desktop_config.json (macOS):

{
  "mcpServers": {
    "velociraptor-forensic": {
      "command": "/path/to/velociraptor-forensic-mcp/.venv/bin/python",
      "args": ["-m", "velociraptor_forensic_mcp"],
      "cwd": "/path/to/velociraptor-forensic-mcp",
      "env": {
        "VELOCIRAPTOR_API_KEY": "/path/to/api.config.yaml",
        "VELOCIRAPTOR_SSL_VERIFY": "false",
        "SAFE_BASE": "/home/youruser/evidence",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

6. Restart Claude Desktop

The tools will appear automatically. Start investigating.

๐Ÿ”‘ Environment Variables

Variable Description Default Required
VELOCIRAPTOR_API_KEY Path to api.config.yaml โ€” For remote tools
VELOCIRAPTOR_SSL_VERIFY Verify gRPC TLS certs true
VELOCIRAPTOR_TIMEOUT gRPC timeout (seconds) 30
SAFE_BASE Root directory for local forensic tools โ€” For local tools
MCP_SERVER_HOST Bind host for SSE transport 127.0.0.1
MCP_SERVER_PORT Bind port for SSE transport 8000
LOG_LEVEL DEBUG/INFO/WARNING/ERROR INFO
DISABLED_TOOLS Comma-separated tool names to disable โ€”
READ_ONLY Block artifact collection false

๐Ÿณ Docker Velociraptor Setup

The docker/ folder contains everything to run Velociraptor in Docker with ports mapped to avoid common conflicts:

Host Port Service Purpose
9000 Client frontend Velociraptor agent check-in
9001 gRPC API MCP server connects here
9889 Web GUI Your browser

Enrolling a Test Client

To enroll the machine running Docker as a Velociraptor client:

cd docker/

# Copy client binary and config
docker cp velociraptor:/velociraptor/clients/linux/velociraptor_client_repacked ./velociraptor_client
chmod +x velociraptor_client

docker exec velociraptor cat client.config.yaml > client.config.yaml
sed -i 's|https://VelociraptorServer:8000/|https://localhost:9000/|' client.config.yaml

# Run the client (Ctrl+C to stop)
sudo ./velociraptor_client --config client.config.yaml client -v

๐Ÿ’ก Usage Examples

Full Endpoint Investigation

"Look up the endpoint pop-os, collect its user list, and check syslog for any suspicious entries"

Claude chains: vr_get_agent_info โ†’ vr_collect_artifact โ†’ vr_get_collection_results โ†’ local_scan_syslog

File Integrity Check

"Hash all files in /evidence/case-2024/ and check if any appear in the system logs"

Claude chains: local_hash_directory โ†’ local_correlate for each suspicious file

Custom VQL Investigation

"Run a VQL query to show me all listening network connections on client C.1393a876d1c48287"

Claude uses vr_collect_artifact with Linux.Network.Netstat or writes custom VQL via vr_run_vql

Quick Triage

"Scan syslog for 'authentication failure' and give me a summary"

Claude uses local_scan_syslog and synthesizes the results

๐Ÿ“ Project Structure

velociraptor-forensic-mcp/
โ”œโ”€โ”€ velociraptor_forensic_mcp/
โ”‚   โ”œโ”€โ”€ __init__.py            # Package metadata
โ”‚   โ”œโ”€โ”€ __main__.py            # CLI entry point
โ”‚   โ”œโ”€โ”€ config.py              # Dataclass configs (Velociraptor, Forensic, Server)
โ”‚   โ”œโ”€โ”€ exceptions.py          # Custom exception hierarchy
โ”‚   โ”œโ”€โ”€ vr_client.py           # Velociraptor gRPC client
โ”‚   โ”œโ”€โ”€ forensic_helpers.py    # Local forensic functions
โ”‚   โ””โ”€โ”€ server.py              # FastMCP server with all tools/prompts/resources
โ”œโ”€โ”€ docker/
โ”‚   โ”œโ”€โ”€ docker-compose.yaml    # Velociraptor Docker deployment
โ”‚   โ””โ”€โ”€ generate-api-key.sh    # API key generation script
โ”œโ”€โ”€ tests/
โ”‚   โ””โ”€โ”€ test_forensic.py       # Unit tests
โ”œโ”€โ”€ pyproject.toml             # Python packaging
โ”œโ”€โ”€ .env.example               # Configuration template
โ””โ”€โ”€ README.md

๐Ÿ”’ Security

  • API key protection: api.config.yaml contains a private key โ€” chmod 600 it
  • Path sandboxing: All local tools are restricted to the SAFE_BASE directory
  • Least privilege: Generate API keys with --role api,investigator not administrator
  • Tool filtering: Disable tools you don't need via DISABLED_TOOLS
  • Read-only mode: Set READ_ONLY=true to prevent artifact collection
  • Never commit api.config.yaml or .env to version control

๐Ÿงช Running Tests

source .venv/bin/activate
pytest -v

๐Ÿ—๏ธ Architecture

This server combines two open-source projects into a unified MCP interface:

Both toolkits activate independently based on which environment variables are set. You can run Velociraptor-only, local-only, or both together.

โš ๏ธ Legal Disclaimer

This tool is intended for authorized digital forensics and incident response only. Always ensure you have proper authorization before collecting artifacts from endpoints. Unauthorized access to computer systems is illegal.

๐Ÿค Contributing

Pull requests welcome. To add a new tool:

  1. Add the function in forensic_helpers.py (local) or vr_client.py (remote)
  2. Create a Pydantic input model in server.py
  3. Register the tool in _register_forensic_tools() or _register_velociraptor_tools()
  4. Add tests
  5. Submit a PR

๐Ÿ“ฌ Contact

White hat or no hat ๐ŸŽฉ

Built with Claude. Tested on live Velociraptor deployment. Stay legal.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured