- Home
- MCP servers
- YaraFlux
YaraFlux
- python
21
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"threatflux-yaraflux": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--env",
"JWT_SECRET_KEY=your-secret-key",
"--env",
"ADMIN_PASSWORD=your-admin-password",
"--env",
"DEBUG=true",
"--env",
"PYTHONUNBUFFERED=1",
"threatflux/yaraflux-mcp-server:latest"
],
"env": {
"DEBUG": "true",
"ADMIN_PASSWORD": "your-admin-password",
"JWT_SECRET_KEY": "your-secret-key",
"PYTHONUNBUFFERED": "1"
}
}
}
}YaraFlux MCP Server provides a Model Context Protocol interface for YARA rule-based threat analysis. It enables AI assistants to securely scan files, manage YARA rules, and receive detailed results through an MCP-compatible API, making it easier to integrate YARA-powered security checks into conversational workflows.
How to use
You use the YaraFlux MCP Server by connecting an MCP client (such as Claude Desktop) to the server. The server exposes YARA scanning, rule management, file handling, and storage capabilities through a standardized MCP interface. You can perform file analyses from within conversations, run scans against specific rules, manage the rule set, and retrieve detailed results with metadata like matches, file hashes, and strings.
How to install
Prerequisites: you need Docker installed on your host system and Python for development if you choose to build from source.
# Pull the latest Docker image and run the MCP server
docker pull threatflux/yaraflux-mcp-server:latest
docker run -p 8000:8000 \
-e JWT_SECRET_KEY=your-secret-key \
-e ADMIN_PASSWORD=your-admin-password \
-e DEBUG=true \
threatflux/yaraflux-mcp-server:latest
# If you want to run from source, install dependencies and start the server
# (requires Python 3.13+)
make install
make run
"
Additional notes and setup details
Security features include JWT authentication for API access, non-root container execution, and configurable access controls. Adjust the JWT secret and admin password to protect your MCP server. Storage options support local filesystem storage or MinIO/S3-compatible solutions.
Available tools
list_yara_rules
List available YARA rules with optional filtering to narrow by source, category, or metadata.
get_yara_rule
Retrieve the content and metadata for a specific YARA rule.
validate_yara_rule
Validate syntax and semantics of a YARA rule with detailed error reporting.
add_yara_rule
Create a new YARA rule and persist it to storage.
update_yara_rule
Modify an existing YARA rule and save changes.
delete_yara_rule
Remove a YARA rule from storage.
import_threatflux_rules
Import YARA rules from ThreatFlux GitHub repository into the local rule set.
scan_url
Scan content from a URL using specified YARA rules and return matches.
scan_data
Scan provided data payload with chosen YARA rules and return results.
get_scan_result
Retrieve detailed results for a previously executed scan.
upload_file
Upload a file to the server for analysis or scanning.
get_file_info
Obtain metadata about an uploaded file such as size, hashes, and type.
list_files
List uploaded files with pagination and sorting options.
delete_file
Delete an uploaded file from storage.
extract_strings
Extract ASCII/Unicode strings from a file for analysis.
get_hex_view
Provide a hexadecimal view of file contents for inspection.
download_file
Download an uploaded file from storage.
get_storage_info
Report current storage usage statistics.
clean_storage
Remove old or unused files to free storage space.