Virustotal Mcp
@yassinech-99
MCP server that enables LLMs to interact with the VirusTotal API for malware analysis, URL scanning, and threat intelligence.
Overview
What is Virustotal Mcp?
Virustotal Mcp is a Model Context Protocol (MCP) server that enables LLMs to interact with the VirusTotal API for malware analysis, URL scanning, and threat intelligence.
How to use Virustotal Mcp?
After cloning the repository, create a .env file with your VIRUSTOTAL_API_KEY and optionally API_BASE_URL and REQUEST_TIMEOUT. Install dependencies with uv pip install -e ., then configure the server in your MCP client (e.g., Claude Desktop) by adding the server entry pointing to virustotal_mcp.py. Use the provided tools like virustotal_scan_file, virustotal_scan_url, virustotal_get_domain_report, etc.
Key features of Virustotal Mcp
- File analysis via upload or hash reports.
- URL and domain intelligence scanning.
- IP reputation lookups.
- Threat hunting with advanced search.
- Community interaction via comments.
Use cases of Virustotal Mcp
- Analyze suspicious files using MD5, SHA-1, or SHA-256 hashes.
- Scan URLs and get reputation reports for domains.
- Look up threat data associated with IP addresses.
- Perform advanced threat hunting queries using VirusTotal syntax.
- Post comments on files, URLs, domains, or IPs for collaboration.
FAQ from Virustotal Mcp
What API key do I need?
A VirusTotal API key from virustotal.com.
What are the runtime requirements?
Python 3.13+ and uv for dependency management (recommended).
How do I configure environment variables?
Create a .env file with VIRUSTOTAL_API_KEY, API_BASE_URL, and REQUEST_TIMEOUT. Alternatively, set them in the MCP client configuration.
What tools does the server expose?
Tools include virustotal_scan_file, virustotal_get_file_report, virustotal_scan_url, virustotal_get_url_report, virustotal_get_domain_report, virustotal_get_ip_report, virustotal_search, and virustotal_post_comment.
Can I upload files for analysis?
Yes, use the virustotal_scan_file tool to upload a local file.