drio
Open app

YaraFlux MCP Server

Source

A yara based MCP Server

Catalog onlyCatalog onlySTDIO

Overview

YaraFlux is a Model Context Protocol (MCP) server designed for YARA scanning, enabling AI assistants to perform YARA rule-based threat analysis through a standardized interface.

To use YaraFlux, install it via pip or from source, run the server, and utilize the command-line interface to create YARA rules and scan files.

  • Integration with YARA scanning and Model Context Protocol - Comprehensive YARA rule management (create, edit, delete, import) - JWT authentication for secure API access - Docker deployment support - RESTful API with Swagger documentation - Direct AI assistant integration - URL and data scanning capabilities
  1. Performing YARA rule-based threat analysis for cybersecurity.
  2. Automating the scanning of files and URLs for potential threats.
  3. Managing and integrating YARA rules within AI systems for enhanced security.

Add to your AI client

Use these steps to connect YaraFlux MCP Server in Cursor, Claude, VS Code, and other MCP-compatible apps. The same JSON appears in the Use with menu above for one-click copy.

Cursor

Add this to your .cursor/mcp.json file in your project root, then restart Cursor.

.cursor/mcp.json

{
  "mcpServers": {
    "yaraflux-threatflux": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

Claude Desktop

Add this server entry to the mcpServers object in your Claude Desktop config, then restart the app.

~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)

{
  "mcpServers": {
    "yaraflux-threatflux": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

Claude Code

Add this to your project's .mcp.json file. Claude Code will detect it automatically.

.mcp.json (project root)

{
  "mcpServers": {
    "yaraflux-threatflux": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

VS Code (Copilot)

Add this to your .vscode/mcp.json file. Requires the GitHub Copilot extension with MCP support enabled.

.vscode/mcp.json

{
  "servers": {
    "yaraflux-threatflux": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

Windsurf

Add this to your Windsurf MCP config file, then restart Windsurf.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "yaraflux-threatflux": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

Cline

Open Cline settings, navigate to MCP Servers, and add this server configuration.

Cline MCP Settings (via UI)

{
  "mcpServers": {
    "yaraflux-threatflux": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-yaraflux-threatflux"
      ]
    }
  }
}

FAQ

Can YaraFlux be deployed in a Docker container?

Yes! YaraFlux supports Docker deployment for easy configuration.

Is there documentation available for YaraFlux?

Yes! Comprehensive documentation is available in the docs directory, including installation and API reference guides.

How can I contribute to YaraFlux?

Contributions are welcome! You can fork the repository and submit a Pull Request.

Research and data