VirusTotal
VirusTotal MCP Server A Model Context Protocol (MCP) server for comprehensive security analysis using the VirusTotal API. Built with FastMCP and Python, this server provides AI assistants like Claude with powerful malware detection and threat intelligence capabilities.
Overview This MCP server integrates VirusTotal's extensive security database, allowing AI assistants to perform comprehensive security analysis on URLs, files, IP addresses, and domains. The server automatically fetches relationship data to provide complete security context in a single request.
Features Comprehensive Security Analysis: Complete threat analysis with automatic relationship fetching URL Analysis: Security reports with contacted domains, downloaded files, and threat actors File Analysis: Detailed file hash analysis including behaviors, dropped files, and network connections IP Analysis: Geolocation, reputation data, and historical information Domain Analysis: DNS records, WHOIS data, SSL certificates, and subdomains Detailed Relationship Queries: Paginated access to specific relationship types for deep investigation Rate Limit Aware: Respects VirusTotal API limitations Multiple Transport Support: SSE and STDIO transports for different integration needs
Server Config
{
"mcpServers": {
"virustotal": {
"command": "uv",
"args": [
"--directory",
"/absolute/path/to/virustotal-mcp-server",
"run",
"main.py"
],
"env": {
"VIRUSTOTAL_API_KEY": "your_api_key_here"
}
}
}
}