MCP-CyberAgent 🛡️

April 9, 2025 · View on GitHub

MCP-CyberAgent 🛡️

MCP-CyberAgent is an MCP-compliant AI security assistant that connects Claude Desktop (or any MCP client) with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell.

🔬 In this project, I’ve integrated automated hash extraction from running startup applications — enabling Claude to act like a personalized
AI-powered Malware Scanner.

It supports natural language interaction to:

Scan for malware using VirusTotal
Discover active network services
Gather threat intelligence from Shodan
Test network health and connectivity

All this runs locally in your environment — no cloud integration required. And it's completely free.

🎥 Demo

https://github.com/user-attachments/assets/469d2800-8c06-461f-8336-6a1751b851cc

⚙️ Tools & Prompts

🔬 VirusTotal Integration

Using PowerShell, MCP-CyberAgent extracts SHA256 hashes from startup applications and checks them against VirusTotal’s threat database.

🧠 Try asking Claude:
"Scan running processes with VirusTotal"
"Check for malware in startup applications"

virustotal_demo

🌐 Nmap Port Scanner

Scan open ports, services, and protocols on any IP using Claude.

🧠 Try:
"Check what ports are open on 127.0.0.1"

nmap_demo

🌍 Shodan IP Intelligence

Get real-time internet-facing service information for any public IP address using Shodan.

🧠 Try:
"What does Shodan know about 1.1.1.1?"

shodan_demo

🌐 Get Public IP

Query your external/public IP address.

🧠 Try:
"What is my IP?"

MyIp_demo

🏓 Ping Checker

Test latency and host reachability via ICMP.

🧠 Try:
"Ping 8.8.8.8"
"Check if google.com is online"

ping_demo

✅ Requirements

Python 3.10+
Windows PowerShell (for startup hash scanning)
Claude Desktop or 5ire
API Keys:
- VirusTotal
- Shodan (free key is enough)

Install dependencies:

pip install -r requirements.txt



## 🔧 Setup Guide

### 📁 Project Layout

MCP-CyberAgent/ ├── bridge_mcp_cyberagent.py ├── modules/ │ ├── virustotal_module.py │ ├── nmap_module.py │ ├── shodan_module.py │ └── sysinfo.ps1 ├── configs/ │ └── api_keys.env ├── README.md └── requirements.txt


### ✅ Installation

1. **Clone the repository:**
   ```bash
   git clone https://github.com/JithukrishnanV/MCP-CyberAgent
   cd MCP-CyberAgent

Create a virtual environment (optional but recommended):
```
python -m venv .venv
.venv\Scripts\activate
```
Install dependencies:
```
pip install -r requirements.txt
```

Add your API keys in configs/api_keys.env:

VT_API_KEY=your_virustotal_api_key
SHODAN_API_KEY=your_shodan_api_key

Edit Claude Desktop config: Claude Desktop To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:

{
  "mcpServers": {
    "cyberagent": {
      "command": "C:/Path/To/python.exe",
      "args": [
        ""/ABSOLUTE_PATH_TO/bridge_mcp_cyberagent.py"
      ]
    }
  }
}

Launch Claude and select the MCP-CyberAgent from the MCP tab.

🔗 Resources

🧠 Claude MCP Docs
🔍 VirusTotal
🌐 Shodan
🛰️ Nmap
📚 Python SDK for MCP
🛠️ ping3
🌍 ipify - Get Public IP