YaraFlux MCP Server
@ThreatFlux
关于 YaraFlux MCP Server
A yara based MCP Server
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"YaraFlux": {
"command": "docker",
"args": [
"pull",
"threatflux/yaraflux-mcp-server:latest"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is YaraFlux MCP Server?
YaraFlux MCP Server is a Model Context Protocol (MCP) server that gives AI assistants the ability to analyze files using YARA rules. It integrates YARA-based threat scanning with LLMs, supporting comprehensive rule management, secure scanning, and result analysis through a modular architecture.
How to use YaraFlux MCP Server?
Run it with Docker (docker pull threatflux/yaraflux-mcp-server:latest and docker run with the required JWT_SECRET_KEY, ADMIN_PASSWORD, and DEBUG environment variables) or install from source (requires Python 3.13+, then make install and make run). For Claude Desktop, add a docker entry to claude_desktop_config.json with the appropriate environment variables and auto-approved tools.
Key features of YaraFlux MCP Server
- 19 integrated MCP tools for scanning, rule management, and file handling
- YARA rule creation, validation, import, update, and deletion
- URL and file content scanning with detailed match information
- Secure file upload, storage, and analysis (hex view, string extraction)
- Storage backends: local filesystem and MinIO/S3
- JWT authentication and non-root container execution
Use cases of YaraFlux MCP Server
- AI-assisted malware analysis by scanning files with community YARA rules
- Threat intelligence automation: import and manage YARA rules from the ThreatFlux repository
- Incident response: upload suspicious files, scan them, and retrieve detailed results
- Rule lifecycle management: create, validate, update, and delete YARA rules through a chatbot interface
FAQ from YaraFlux MCP Server
What runtime dependencies does YaraFlux MCP Server require?
Python 3.13+ is required for source installation. Docker is used for containerized deployment. No other external services are strictly required, but MinIO/S3 can be used for remote storage.
How is data stored and secured?
By default, uploaded files and scan results are stored on the local filesystem. Optionally, MinIO/S3 storage can be configured. JWT authentication protects the API, and the container runs as a non-root user.
What transport and authentication does the server use?
The server uses the Model Context Protocol (MCP) for communication with AI assistants. API access is protected by JWT authentication, configured via the JWT_SECRET_KEY environment variable.
Can I import existing YARA rules from the ThreatFlux repository?
Yes, the import_threatflux_rules tool allows importing rules directly from the ThreatFlux GitHub repository, and rules can be categorized as custom or community.
How do I integrate YaraFlux MCP Server with Claude Desktop?
Add a docker command entry in Claude Desktop’s claude_desktop_config.json under mcpServers, setting the required environment variables. After restarting Claude Desktop, the MCP tools become available.
其他 分类下的更多 MCP 服务器

EverArt
modelcontextprotocolModel Context Protocol Servers
AutoBrowser MCP
autobrowser-aiBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
Awesome-MCP-ZH
yzflyMCP 资源精选, MCP指南,Claude MCP,MCP Servers, MCP Clients
Servers
modelcontextprotocolModel Context Protocol Servers
🪟 Windows-MCP
CursorTouchMCP Server for Computer Use in Windows
评论