MCP Container

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

GitHub

GitHub Stars

14

User Rating

Not Rated

Forks

5

Issues

0

Views

1

Favorites

0

README
MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.


MCP Tools
get_recent: Get up to 10 most recent samples from MalwareBazaar.
get_info: Get detailed metadata about a specific malware sample.
get_file: Download a malware sample from MalwareBazaar.
get_taginfo: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create .env
MALWAREBAZAAR_API_KEY=<APIKEY>
Step 3a: Create Virtual Env & Install Requirements - MAC/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt
Step 3b: Create Virtual Env & Install Requirements - Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt
Step 4a: Add Config to the MCP Client - MAC/Linux
{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}
Step 4b: Add Config to the MCP Client - Windows
{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}
Step 5: Run MCP Server
uv run malwarebazaar_mcp.py
Step 6: Run MCP Client & Query
Help me understnad the latest hash from Malware Bazaar.
Step 7: Run Tests
python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0

Author Information
Kevin Thomas
Kevin Thomas

Author of the world’s most popular Reverse Engineering Tutorial

Washington, D.C.
GitHub

1,359

Followers

121

Repositories

0

Gists

48

Total Contributions

Top Contributors

mytechnotalentmytechnotalent
48
Tags
APIFile SystemAutomationAI/LLMAuthenticationagenticagentic-aiagentic-workflowaimalware-detectionmalware-researchmcpmcp-clientmcp-servermcp-tools
Threads