MalwareAnalyzerMCP
Execute terminal commands for malware analysis. Requires Node.js 18 or higher.
MalwareAnalyzerMCP
A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.
Features
- Execute terminal commands with configurable timeouts
- Read output from running or completed processes
- Specialized malware analysis commands (
file,strings,hexdump,objdump,xxd) - Clean process management with graceful shutdowns
- Pure JavaScript implementation - no build step required
Installation
Install dependencies
npm install
Usage
Running the Server
Start the server directly
node index.js
Or use npm script
npm start
With debugging proxy (logs all communications)
npm run debug
Integration with Claude Desktop
To integrate this MCP server with Claude Desktop:
- Open Claude Desktop's settings (Claude menu → Settings)
- Click on "Developer" and then "Edit Config"
- Update your configuration to include:
{ "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/index.js" ] } } }
Note: Replace
/path/to/MalwareAnalysisMCPwith the actual path to your project directory.
- Restart Claude Desktop
Debugging
To see all communication between Claude Desktop and the MCP server:
- Update your Claude Desktop configuration to use the debug proxy:
{ "mcpServers": { "MalwareAnalysisMCP": { "command": "node", "args": [ "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js" ] } } }
- Check the logs in the
logsdirectory
Compatibility Notes
- Requires Node.js 18 or higher
- Compatible with Node.js v22+ using ESM modules
API
Basic Tools
shell_command
Executes a terminal command and returns its process ID, output, and blocked status.
Parameters:
command(string): The command to execute in the terminaltimeout_ms(number, optional): Timeout in milliseconds (default: 30000)
Returns:
pid(number): Process IDoutput(string): Command outputisBlocked(boolean): Whether the command execution is blocked/timed out
read_output
Reads output from a running or completed process.
Parameters:
pid(number): The process ID to read output from
Returns:
output(string | null): The process output, or null if the process is not found
Specialized Malware Analysis Tools
The following specialized tools are available for malware analysis:
file
Analyze a file and determine its type.
Parameters:
target(string): Target file to analyzeoptions(string, optional): Additional command-line options
Example:
{ "target": "suspicious.exe", "options": "-b" }
strings
Extract printable strings from a file.
Parameters:
target(string): Target file to analyzeminLength(number, optional): Minimum string length to displayencoding(string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)options(string, optional): Additional command-line options
Example:
{ "target": "suspicious.exe", "minLength": 10, "encoding": "l" }
hexdump
Display file contents in hexadecimal format.
Parameters:
target(string): Target file to analyzelength(number, optional): Number of bytes to displayoffset(number, optional): Starting offset in the fileoptions(string, optional): Additional command-line options
Example:
{ "target": "suspicious.exe", "length": 256, "offset": 1024 }
objdump
Display information from object files.
Parameters:
target(string): Target file to analyzedisassemble(boolean, optional): Disassemble executable sectionsheaders(boolean, optional): Display the contents of the section headersoptions(string, optional): Additional command-line options
Example:
{ "target": "suspicious.exe", "disassemble": true }
xxd
Create a hexdump with ASCII representation.
Parameters:
target(string): Target file to analyzelength(number, optional): Number of bytes to displayoffset(number, optional): Starting offset in the filecols(number, optional): Format output into specified number of columnsbits(boolean, optional): Switch to bits (binary) dumpoptions(string, optional): Additional command-line options
Example:
{ "target": "suspicious.exe", "cols": 16, "bits": true }
License
ISC
Related Servers
DocsetMCP
A server for accessing Dash-style documentation sets locally. Requires a local Dash installation.
Semgrep
Enable AI agents to secure code with Semgrep.
Luskad MCP
Provides access to coding rules and examples for your projects.
MCP Ollama Agent
A TypeScript agent that integrates MCP servers with Ollama, allowing AI models to use various tools through a unified interface.
Interactive Feedback MCP
Provides interactive user feedback and command execution for AI-assisted development.
VSCode MCP
Enables AI agents and assistants to interact with Visual Studio Code through the Model Context Protocol.
Galley MCP Server
Integrates Galley's GraphQL API with MCP clients. It automatically introspects the GraphQL schema for seamless use with tools like Claude and VS Code.
Test Code Generator
Generates Vitest test code from JSON specifications using boundary value analysis and equivalence partitioning.
Blockchain MCP Server
A server for blockchain interactions, offering Ethereum vanity address generation, 4byte lookup, ABI encoding, and multi-chain RPC calls.
Glide API
Interact with the Glide API to build applications from data sources like Google Sheets.