YaraFlux

A yara based MCP Server
  • python

21

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "threatflux-yaraflux": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--env",
        "JWT_SECRET_KEY=your-secret-key",
        "--env",
        "ADMIN_PASSWORD=your-admin-password",
        "--env",
        "DEBUG=true",
        "--env",
        "PYTHONUNBUFFERED=1",
        "threatflux/yaraflux-mcp-server:latest"
      ],
      "env": {
        "DEBUG": "true",
        "ADMIN_PASSWORD": "your-admin-password",
        "JWT_SECRET_KEY": "your-secret-key",
        "PYTHONUNBUFFERED": "1"
      }
    }
  }
}

YaraFlux MCP Server provides a Model Context Protocol interface for YARA rule-based threat analysis. It enables AI assistants to securely scan files, manage YARA rules, and receive detailed results through an MCP-compatible API, making it easier to integrate YARA-powered security checks into conversational workflows.

How to use

You use the YaraFlux MCP Server by connecting an MCP client (such as Claude Desktop) to the server. The server exposes YARA scanning, rule management, file handling, and storage capabilities through a standardized MCP interface. You can perform file analyses from within conversations, run scans against specific rules, manage the rule set, and retrieve detailed results with metadata like matches, file hashes, and strings.

How to install

Prerequisites: you need Docker installed on your host system and Python for development if you choose to build from source.

# Pull the latest Docker image and run the MCP server
docker pull threatflux/yaraflux-mcp-server:latest
docker run -p 8000:8000 \
  -e JWT_SECRET_KEY=your-secret-key \
  -e ADMIN_PASSWORD=your-admin-password \
  -e DEBUG=true \
  threatflux/yaraflux-mcp-server:latest

# If you want to run from source, install dependencies and start the server
# (requires Python 3.13+)
make install
make run
"

Additional notes and setup details

Security features include JWT authentication for API access, non-root container execution, and configurable access controls. Adjust the JWT secret and admin password to protect your MCP server. Storage options support local filesystem storage or MinIO/S3-compatible solutions.

Available tools

list_yara_rules

List available YARA rules with optional filtering to narrow by source, category, or metadata.

get_yara_rule

Retrieve the content and metadata for a specific YARA rule.

validate_yara_rule

Validate syntax and semantics of a YARA rule with detailed error reporting.

add_yara_rule

Create a new YARA rule and persist it to storage.

update_yara_rule

Modify an existing YARA rule and save changes.

delete_yara_rule

Remove a YARA rule from storage.

import_threatflux_rules

Import YARA rules from ThreatFlux GitHub repository into the local rule set.

scan_url

Scan content from a URL using specified YARA rules and return matches.

scan_data

Scan provided data payload with chosen YARA rules and return results.

get_scan_result

Retrieve detailed results for a previously executed scan.

upload_file

Upload a file to the server for analysis or scanning.

get_file_info

Obtain metadata about an uploaded file such as size, hashes, and type.

list_files

List uploaded files with pagination and sorting options.

delete_file

Delete an uploaded file from storage.

extract_strings

Extract ASCII/Unicode strings from a file for analysis.

get_hex_view

Provide a hexadecimal view of file contents for inspection.

download_file

Download an uploaded file from storage.

get_storage_info

Report current storage usage statistics.

clean_storage

Remove old or unused files to free storage space.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational