velociraptor-mcp-server

socfortress/velociraptor-mcp-server

3.4

If you are the rightful owner of velociraptor-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Velociraptor MCP Server is a production-ready Model Context Protocol server designed for seamless integration between Velociraptor DFIR and Large Language Models (LLMs).

Tools

Functions exposed to the LLM to take actions

AuthenticateTool

Initialize and test connection to Velociraptor server.

GetAgentInfo

Retrieve detailed information about a Velociraptor client by hostname or FQDN.

RunVQLQueryTool

Execute VQL queries on the Velociraptor server.

ListLinuxArtifactsTool

List available Linux artifacts in Velociraptor.

ListWindowsArtifactsTool

List available Windows artifacts in Velociraptor.

CollectArtifactTool

Collect a Velociraptor artifact from a client.

GetCollectionResultsTool

Retrieve Velociraptor collection results for a given client, flow ID, and artifact.

CollectArtifactDetailsTool

Get detailed information about a specific Velociraptor artifact.

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources