ServeursGaffx/volatility-mcp

Gaffx/volatility-mcp

Créé le 2025-04-10

Open Source Visiter le Serveur

This repo hosts an MCP server for volatility3.x

Information

Your AI Assistant in Memory Forensics

Overview

Volatility MCP seamlessly integrates Volatility 3's powerful memory analysis with FastAPI and the Model Context Protocol (MCP). Experience memory forensics without barriers as plugins like pslist and netscan become accessible through clean REST APIs, connecting memory artifacts directly to AI assistants and web applications

Features

Volatility 3 Integration: Leverages the Volatility 3 framework for memory image analysis.
FastAPI Backend: Provides RESTful APIs to interact with Volatility plugins.
Web Front End Support (future feature): Designed to connect with a web-based front end for interactive analysis.
Model Context Protocol (MCP): Enables standardized communication with MCP clients like Claude Desktop.
Plugin Support: Supports various Volatility plugins, including pslist for process listing and netscan for network connection analysis.

Architecture

The project architecture consists of the following components:

MCP Client: MCP client like Claude Desktop that interacts with the FastAPI backend.
FastAPI Server: A Python-based server that exposes Volatility plugins as API endpoints.
Volatility 3: The memory forensics framework performing the analysis.

This architecture allows users to analyze memory images through MCP clients like Claude Desktop. Users can use natural language prompts to perform memory forensics analysis such as show me the list of the processes in memory image x, or show me all the external connections made

Getting Started

Prerequisites

Python 3.7+ installed on your system
Volatility 3 binary installed (see Volatility 3 Installation Guide) and added to your env path called VOLATILITY_BIN

Installation

Clone the repository:

git clone <repository_url>
cd <repository_directory>

Install the required Python dependencies:
```
pip install -r requirements.txt
```
Start the FastAPI server to expose Volatility 3 APIs:
```
uvicorn volatility_fastapi_server:app 
```
Install Claude Desktop (see Claude Desktop
To configure Claude Desktop as a volatility MCP client, navigate to Claude → Settings → Developer → Edit Config, locate the claude_desktop_config.json file, and insert the following configuration details

Please note that the -i option in the config.json file specifies the directory path of your memory image file.

    {
     "mcpServers": {
       "vol": {
         "command": "python",
         "args": [
           "/ABSOLUTE_PATH_TO_MCP-SERVER/vol_mcp_server.py", "-i",     
           "/ABSOLUTE_PATH_TO_MEMORY_IMAGE/<memory_image>"
         ]
       }
     }
 }

Alternatively, update this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json

Usage

Start the FastAPI server as described above.
Connect an MCP client (e.g., Claude Desktop) to the FastAPI server.
Start the prompt by asking questions regarding the memory image in scope, such as showing me the running processes, creating a tree relationship graph for process x, or showing me all external RFC1918 connections.

Future Features and Enhancements

Native Volatility Python Integration: Incorporate Volatility Python SDK directly in the code base as opposed to subprocess volatility binary
Yara Integration: Implement functionality to dump a process from memory and scan it with Yara rules for malware analysis.
Multi-Image Analysis: Enable the analysis of multiple memory images simultaneously to correlate events and identify patterns across different systems.
Adding more Volatility Plugins: add more volatility plugins to expand the scope of memory analysis
GUI Enhancements: Develop a user-friendly web interface for interactive memory analysis and visualization.
Automated Report Generation: Automate the generation of detailed reports summarizing the findings of memory analysis.
Advanced Threat Detection: Incorporate advanced techniques for detecting sophisticated threats and anomalies in memory.

Contributing

Contributions are welcome! Please follow these steps to contribute:

Fork this repository.
Create a new branch (git checkout -b feature/my-feature).
Commit your changes (git commit -m 'Add some feature').
Push to your branch (git push origin feature/my-feature).
Open a pull request.

Serveurs MCP Recommandés

gistpad-mcp

📓 An MCP server for managing your personal knowledge, daily notes, and re-usable prompts via GitHub Gists

You can add Zaturn MCP to Claude Desktop (or any MCP client), connect your data sources, ask questions in natural language, and get instant insights with visualizations.

Pinecone Assistant MCP server

基于七牛云产品构建的 Model Context Protocol (MCP) Server，支持用户在 AI 大模型客户端的上下文中通过该 MCP Server 来访问七牛云存储、智能多媒体服务等。

Reliable LLM Memory for AI Applications and AI Agents

The most reliable AI agent framework that supports MCP.

Query and Summarize your chat messages.

An MCP (Model Context Protocol) server that enables ✨ AI platforms to interact with 🤖 YepCode's infrastructure. Turn your YepCode processes into powerful tools that AI assistants can use 🚀

Yuque mcp server

A Model Context Protocol (MCP) server that allows AI assistants like Claude to read notes from the Bear note-taking app. This implementation connects directly to the Bear SQLite database in a read-only mode, ensuring your notes remain safe and unmodified.