VirusTotal MCP Server (https://mcp.so/server/virustotal-mcp/yassinech-99)
A Model Context Protocol (MCP) server that enables LLMs to interact with the VirusTotal API for malware analysis, URL scanning, and threat intelligence.
🚀 Features
- File Analysis: Upload files or retrieve reports via MD5, SHA-1, or SHA-256 hashes.
- URL & Domain Intelligence: Scan URLs and get reputation reports for domains.
- IP Reputation: Look up threat data associated with specific IP addresses.
- Threat Hunting: Perform advanced searches using VirusTotal query syntax.
- Community Interaction: Post comments on files, URLs, domains, or IPs.
📋 Prerequisites
- VirusTotal API Key: Obtain one from VirusTotal.
- Python 3.13+: Required as per
pyproject.toml. - uv: Recommended for fast dependency management.
🛠Installation
1. Clone & Setup
git clone https://github.com/your-username/virustotal-mcp.git
cd virustotal-mcp- Configure Environment
Create a .env file in the root directory: ``bash VIRUSTOTAL_API_KEY=your_api_key_here API_BASE_URL=https://www.virustotal.com/api/v3 REQUEST_TIMEOUT=30.0 ``
- Install Dependencies
uv pip install -e .🔌 Claude Desktop Configuration Add this to your claude_desktop_config.json:
{
"mcpServers": {
"virustotal": {
"command": "uv",
"args": [
"--directory",
"D:\\coolAI\\mcp-client",
"run",
"virustotal_mcp.py"
],
"env": {
"VIRUSTOTAL_API_KEY": "<api_key_here>",
"API_BASE_URL": "https://www.virustotal.com/api/v3",
"REQUEST_TIMEOUT": "30.0"
}
}
}
}🛠Available Tools
| Tool | Description | |------|-------------| | virustotal_scan_file | Upload a local file for analysis. | | virustotal_get_file_report | Get reports via hash. | | virustotal_scan_url / virustotal_get_url_report | Scan and analyze URLs. | | virustotal_get_domain_report | Domain-specific threat intel. | | virustotal_get_ip_report | IP address reputation. | | virustotal_search | Search VT intelligence. | | virustotal_post_comment | Add community notes to resources. |
