Skip to content

Latest commit

 

History

History

capa-mcp

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

README.md

Capa MCP Server

Binary capability detection using Mandiant's capa.

Tools

Tool Description
capa_analyze Analyze binary capabilities
get_analysis_results Retrieve previous analysis
list_active_scans Show running analyses

Features

  • Detect malware capabilities
  • MITRE ATT&CK mapping
  • Malware Behavior Catalog (MBC) mapping
  • PE, ELF, shellcode analysis
  • Supports .NET binaries

Docker

docker build -t capa-mcp .
docker run --rm -i -v /path/to/samples:/app/samples:ro capa-mcp

Example Usage

Analyze /app/samples/suspicious.exe for malware capabilities
What ATT&CK techniques does this binary use?

License

MIT