- Home
- MCP servers
- MalwareBazaar
MalwareBazaar
- python
22
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"mytechnotalent-malwarebazaar_mcp": {
"command": "uv",
"args": [
"--directory",
"/Users/XXX/Documents/MalwareBazaar_MCP",
"run",
"malwarebazaar_mcp.py"
],
"env": {
"MALWAREBAZAAR_API_KEY": "<APIKEY>"
}
}
}
}You set up the MalwareBazaar MCP Server to autonomously fetch threat intel and sample metadata from Malware Bazaar, exposing a programmable interface you can query from your security workflow. The server runs locally and integrates with an MCP client to deliver actionable malware data for authorized research processes.
How to use
Run the MCP server locally and connect it with your MCP client. The server exposes functions to fetch recent samples, retrieve detailed sample metadata, download samples, and query samples by tag. Use these capabilities to automate threat intel enrichment, sample investigation, and metadata collection as part of your research workflows.
How to install
Prerequisites: a Python environment and the MCP tooling that executes Python-based MCP servers via UV. You will also need a Malware Bazaar API key to access protected endpoints.
# Step 1: Create MalwareBazaar API key from Malware Bazaar.
# Step 2: Create .env file with your API key.
MALWAREBAZAAR_API_KEY=<APIKEY>
# Step 3a: MAC/Linux install and setup
curl -LsSf https://astral.sh/uv/install.sh | sh
cd MalwareBazaar_MCP
uv init .
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt
# Step 3b: Windows install and setup
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
cd MalwareBazaar_MCP
uv init .
uv venv
.venv\Scripts\activate
uv pip install -r requirements.txt
# Step 4a: Add Config to the MCP Client - MAC/Linux
{
"mcpServers": {
"malwarebazaar": {
"description": "Malware Bazaar MCP Server",
"command": "/Users/XXX/.local/bin/uv",
"args": [
"--directory",
"/Users/XXX/Documents/MalwareBazaar_MCP",
"run",
"malwarebazaar_mcp.py"
]
}
}
}
# Step 4b: Add Config to the MCP Client - Windows
{
"mcpServers": {
"malwarebazaar": {
"description": "Malware Bazaar MCP Server",
"command": "uv",
"args": [
"--directory",
"C:\\Users\\XXX\\Document\\MalwareBazaar_MCP",
"run",
"malwarebazaar_mcp.py"
]
}
}
}
# Step 5: Run MCP Server
uv run malwarebazaar_mcp.py
# Step 6: Run MCP Client & Query
Help me understnad the latest hash from Malware Bazaar.
# Step 7: Run Tests
python -m unittest discover -s tests
uv pip install coverage==7.8.0
coverage run --branch -m unittest discover -s tests
coverage report -m
coverage html
open htmlcov/index.html # MAC
xdg-open htmlcov/index.html # Linux
start htmlcov\index.html # Windows
coverage erase
Additional notes and security
The API key must be kept secure and not exposed in client-side code. Store it in the .env file and ensure the runtime environment restricts access to authorized personnel and processes.
If you encounter connectivity issues, verify that the API key is valid, the venv is activated, and the MCP client configuration points to the correct directory and script. For troubleshooting, re-check the installed dependencies and the Python version compatibility with the required packages.
Available tools
get_recent
Fetch up to 10 of the most recent Malware Bazaar samples for quick threat intel pull.
get_info
Retrieve detailed metadata about a specific malware sample.
get_file
Download a malware sample file from Malware Bazaar.
get_taginfo
Retrieve samples associated with a specific tag for targeted investigations.