Loading...

Malware Bazaar MCP - DXT Services

Malware Bazaar MCP

Malware Bazaar MCP

by Malware Bazaar MCP mytechnotalent

Provides real-time threat intelligence and detailed malware sample metadata from Malware Bazaar through an AI‑driven MCP server, enabling authorized cybersecurity research workflows.

PythonApache License 2.0agenticagentic-aiagentic-workflowmalwaremalware-analysismalware-detectionmalware-researchmalware-samplesmcp-clientmcp-toolsreverse-engineering

16stars

Updated2 months ago

Malware Bazaar MCP Overview

Malware Bazaar MCP

What is Malware Bazaar MCP about?

A server that autonomously communicates with the Malware Bazaar platform, fetching the latest samples, metadata, tags, and files. The service exposes MCP tools (get_recent, get_info, get_file, get_taginfo) that can be invoked by an MCP client to incorporate fresh threat intel into security pipelines.

How to use Malware Bazaar MCP?

Create an API key on Malware Bazaar (https://auth.abuse.ch/user/me).
Add the key to a .env file:
```
MALWAREBAZAAR_API_KEY=<YOUR_API_KEY>
```
Set up a virtual environment with uv (or any Python venv) and install the requirements.
Configure the MCP client with the server definition (see README for macOS/Linux and Windows examples).
Run the server:
```
uv run malwarebazaar_mcp.py
```
Query via the MCP client using natural‑language prompts, e.g., "Help me understand the latest hash from Malware Bazaar."
Run tests with python -m unittest discover -s tests and optional coverage commands.

Key features of Malware Bazaar MCP

AI‑driven orchestration: automatically decides which endpoint to call based on user intent.
Four core MCP tools:
- get_recent – retrieve up to 10 newest samples.
- get_info – obtain detailed metadata for a specific hash.
- get_file – download the actual malware sample.
- get_taginfo – list samples associated with a given tag.
Environment‑agnostic setup: works on macOS, Linux, and Windows.
Test suite with coverage reporting for confidence in stability.

Use cases of Malware Bazaar MCP

Automated threat‑intel enrichment in security orchestration platforms.
Continuous monitoring of newly released malware for SOC analysts.
Research workflows that need quick access to sample files and metadata.
Integration with sandboxing or reverse‑engineering pipelines to fetch samples on demand.

FAQ from the Malware Bazaar MCP

Q: Do I need a paid Malware Bazaar account?
A: No, a free user API key is sufficient for the provided endpoints.

Q: Can I request more than 10 recent samples?
A: The get_recent tool is limited to 10 by design; you can call it repeatedly or adjust the server code.

Q: Is the server safe to run on production environments?
A: Yes, but always store the API key securely and restrict access to authorized MCP clients.

Q: Which Python version is required?
A: The project targets Python 3.9+, and uv handles dependency resolution automatically.

Malware Bazaar MCP's README

MalwareBazaar_MCP

An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.

MCP Tools

`get_recent`: Get up to 10 most recent samples from MalwareBazaar.

`get_info`: Get detailed metadata about a specific malware sample.

`get_file`: Download a malware sample from MalwareBazaar.

`get_taginfo`: Get malware samples associated with a specific tag.

Step 1: Create a MalwareBazaar APIKEY

https://auth.abuse.ch/user/me

Step 2: Create `.env`

MALWAREBAZAAR_API_KEY=<APIKEY>

Step 3a: Create Virtual Env & Install Requirements - MAC/Linux

curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

Step 3b: Create Virtual Env & Install Requirements - Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt

Step 4a: Add Config to the MCP Client - MAC/Linux

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "/Users/XXX/.local/bin/uv",
            "args": [
                "--directory",
                "/Users/XXX/Documents/MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 4b: Add Config to the MCP Client - Windows

{
    "mcpServers": {
        "malwarebazaar": {
            "description": "Malware Bazaar MCP Server",
            "command": "uv",
            "args": [
                "--directory",
                "C:\Users\XXX\Document\MalwareBazaar_MCP",
                "run",
                "malwarebazaar_mcp.py"
            ]
        }
    }
}

Step 5: Run MCP Server

uv run malwarebazaar_mcp.py

Step 6: Run MCP Client & Query

Help me understnad the latest hash from Malware Bazaar.

Step 7: Run Tests

python -m unittest discover -s tests

uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html  # MAC
xdg-open htmlcov/index.html  # Linux
start htmlcov\index.html  # Windows
coverage erase

License

Apache License, Version 2.0

Malware Bazaar MCP Reviews

Share Your Experience

Login Required

Please log in to share your review and rating for this MCP.

Actions

Malware Bazaar MCP's Information

Author: mytechnotalent
Category: Identity & Security
Language: Python
License: Apache License 2.0
Stars: 16
Updated: 2 months ago

Related MCP Servers

Discover more MCP servers with similar functionality and use cases

SafeLine

by chaitin

Provides a self‑hosted web application firewall and reverse‑proxy that filters, monitors, and blocks malicious HTTP/S traffic, protecting web applications from attacks such as SQL injection, XSS, brute‑force, bot abuse, and various code injections.

Burp MCP Server

by PortSwigger

Integrates Burp Suite with AI clients via the Model Context Protocol, providing a built‑in SSE server and a packaged Stdio proxy for seamless AI‑driven interaction with Burp.

Cycode Cli

by cycodehq

Boost security in the development lifecycle via static application security testing, software composition analysis, secrets detection, and infrastructure‑as‑code scanning.

Auth0

by auth0

Auth0 MCP Server enables AI agents to manage Auth0 tenants using natural language, streamlining tasks like application and user management.

Keycloak MCP

by ChristophEnglisch

keycloak-model-context-protocol is an MCP server implementation for Keycloak user management, enabling AI-powered administration of Keycloak users and realms through the Model Context Protocol (MCP).

OpenCTI

by Spathodea-Network

OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with the OpenCTI (Open Cyber Threat Intelligence) platform, enabling querying and retrieving threat intelligence data through a standardized interface.

Okta

by kapilduraphe

This project provides an Okta MCP (Multi-Cloud Platform) server that enables Claude to interact with Okta's user management system, offering comprehensive user and group management capabilities along with onboarding automation.

Descope

by descope-sample-apps

descope-mcp-server-stdio is a Model Context Protocol (MCP) server that integrates Descope's Management APIs with applications like Claude Desktop. It enables users to manage user data and audit logs directly from their desktop environment.

Authenticator App · 2FA

by firstorderai

authenticator_mcp is a secure server that enables AI agents to retrieve 2FA codes and passwords from the Authenticator App. It automates login processes and enhances security by allowing AI assistants to handle credential retrieval.