Get a comprehensive URL analysis report including security scan results and key relationships (communicating files, contacted domains/IPs, downloaded files, redirects, threat actors)
Get a comprehensive file analysis report using its hash (MD5/SHA-1/SHA-256). Includes detection results, file properties, and key relationships (behaviors, dropped files, network connections, embedded content, threat actors)
Get a comprehensive IP address analysis report including geolocation, reputation data, and key relationships (communicating files, historical certificates/WHOIS, resolutions)
Get a comprehensive domain analysis report including DNS records, WHOIS data, and key relationships (SSL certificates, subdomains, historical data)
Query a specific relationship type for a URL with pagination support. Choose from 17 relationship types including analyses, communicating files, contacted domains/IPs, downloaded files, graphs, referrers, redirects, and threat actors
Query a specific relationship type for a file with pagination support. Choose from 41 relationship types including behaviors, network connections, dropped files, embedded content, execution chains, and threat actors
VirusTotal MCP provides comprehensive security analysis capabilities through the VirusTotal API. It enables AI assistants to analyze URLs, files (via hash), IP addresses, and domains for security threats, malware, and other risks. The server automatically fetches relevant relationship data along with basic reports, providing complete security overviews in a single request.
VirusTotal MCP provides AI assistants with access to VirusTotal's powerful security analysis capabilities. This server allows for comprehensive security analysis of URLs, files (via hash), IP addresses, and domains, with automatic relationship data fetching to provide complete security overviews.
The easiest way to install the VirusTotal MCP server is using Smithery:
npx -y @smithery/cli install @burtthecoder/mcp-virustotal --client claude
This automatically configures the server for Claude Desktop.
npm install -g @burtthecoder/mcp-virustotal
For Claude Desktop, edit the configuration file located at:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonAdd the following configuration:
{
"mcpServers": {
"virustotal": {
"command": "mcp-virustotal",
"env": {
"VIRUSTOTAL_API_KEY": "your-virustotal-api-key"
}
}
}
}
If you need to modify the code or prefer running from source:
git clone https://github.com/BurtTheCoder/mcp-virustotal.git
cd mcp-virustotal
npm install
npm run build
{
"mcpServers": {
"virustotal": {
"command": "node",
"args": ["--experimental-modules", "/absolute/path/to/mcp-virustotal/build/index.js"],
"env": {
"VIRUSTOTAL_API_KEY": "your-virustotal-api-key"
}
}
}
}
Once installed, you can ask your AI assistant to analyze security aspects of URLs, files (via hash), IP addresses, and domains. The server provides comprehensive reports with automatically fetched relationship data.
Example prompts:
The server accepts the following environment variables:
VIRUSTOTAL_API_KEY (required): Your VirusTotal API keyLOG_LEVEL (optional): Set logging level (default: "info")PORT (optional): Port to run the server on (default: auto-assigned)The server can also be run as a Docker container:
docker build -t mcp-virustotal .
docker run -e VIRUSTOTAL_API_KEY=your-api-key mcp-virustotal