YaraFlux
If you are the rightful owner of YaraFlux and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
YaraFlux MCP Server is a Model Context Protocol server designed for YARA rule-based threat analysis, integrating with AI assistants for comprehensive file scanning and rule management.
YaraFlux MCP Server enables AI assistants to perform YARA rule-based threat analysis through the standardized Model Context Protocol interface. The server integrates YARA scanning with modern AI assistants, supporting comprehensive rule management, secure scanning, and detailed result analysis through a modular architecture. It provides a clean separation of concerns between MCP integration, tool implementation, and storage, ensuring flexibility and scalability. The server is optimized for integration with Claude Desktop and supports a wide range of MCP tools for rule management, scanning, and file analysis. Security features include JWT authentication, non-root container execution, and secure storage isolation.
Features
- Modular Architecture: Clean separation of MCP integration, tool implementation, and storage with flexible backend options.
- MCP Integration: 19 integrated MCP tools optimized for Claude Desktop, supporting direct file analysis and latest protocol specifications.
- YARA Scanning: URL and file content scanning with detailed match information and performance-optimized engine.
- Rule Management: Create, read, update, delete YARA rules with validation and import from ThreatFlux repository.
- Security Features: JWT authentication, non-root container execution, and secure storage isolation with configurable access controls.
Tools
list_yara_rules
List available YARA rules with filtering options.
get_yara_rule
Get a specific YARA rule's content and metadata.
validate_yara_rule
Validate YARA rule syntax with detailed error reporting.
add_yara_rule
Create a new YARA rule.
update_yara_rule
Update an existing YARA rule.
delete_yara_rule
Delete a YARA rule.
import_threatflux_rules
Import rules from ThreatFlux GitHub repository.
scan_url
Scan content from a URL with specified YARA rules.
scan_data
Scan provided data (base64 encoded) with specified rules.
get_scan_result
Retrieve detailed results from a previous scan.
upload_file
Upload a file for analysis or scanning.
get_file_info
Get metadata about an uploaded file.
list_files
List uploaded files with pagination and sorting.
delete_file
Delete an uploaded file.
extract_strings
Extract ASCII/Unicode strings from a file.
get_hex_view
Get hexadecimal view of file content.
download_file
Download an uploaded file.
get_storage_info
Get storage usage statistics.
clean_storage
Remove old files to free up storage space.
