oletools

This MCP server provides a secure microservice for static analysis of Microsoft Office documents (Excel, Word, PowerPoint) and related file types using a set of open-source tools. It leverages OLETools (olevba, oleobj, etc.), XLMMacroDeobfuscator, and pefile to identify macro code, deobfuscated macros, DDE links, embedded OLE objects, and suspicious XLL exports. The service also attempts to extract IOCs with iocextract when available and performs basic MIME type and file size validation. The server is designed to integrate with MCP-compatible toolchains (e.g., Claude Desktop) and can be accessed via the MCP protocol as a microservice named “oletools”. To use it, run the MCP server configuration and then issue analyze commands through the MCP client, such as analyze_vba_macros in <filepath> to statically analyze a target file.

Prerequisites:

• Python 3.6+
• OLETools: pip install oletools
• XLMMacroDeobfuscator: pip install XLMMacroDeobfuscator
• python-magic: pip install python-magic-bin (Windows) or python-magic on other platforms
• iocextract (optional): pip install iocextract
• Claude Desktop (for integration with the Claude tooling environment)

Installation steps:

# 1. Clone the repository
git clone https://github.com/pradeep895/oletools-mcp-server.git
cd oletools-mcp-server

# 2. Install Python dependencies
pip install -r requirements.txt

# 3. Configure Claude Desktop if required (edit claude_desktop_config.json via Claude Desktop settings)
# Open Claude Desktop and paste the configuration as described in the README

# 4. Run the MCP service (server)
python mcp_service.py

Usage notes:

• After starting, the MCP client can connect to the server and issue analyze_vba_macros in <filepath> commands to statically analyze files. Ensure the target file is accessible from the server environment.
• If you need to customize tool paths or options, adjust environment variables or configuration as per your setup.

Tips and common issues:

• Ensure Python 3.6+ is installed and available in PATH.
• Install dependencies exactly as described to avoid missing tool errors (oletools, XLMMacroDeobfuscator, python-magic).
• For Windows users, python-magic-bin is recommended; on other platforms, install python-magic.
• iocextract is optional but provides richer IOC extraction; install it if you plan to pull IOCs from analyzed documents.
• If the server fails to start due to port or binding issues, check environment constraints and ensure no other process is occupying the MCP endpoint.
• When integrating with Claude Desktop, follow the configuration steps in the README to align with Claude’s config.json.