Cyberbro MCP Server

Extract IoCs from messy text and analyze them with Cyberbro.
🌐 demo.cyberbro.net

Model Context Protocol server for Cyberbro.

This project is packaged as a standard Python distribution and can be launched with:

• uvx mcp-cyberbro
• pip install mcp-cyberbro then mcp-cyberbro

Why this server

• Analyze observables (IP, domain, URL, hash, etc.) via Cyberbro engines.
• Integrate threat-analysis actions directly in MCP-capable assistants.
• Run with stdio, sse, or streamable-http transports.
• Compatible with any MCP client that supports one of these transports.

Installation

Use with uvx (standalone)

uvx mcp-cyberbro --cyberbro_url http://localhost:5000

Use with pip

pip install mcp-cyberbro
mcp-cyberbro --cyberbro_url http://localhost:5000

Local development

pip install -e .
mcp-cyberbro --cyberbro_url http://localhost:5000

Docker

Default container command starts in streamable-http mode on port 8000.

docker run --rm -p 8000:8000 \
  -e CYBERBRO_URL=http://host.docker.internal:5000 \
  ghcr.io/stanfrbd/mcp-cyberbro:latest

To force stdio transport:

docker run -i --rm \
  -e CYBERBRO_URL=http://host.docker.internal:5000 \
  ghcr.io/stanfrbd/mcp-cyberbro:latest \
  --transport stdio

Configuration

Copy .env.example and set at least:

• CYBERBRO_URL (required)

Supported environment variables:

• CYBERBRO_URL
• API_PREFIX (default: api)
• SSL_VERIFY (true/false)
• MCP_TRANSPORT (stdio, sse, streamable-http)
• MCP_HOST
• MCP_PORT
• MCP_MOUNT_PATH
• MCP_SSE_PATH
• MCP_STREAMABLE_HTTP_PATH

CLI flags are also available and override env values.

MCP Client Integration

You can use this server with Claude Desktop, Claude Code, Cursor, OpenAI-compatible MCP clients, or any other MCP client.

Example config using uvx:

{
  "mcpServers": {
    "cyberbro": {
      "command": "uvx",
      "args": ["mcp-cyberbro"],
      "env": {
        "CYBERBRO_URL": "http://localhost:5000"
      }
    }
  }
}

Example with Docker + stdio:

{
  "mcpServers": {
    "cyberbro": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "CYBERBRO_URL",
        "ghcr.io/stanfrbd/mcp-cyberbro:latest",
        "--transport",
        "stdio"
      ],
      "env": {
        "CYBERBRO_URL": "http://localhost:5000"
      }
    }
  }
}

Usage in VSCode - Example

Create .vscode/mcp.json

{
	"servers": {
		"mcp-cyberbro": {
			"type": "stdio",
			"command": "uvx",
			"args": [
				"mcp-cyberbro"
			],
			"env": {
				"CYBERBRO_URL": "http://127.0.0.1:5000"
			}
		}
	}
}

MCP Registry Metadata

server.json is included for MCP Registry publication and points to PyPI package mcp-cyberbro.

Release Pipelines

Release-created workflows:

• .github/workflows/publish-test-pypi.yml
• .github/workflows/publish-pypi.yml
• .github/workflows/publish-mcp-plugin.yml

Available Tools

• analyze_observable
• is_analysis_complete
• get_analysis_results
• get_engines
• get_web_url

Example Prompts

Here are practical prompt examples you can use with any MCP-capable assistant connected to Cyberbro.

Getting Indicator Details

• Cyberbro: Check indicators for target.com
• Can you check this IP reputation with Cyberbro? 192.168.1.1. Use github, google and virustotal engines.
• I want to analyze the domain example.com. What can Cyberbro tell me about it? Use max 3 engines.
• Analyze these observables with Cyberbro: suspicious-domain.com, 8.8.8.8, and 44d88612fea8a8f36de82e1278abb02f. Use all available engines.

Observable Analysis

• I found this (hash|domain|url|ip|extension). Can you submit it for analysis to Cyberbro and analyze the results?

OSINT Investigation

• Create an OSINT report for the domain example.com using Cyberbro. Use all available engines and pivot on the results for more information. Use a maximum of 10 analysis requests.

Acknowledgements

• Model Context Protocol
• MCP Python SDK
• Cyberbro

License

MIT