-
Notifications
You must be signed in to change notification settings - Fork 45
8. Use Cyberbro MCP for LLM
stanfrbd edited this page May 18, 2025
·
1 revision
Cyberbro MCP is a Model Context Protocol (MCP) server that enables Large Language Models (LLMs) to extract, analyze, and check the reputation of Indicators of Compromise (IoCs) from unstructured input, leveraging multiple threat intelligence sources.
- Purpose: Provides a standardized interface for LLMs (like Claude) to interact with Cyberbro, automating threat intelligence workflows.
- Capabilities: Extracts IoCs (IPs, domains, hashes, URLs, Chrome extension IDs), checks their reputation, and integrates with platforms like Microsoft Defender, CrowdStrike, and OpenCTI.
- Multi-source reputation checks and reporting
- Beginner-friendly and LLM-ready (no manual UI needed)
- Unique support for Chrome extension IDs and advanced TLD handling
- Exportable reports and search/visualization tools
export CYBERBRO_URL=http://localhost:5000
export API_PREFIX=api
docker pull ghcr.io/stanfrbd/mcp-cyberbro:latestgit clone https://github.com/stanfrbd/mcp-cyberbro.git
cd mcp-cyberbro
pip install -r requirements.txt
export CYBERBRO_URL=http://localhost:5000
export API_PREFIX=api
python mcp-cyberbro-server.pyAdd to your claude_desktop_config.json:
Docker:
"mcpServers": {
"cyberbro": {
"command": "docker",
"args": [
"run", "-i", "--rm", "-e", "CYBERBRO_URL", "-e", "API_PREFIX",
"ghcr.io/stanfrbd/mcp-cyberbro:latest"
],
"env": {
"CYBERBRO_URL": "http://localhost:5000",
"API_PREFIX": "api"
}
}
}Local:
"mcpServers": {
"cyberbro": {
"command": "python",
"args": [
"C:\\Users\\path\\to\\mcp-cyberbro.py"
],
"env": {
"CYBERBRO_URL": "http://localhost:5000",
"API_PREFIX": "api"
}
}
}Note: Set
CYBERBRO_URLandAPI_PREFIXas environment variables before starting Claude Desktop.
| Tool Name | Description |
|---|---|
| analyze_observable | Extracts/analyzes IoCs from text |
| is_analysis_complete | Checks if analysis is finished |
| get_analysis_results | Retrieves results of completed analysis |
| get_engines | Lists available analysis engines |
- "Cyberbro: Check indicators for target.com"
- "Can you check this IP reputation with Cyberbro? 192.168.1.1"
- "Analyze the domain example.com using max 3 engines."
- "Submit this hash for analysis to Cyberbro and show the results."
Licensed under MIT. See the repo for details.
Any questions? Raise an issue or contact @cyberbro_cti on X / @cyberbro on Mastodon (infosec.exchange).