Zeek-MCP
Integrates Zeek network analysis with conversational AI clients. Requires an external Zeek installation.
Zeek-MCP
This repository provides a set of utilities to build an MCP server (Model Context Protocol) that you can integrate with your conversational AI client.
Table of Contents
Prerequisites
- Python 3.7+
- Zeek installed and available in your
PATH(for theexeczeektool) - pip (for installing Python dependencies)
Installation
1. Clone the repository
git clone https://github.com/Gabbo01/Zeek-MCP
cd Zeek-MCP
2. Install dependencies
It's recommended to use a virtual environment:
python -m venv venv
source venv/bin/activate # Linux/macOS
venv\Scripts\activate # Windows
pip install -r requirements.txt
Note: If you don’t have a
requirements.txt, install directly:pip install pandas mcp
Usage
The repository exposes two main MCP tools and a command-line entry point:
3. Run the MCP server
python Bridge_Zeek_MCP.py --mcp-host 127.0.0.1 --mcp-port 8081 --transport sse
--mcp-host: Host for the MCP server (default:127.0.0.1).--mcp-port: Port for the MCP server (default:8081).--transport: Transport protocol, eithersse(Server-Sent Events) orstdio.
4. Use the MCP tools
You need to use an LLM that can support the MCP tools usage by calling the following tools:
-
execzeek(pcap_path: str) -> str- Description: Runs Zeek on the given PCAP file after deleting existing
.logfiles in the working directory. - Returns: A string listing generated
.logfilenames or"1"on error.
- Description: Runs Zeek on the given PCAP file after deleting existing
-
parselogs(logfile: str) -> DataFrame- Description: Parses a single Zeek
.logfile and returns the parsed content.
- Description: Parses a single Zeek
You can interact with these endpoints via HTTP (if using SSE transport) or by embedding in LLM client (eg: Claude Desktop):
Claude Desktop integration:
To set up Claude Desktop as a Zeek MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:
{
"mcpServers": {
"Zeek-mcp": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py",
]
}
}
}
Alternatively, edit this file directly:
/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json
5ire Integration:
Another MCP client that supports multiple models on the backend is 5ire. To set up Zeek-MCP, open 5ire and go to Tools -> New and set the following configurations:
- Tool Key: ZeekMCP
- Name: Zeek-MCP
- Command:
python /ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py
Alternatively you can use Chainlit framework and follow the documentation to integrate the MCP server.
Examples
An example of MCP tools usage from a chainlit chatbot client, it was used an example pcap file (you can find fews in pcaps folder)
In that case the used model was claude-3.7-sonnet-reasoning-gemma3-12b
License
See LICENSE for more information.
Related Servers
Assistant MCP Server
An MCP server that dynamically loads tools from an external JSON file configured via an environment variable.
Debugger MCP Server
A development tool for real-time debugging, code quality monitoring, and AI insights for React/Next.js applications.
Omilia MCP Tools
A set of tools for managing miniapps, orchestrator apps, and dialog logs on the Omilia Cloud Platform (OCP).
MCPHub
A hub server for managing and scaling multiple MCP servers via flexible Streamable HTTP (SSE) endpoints.
MCP Inspector
A developer tool for testing and debugging MCP servers with a web-based UI.
Lucide Icons
Provides access to the Lucide icon library for use in LLM and agentic applications.
Muster
A universal control plane for managing MCP servers and providing intelligent tool discovery for AI agents.
Keycloak MCP Server
An MCP server for Keycloak administration, offering over 30 tools to manage users, realms, clients, roles, and more from AI assistants.
Reports MCP Server
Manages penetration testing reports and vulnerabilities via a REST API.
my-mcp-server
A template for building Model Context Protocol (MCP) servers using the mcp-framework for Node.js.