remnux

This MCP server enables AI assistants to orchestrate REMnUX malware analysis tools from within REMnux environments. It exposes capabilities such as suggesting the right tools for a given file type, retrieving usage information for installed tools, and automatically chaining tools to analyze files with structured outputs and IOC extraction. The server supports three deployment models: (1) AI tool on your machine connecting to REMnux via Docker or SSH, (2) AI tool and MCP server both running on REMnux, and (3) the MCP server inside REMnux with the AI tool connecting over HTTP. You can enable the REMnux docs MCP server for extended tool documentation if needed. Use the listed commands to start or connect the MCP server from your AI assistant, and leverage features like suggest_tools, get_tool_help, and analyze_file to streamline malware analysis workflows.

Prerequisites: Node.js (version 18 or newer) and Docker if you plan to run in Docker mode. Optional SSH access if using SSH mode.

Install steps:

1. Install Node.js (if not already installed).

• macOS/Linux: Install via NodeSource or your package manager, e.g. curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - && sudo apt-get install -y nodejs
• Windows: Install via the Node.js installer from https://nodejs.org/

2. Install Docker (for Docker mode) if you plan to run REMnux in Docker.

• Follow instructions at https://docs.docker.com/get-docker/

3. Install the MCP server package from npm (example uses the REMnux package name):

npx @remnux/mcp-server --version

4. Verify your setup by starting the server in your desired mode (Docker/Local/SSH) as shown in the quick start examples of the README.

Note: The default configuration assumes REMnux uses standard paths and local execution when running in local mode. Adjust --mode and related flags to fit your deployment (docker, ssh, etc.).

Tips and common considerations:

• If you run in Docker mode, ensure the REMnux container is started and accessible with the container name provided (e.g., --container=remnux).
• In local mode, the server uses the host's filesystem; typical REMnux layout paths like /home/remnux/files/samples and /home/remnux/files/output are assumed by default.
• The server offers tools like suggest_tools, get_tool_help, and analyze_file to streamline tool selection and execution; enable these in your AI assistant's prompts or MCP configuration as needed.
• When using SSH mode, consider key-based authentication and SSH agent forwarding for seamless connections.
• Security: expose the MCP server with appropriate authentication and transport options when connecting from external AI assistants. The REMnux docs MCP server can be used to augment tool knowledge and provide additional documentation for installed utilities.
• If you need to switch modes later, update the mcpServers entry and restart the AI tool integration to apply changes.