mcp-cyberbro

The Cyberbro MCP Server exposes a set of Tools that help you pull IoCs (Indicators of Compromise) from unstructured text, analyze them, and check their reputation across multiple threat intelligence sources. Once deployed, you can interact with the server using MCP clients or OpenAPI proxies to extract domains, IPs, hashes, URLs, and even Chrome extension IDs from input data, run reputation checks, and generate reports. The server integrates with multiple CTI services and reporting capabilities, enabling LLMs to load contextual threat intelligence into the model’s workspace and take informed actions.

In practice, you’ll typically send MCP messages to the server to perform actions such as extracting IoCs from a given text, querying reputation across supported services, and requesting structured results or exportable reports. Tools are designed to be composable: you can first extract IoCs, then filter for high-risk indicators, and finally append CTI reports for enriched context. The server is designed to be Claude-desktop friendly via Docker or local Python invocations and can be used with any MCP client that supports the protocol.

Prerequisites:

• Docker (optional, for the recommended Docker-based setup) or Python with uv (for local development).
• Git and basic shell access.
• Access to the internet to pull images or install dependencies.

Option 1: Docker (Recommended)

1. Install Docker on your machine.
2. Run the container with the required environment variable: export CYBERBRO_URL=http://localhost:5000 export API_PREFIX=api docker pull ghcr.io/stanfrbd/mcp-cyberbro:latest docker run -i --rm -e CYBERBRO_URL -e API_PREFIX ghcr.io/stanfrbd/mcp-cyberbro:latest

Option 2: Local Installation (Python/uv)

1. Clone the repository: git clone https://github.com/stanfrbd/mcp-cyberbro.git cd mcp-cyberbro
2. Install dependencies: uv run pip install -r requirements.txt
3. Set up configuration via environment variables or CLI: Option A (env vars): export CYBERBRO_URL=http://localhost:5000 export API_PREFIX=api Option B (CLI args): uv run mcp-cyberbro-server.py --cyberbro_url http://localhost:5000
4. Start the server: uv run mcp-cyberbro-server.py The server will listen on stdin/stdout for MCP messages and connect to Cyberbro via CYBERBRO_URL.

Optional environment variables:

• SSL_VERIFY: Set to false to disable SSL verification (useful for self-signed certs).
• API_PREFIX: Custom prefix for the Cyberbro API (e.g., api).

Optional CLI arguments:

• --no_ssl_verify: Disable SSL verification.
• --api_prefix: Set a custom API prefix.

Tips and caveats:

• When using Claude Desktop or other MCP clients, ensure the CYBERBRO_URL environment variable points to your Cyberbro instance and API_PREFIX matches your Cyberbro API path.
• If you’re behind a corporate proxy, configure Docker or uv to allow outbound connections to Cyberbro services.
• For local testing with self-signed certificates, disable SSL verification via SSL_VERIFY=false or --no_ssl_verify.
• OpenAPI proxy setups may require mcpo to be installed (pip install mcpo) to expose the MCP server as an HTTP API endpoint for testing with HTTP clients.
• The server supports multi-service reputation checks; make sure you have API keys or access configured for each CTI provider as needed by your Cyberbro deployment.