MalwareBazaar MCP

Interface with Malware Bazaar to get real-time threat intelligence and sample metadata for cybersecurity research.

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

MCP Tools

`get_recent`: Get up to 10 most recent samples from MalwareBazaar.

`get_info`: Get detailed metadata about a specific malware sample.

`get_file`: Download a malware sample from MalwareBazaar.

`get_taginfo`: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create `.env`

MALWAREBAZAAR_API_KEY=<APIKEY>

Step 3a: Create Virtual Env & Install Requirements - MAC/Linux

curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

Step 3b: Create Virtual Env & Install Requirements - Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt

Step 4a: Add Config to the MCP Client - MAC/Linux

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 4b: Add Config to the MCP Client - Windows

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 5: Run MCP Server

uv run malwarebazaar_mcp.py

Step 6: Run MCP Client & Query

Help me understnad the latest hash from Malware Bazaar.

Step 7: Run Tests

python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0

Related Servers

A11y MCP Server

Perform accessibility audits on webpages using the axe-core engine to identify and help fix a11y issues.

SourceSync.ai

An MCP server for the SourceSync.ai API to manage and synchronize source code context.

Nuanced MCP Server

Provides call graph analysis for LLMs using the nuanced library.

Project Zomboid MCP Server

An AI-powered MCP server for Project Zomboid mod development, offering script validation, generation, and contextual assistance.

iOS Simulator MCP Server

A Model Context Protocol (MCP) server for interacting with iOS simulators. This server allows you to interact with iOS simulators by getting information about them, controlling UI interactions, and inspecting UI elements.

SwarmTask

An asynchronous task manager for parallel execution of shell commands with real-time progress monitoring.

Woodpecker MCP Server

A server for managing Woodpecker CI/CD pipelines, built with the MCP framework.

MCP Server for iOS Simulator

An MCP server that enables LLMs to interact with iOS simulators through natural language commands.

Apifox MCP Server

Provides API documentation from Apifox projects as a data source for AI programming tools that support MCP.

Cloudflare Remote MCP Server

An example of deploying a customizable, remote MCP server on Cloudflare Workers without authentication.