MCP-CyberAgent 🛡️
MCP-CyberAgent is an MCP-compliant AI security assistant that connects Claude Desktop (or any MCP client) with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell.
🔬 In this project, I’ve integrated automated hash extraction from running startup applications — enabling Claude to act like a personalized
AI-powered Malware Scanner.
It supports natural language interaction to:
- Scan for malware using VirusTotal
- Discover active network services
- Gather threat intelligence from Shodan
- Test network health and connectivity
All this runs locally in your environment — no cloud integration required. And it's completely free.
🎥 Demo
https://github.com/user-attachments/assets/469d2800-8c06-461f-8336-6a1751b851cc
⚙️ Tools & Prompts
🔬 VirusTotal Integration
Using PowerShell, MCP-CyberAgent extracts SHA256 hashes from startup applications and checks them against VirusTotal’s threat database.
🧠 Try asking Claude:
"Scan running processes with VirusTotal"
"Check for malware in startup applications"
🌐 Nmap Port Scanner
Scan open ports, services, and protocols on any IP using Claude.
🧠 Try:
"Check what ports are open on 127.0.0.1"
🌍 Shodan IP Intelligence
Get real-time internet-facing service information for any public IP address using Shodan.
🧠 Try:
"What does Shodan know about 1.1.1.1?"
🌐 Get Public IP
Query your external/public IP address.
🧠 Try:
"What is my IP?"
🏓 Ping Checker
Test latency and host reachability via ICMP.
🧠 Try:
"Ping 8.8.8.8"
"Check if google.com is online"
✅ Requirements
- Python 3.10+
- Windows PowerShell (for startup hash scanning)
- Claude Desktop or 5ire
- API Keys:
- VirusTotal
- Shodan (free key is enough)
Install dependencies:
pip install -r requirements.txt
## 🔧 Setup Guide
### 📁 Project Layout
MCP-CyberAgent/ ├── bridge_mcp_cyberagent.py ├── modules/ │ ├── virustotal_module.py │ ├── nmap_module.py │ ├── shodan_module.py │ └── sysinfo.ps1 ├── configs/ │ └── api_keys.env ├── README.md └── requirements.txt
### ✅ Installation
1. **Clone the repository:**
```bash
git clone https://github.com/JithukrishnanV/MCP-CyberAgent
cd MCP-CyberAgent
-
Create a virtual environment (optional but recommended):
python -m venv .venv .venv\\Scripts\\activate -
Install dependencies:
pip install -r requirements.txt -
Add your API keys in
configs/api_keys.env:VT_API_KEY=your_virustotal_api_key SHODAN_API_KEY=your_shodan_api_key -
Edit Claude Desktop config: Claude Desktop To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:
{ "mcpServers": { "cyberagent": { "command": "C:/Path/To/python.exe", "args": [ ""/ABSOLUTE_PATH_TO/bridge_mcp_cyberagent.py" ] } } } -
Launch Claude and select the MCP-CyberAgent from the MCP tab.
🔗 Resources
- 🧠 Claude MCP Docs
- 🔍 VirusTotal
- 🌐 Shodan
- 🛰️ Nmap
- 📚 Python SDK for MCP
- 🛠️ ping3
- 🌍 ipify - Get Public IP
Recommend MCP Servers 💡
@shiftengineering/mcp-close-server
Connects to Close.com API, allowing AI assistants to search and retrieve lead and contact information.
code-assistant
An LLM-powered, autonomous coding assistant. Also offers an MCP and ACP mode.
trello-mcp-server
A Model Context Protocol (MCP) server that connects Trello with MCP-compatible AI assistants.
mac-messages-mcp
An MCP server that securely interfaces with your iMessage database via the Model Context Protocol (MCP), allowing LLMs to query and analyze iMessage conversations. It includes robust phone number validation, attachment processing, contact management, group chat handling, and full support for sending and receiving messages.
quarkus-mcp-server
A Quarkus extension to easily implement MCP server features with SSE and STDIO transports
deep-search-mcp
A deep web search MCP server using LinkUp API.