Volatility3 Mcp Server

Created By

OMGhozlan7 months ago

Content

❄️ Volatility MCP Server

📌 Overview

The Volatility MCP Server is a powerful memory forensics automation toolkit powered by Volatility 3. It provides a modular, extensible interface for running Volatility plugins across Windows, Linux, and macOS memory dumps.

It makes memory analysis faster and more accessible via:

✅ Plugin automation
✅ Cross-platform support (Windows, Linux, macOS)
✅ Modular plugin architecture
✅ Rich logging with beautiful formatting
✅ Easy plugin registration and management

💡 Key Features

🔍 Powered by Volatility 3
🧠 Supports Windows, Linux, and macOS plugins
⚙️ Asynchronous plugin execution
📤 JSON output format
📊 Built-in error handling and validation
👨‍💻 FastMCP server interface
🐳 Docker-ready environment

📦 Requirements

python 3.11+
pip install -r requirements.txt

requirements.txt:

fastmcp
rich
python-dotenv

📁 Project Structure

Volatility-MCP-Server/
├── volatility_mcp_server.py    # Main server implementation
├── plugins/                    # Plugin modules
│   ├── base_plugin.py         # Base plugin class
│   ├── plugin_factory.py      # Plugin registration
│   ├── windows/               # Windows plugins
│   ├── linux/                 # Linux plugins
│   ├── mac/                   # macOS plugins
│   └── common/                # Common plugins
├── requirements.txt           # Dependencies
└── README.md                 # This file

🖥️ Usage

🔧 Local Connection

Using `stdio`

Create a .cursor/mcp.json file with:

{
  "mcpServers": {
    "Volatility3": {
      "command": "fastmcp",
      "args": ["run", "path/to/volatility_mcp_server.py:mcp", "--transport", "stdio"]
    }
  }
}

Using `sse`

Run the server using

fastmcp run volatility_mcp_server.py:mcp --transport sse

For Claude desktop

{
    "mcpServers": {
      "volatility3": {
        "command": "npx",
        "args": ["mcp-remote", "http://localhost:8000/sse"]
      }
    }
  }

For Cursor

{
  "mcpServers": {
    "Volatility3": {
      "url": "http://localhost:8000/sse"
    }
  }
}

📊 Available Plugins

Windows Plugins

Process: PsList, PsTree, PsScan
Memory: Malfind, MemMap
Network: NetScan
Registry: RegistryHiveList, RegistryPrintKey
System: SvcScan, CmdLine, DllList, Handles, FileScan
Disk: ADS, MFTScan, ResidentData

Linux Plugins

Process: PsList, PsTree, PsScan, PsAux, PsCallStack
System: Bash, Boottime, Capabilities
Network: IpAddr, IpLink, Netfilter
Memory: Malfind, ModuleExtract
File System: Files, InodePages, RecoverFs

macOS Plugins

Process: PsList, PsTree, Psaux
System: Bash, Dmesg, Lsmod
Network: Ifconfig, Netstat
Security: Check_syscall, Check_sysctl, Check_trap_table

Common Plugins

Framework: Banners, ConfigWriter, FrameworkInfo, IsfInfo, LayerWriter
Scan: RegExScan, YaraScan, Vmscan
Timeline: Timeliner

🐳 Docker Usage (No idea what I wanted to do here but might be useful in the future)

⚙️ 1. Build the Docker Image

From the root directory:

docker build -t volatility-mcp .

▶️ 2. Run the Server

docker run --rm -it \
  -v $(pwd)/memdumps:/memdumps \
  -v $(pwd)/output:/output \
  volatility-mcp

🔧 Developer/Contributor Guide

🧱 Setup Virtual Environment

python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

🧪 Run Locally

python volatility_mcp_server.py

✍️ Customization Tips

📀 Want to add a new plugin? Extend BasePlugin and register it in plugin_factory.py
🧩 Want to add a new OS? Create a new plugin directory and implement the plugins
📚 Want to add new features? The modular architecture makes it easy to extend

🙋 FAQ

🟠 Does this support Volatility 2.x?
🔻 No. This server supports Volatility 3 only for modern plugin support.

🔵 Can I add custom plugins?
✅ Yes! Just extend the BasePlugin class and register it in the factory.

🔴 Why use FastMCP?
It provides a clean, efficient interface for running Volatility plugins with proper error handling and async support.

📜 License

MIT ©️ 2025

🌐 More Tools?

Server Config

{
  "mcpServers": {
    "volatility3": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "http://localhost:8000/sse"
      ]
    }
  }
}

Recommend Servers

TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.

WindsurfThe new purpose-built IDE to harness magic

EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.

TimeA Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.

BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.

Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.

AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.

Baidu Map百度地图核心API现已全面兼容MCP协议，是国内首家兼容MCP协议的地图服务商。

ChatWiseThe second fastest AI chatbot™

MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs

Howtocook Mcp基于Anduin2017 / HowToCook （程序员在家做饭指南）的mcp server，帮你推荐菜谱、规划膳食，解决“今天吃什么“的世纪难题； Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"