icon for mcp server

Malware Analyzer

STDIO

Specialized MCP server executing terminal commands for malware analysis.

MalwareAnalyzerMCP

A specialized MCP server for Claude Desktop that allows executing terminal commands for malware analysis.

Features

  • Execute terminal commands with configurable timeouts
  • Read output from running or completed processes
  • Specialized malware analysis commands (file, strings, hexdump, objdump, xxd)
  • Clean process management with graceful shutdowns
  • Pure JavaScript implementation - no build step required

Installation

# Install dependencies
npm install

Usage

Running the Server

# Start the server directly
node index.js

# Or use npm script
npm start

# With debugging proxy (logs all communications)
npm run debug

Integration with Claude Desktop

To integrate this MCP server with Claude Desktop:

  1. Open Claude Desktop's settings (Claude menu → Settings)
  2. Click on "Developer" and then "Edit Config"
  3. Update your configuration to include:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/index.js"
      ]
    }
  }
}

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

  1. Restart Claude Desktop

Debugging

To see all communication between Claude Desktop and the MCP server:

  1. Update your Claude Desktop configuration to use the debug proxy:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js"
      ]
    }
  }
}
  1. Check the logs in the logs directory

Compatibility Notes

  • Requires Node.js 18 or higher
  • Compatible with Node.js v22+ using ESM modules

API

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

  • command (string): The command to execute in the terminal
  • timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

  • pid (number): Process ID
  • output (string): Command output
  • isBlocked (boolean): Whether the command execution is blocked/timed out

read_output

Reads output from a running or completed process.

Parameters:

  • pid (number): The process ID to read output from

Returns:

  • output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

The following specialized tools are available for malware analysis:

file

Analyze a file and determine its type.

Parameters:

  • target (string): Target file to analyze
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "options": "-b"
}

strings

Extract printable strings from a file.

Parameters:

  • target (string): Target file to analyze
  • minLength (number, optional): Minimum string length to display
  • encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "minLength": 10,
  "encoding": "l"
}

hexdump

Display file contents in hexadecimal format.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "length": 256,
  "offset": 1024
}

objdump

Display information from object files.

Parameters:

  • target (string): Target file to analyze
  • disassemble (boolean, optional): Disassemble executable sections
  • headers (boolean, optional): Display the contents of the section headers
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "disassemble": true
}

xxd

Create a hexdump with ASCII representation.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • cols (number, optional): Format output into specified number of columns
  • bits (boolean, optional): Switch to bits (binary) dump
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "cols": 16,
  "bits": true
}

License

ISC

Be the First to Experience MCP Now