MCP-CyberAgent 🛡️
MCP-CyberAgent is an MCP-compliant AI security assistant that connects Claude Desktop (or any MCP client) with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell.
🔬 In this project, I’ve integrated automated hash extraction from running startup applications — enabling Claude to act like a personalized
AI-powered Malware Scanner.
It supports natural language interaction to:
- Scan for malware using VirusTotal
- Discover active network services
- Gather threat intelligence from Shodan
- Test network health and connectivity
All this runs locally in your environment — no cloud integration required. And it's completely free.
🎥 Demo
https://github.com/user-attachments/assets/469d2800-8c06-461f-8336-6a1751b851cc
⚙️ Tools & Prompts
🔬 VirusTotal Integration
Using PowerShell, MCP-CyberAgent extracts SHA256 hashes from startup applications and checks them against VirusTotal’s threat database.
🧠 Try asking Claude:
"Scan running processes with VirusTotal"
"Check for malware in startup applications"
🌐 Nmap Port Scanner
Scan open ports, services, and protocols on any IP using Claude.
🧠 Try:
"Check what ports are open on 127.0.0.1"
🌍 Shodan IP Intelligence
Get real-time internet-facing service information for any public IP address using Shodan.
🧠 Try:
"What does Shodan know about 1.1.1.1?"
🌐 Get Public IP
Query your external/public IP address.
🧠 Try:
"What is my IP?"
🏓 Ping Checker
Test latency and host reachability via ICMP.
🧠 Try:
"Ping 8.8.8.8"
"Check if google.com is online"
✅ Requirements
- Python 3.10+
- Windows PowerShell (for startup hash scanning)
- Claude Desktop or 5ire
- API Keys:
- VirusTotal
- Shodan (free key is enough)
Install dependencies:
pip install -r requirements.txt
## 🔧 Setup Guide
### 📁 Project Layout
MCP-CyberAgent/ ├── bridge_mcp_cyberagent.py ├── modules/ │ ├── virustotal_module.py │ ├── nmap_module.py │ ├── shodan_module.py │ └── sysinfo.ps1 ├── configs/ │ └── api_keys.env ├── README.md └── requirements.txt
### ✅ Installation
1. **Clone the repository:**
```bash
git clone https://github.com/JithukrishnanV/MCP-CyberAgent
cd MCP-CyberAgent
-
Create a virtual environment (optional but recommended):
python -m venv .venv .venv\\Scripts\\activate -
Install dependencies:
pip install -r requirements.txt -
Add your API keys in
configs/api_keys.env:VT_API_KEY=your_virustotal_api_key SHODAN_API_KEY=your_shodan_api_key -
Edit Claude Desktop config: Claude Desktop To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:
{ "mcpServers": { "cyberagent": { "command": "C:/Path/To/python.exe", "args": [ ""/ABSOLUTE_PATH_TO/bridge_mcp_cyberagent.py" ] } } } -
Launch Claude and select the MCP-CyberAgent from the MCP tab.
🔗 Resources
- 🧠 Claude MCP Docs
- 🔍 VirusTotal
- 🌐 Shodan
- 🛰️ Nmap
- 📚 Python SDK for MCP
- 🛠️ ping3
- 🌍 ipify - Get Public IP
Recommend MCP Servers 💡
linear-mcp
An MCP server for managing Linear issues, projects, and teams via Cline.
notte-mcp
A MCP server for Notte's agentic ecosystem, enabling session management, page interaction, and agent operations.
nacos-mcp-router
A MCP server that provides search, installation, proxy functionalities for other MCP servers with advanced search capabilities.
terraform-mcp-server
The Terraform MCP Server integrates with Terraform Registry APIs, providing advanced automation and interaction capabilities for Infrastructure as Code (IaC) development, enabling discovery and analysis of providers, modules, and policies.
canvas-lms-mcp
A minimal MCP server bridging AI systems with Canvas LMS for accessing education data such as courses, assignments, quizzes, and files.
mcp-recon
mcp-recon bridges the gap between natural language and HTTP infrastructure analysis. It exposes reconnaissance tools through the Model Context Protocol (MCP), allowing you to perform web domain reconnaissance via any compatible AI interface, such as Claude Desktop.