MCP Hub
Back to servers

TriageMCP (PE File Analysis)

MCP (Model Context Protocol) Server. Integrates with multiple security tools to perform static analysis of PE files, extracting critical information like import tables, metadata, strings, and malware capabilities for rapid triage of suspicious Windows executables.

pulsemcp
APIs & ServicesData & AnalyticsFile Systems
Stars
74
Validated
Jan 9, 2026
View Source
Claim this server

TriageMCP

MCP server to enable an LLM to do basic static triage of a PE.

A minimal prompt idea could be:

You are a malware analyst tasked to analyse the sample at <PATH> with your MCP tools. Create a markdown report that summarizes your findings.

Of course supplying more info will usually yield a better result.

Installation

Install dependencies:

pip install pefile yara-python die-python mcp[cli]

Then adjust triage.py and change <TOOL>_EXE_PATH and YARA_RULE_PATH accordingly.

Claude Desktop Integration

You can install this server in Claude Desktop and interact with it right away by running:

mcp install .\triage.py

Different transport protocol

By default, without using arguments, the server will use stdio transport:

.\triage.py

To use SSE transport:

.\triage.py --transport http://127.0.0.1:8744

TODO

  • VT/AnyRun/Sandbox integration
  • Hash lookup
  • Streamable HTTP transport

Reviews

No reviews yet

Sign in to write a review