Loading...

MalwareBazaar MCP - MCP Server Space

MalwareBazaar MCP

MalwareBazaar MCP

by MalwareBazaar MCP mytechnotalent

Provides an AI-driven interface to Malware Bazaar, delivering real-time threat intelligence and sample metadata for authorized cybersecurity research workflows.

PythonApache License 2.0agenticagentic-aiagentic-workflowmalwaremalware-analysismalware-detectionmalware-researchmalware-samplesmcp-clientmcp-toolsreverse-engineering

16stars

Updated2 months ago

MalwareBazaar MCP Overview

What is MalwareBazaar MCP about?

MalwareBazaar MCP is an MCP server that automatically connects to the Malware Bazaar repository, fetches the latest malware samples, metadata, and tag information, and exposes these capabilities through MCP‑compatible tools for seamless integration into security pipelines.

How to use MalwareBazaar MCP?

Obtain an API key from https://auth.abuse.ch/user/me.
Create a .env file with MALWAREBAZAAR_API_KEY=<APIKEY>.
Set up a virtual environment using uv (or any Python venv) and install dependencies from requirements.txt.
Add a server entry to the MCP client configuration (see the README for Linux/macOS and Windows examples).
Start the server with uv run malwarebazaar_mcp.py.
Query the server from an MCP client, e.g., ask for the latest hash or sample details.

Key features of MalwareBazaar MCP

Real‑time retrieval of up to 10 most recent malware samples (get_recent).
Detailed metadata lookup for any sample hash (get_info).
Secure sample download directly from Malware Bazaar (get_file).
Tag‑based search to list all samples associated with a specific tag (get_taginfo).
AI‑driven workflow integration, enabling autonomous threat‑intel automation.
Cross‑platform installation scripts for macOS/Linux and Windows.
Comprehensive test suite with coverage reporting.

Use cases of MalwareBazaar MCP

Automated threat‑intel enrichment: feed latest sample data into SOC dashboards or SIEMs.
Malware research labs: programmatically gather specimens for reverse‑engineering and behavioral analysis.
Security automation pipelines: trigger alerts or sandbox analyses when new high‑risk samples appear.
Tag‑centric investigations: explore families or campaigns by querying specific tags.

FAQ from the MalwareBazaar MCP

Q: Do I need a paid Malware Bazaar account?
A: No, a free user API key is sufficient for the provided endpoints.

Q: Can I run the server on a headless Linux box?
A: Yes. Use the Linux/macOS installation steps and start the server with uv run malwarebazaar_mcp.py.

Q: What Python version is required?
A: The project follows the versions specified in requirements.txt; Python 3.9+ is recommended.

Q: How do I add the server to the MCP client?
A: Insert a JSON block under mcpServers in the client’s config file, pointing to the directory and script as shown in the README.

Q: Is there a way to test the implementation?
A: Run python -m unittest discover -s tests and optionally generate coverage reports with the provided commands.

MalwareBazaar MCP's README

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

MCP Tools

`get_recent`: Get up to 10 most recent samples from MalwareBazaar.

`get_info`: Get detailed metadata about a specific malware sample.

`get_file`: Download a malware sample from MalwareBazaar.

`get_taginfo`: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create `.env`

MALWAREBAZAAR_API_KEY=<APIKEY>

Step 3a: Create Virtual Env & Install Requirements - MAC/Linux

curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

Step 3b: Create Virtual Env & Install Requirements - Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt

Step 4a: Add Config to the MCP Client - MAC/Linux

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 4b: Add Config to the MCP Client - Windows

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 5: Run MCP Server

uv run malwarebazaar_mcp.py

Step 6: Run MCP Client & Query

Help me understnad the latest hash from Malware Bazaar.

Step 7: Run Tests

python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0

MalwareBazaar MCP Reviews

Share Your Experience

Login Required

Please log in to share your review and rating for this MCP.

Actions

MalwareBazaar MCP's Information

Author: mytechnotalent
Category: Security
Language: Python
License: Apache License 2.0
Stars: 16
Updated: 2 months ago

Similar MCP Servers like MalwareBazaar MCP

Explore related MCPs that share similar capabilities and solve comparable challenges

SafeLine

by chaitin

A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.

SafeDep Vet

by safedep

Provides enterprise‑grade open source software supply chain security by scanning source code, dependencies, containers and SBOMs, detecting vulnerabilities and malicious packages, and enforcing policy as code.

Semgrep MCP Server

by semgrep

Offers an MCP server that lets LLMs, agents, and IDEs run Semgrep scans to detect security vulnerabilities in source code.

Burp MCP Server

by PortSwigger

Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.

Cycode CLI

by cycodehq

Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.

Bugsy

by mobb-dev

Provides automatic security vulnerability remediation for code via a command‑line interface and an MCP server, leveraging findings from popular SAST tools such as Checkmarx, CodeQL, Fortify, and Snyk.

Keycloak MCP Server

by ChristophEnglisch

Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.

OpenCTI MCP Server

by Spathodea-Network

Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.

Authenticator App MCP Server

by firstorderai

Provides seamless access to two‑factor authentication codes and passwords for AI agents, enabling automated login while maintaining security.