cyberbro
By stanfrbd
Extract, enrich, and analyze Indicators of Compromise (IOCs) and observables using Cyberbro threat intelligence toolkit, running locally as an MCP stdio subprocess connected to a configurable Cyberbro service.
npx claudepluginhub stanfrbd/mcp-cyberbroComponent Overview
Component Details
MCP Servers (1)
README
Cyberbro MCP Server
Extract IoCs from messy text and analyze them with Cyberbro.
🌐 demo.cyberbro.net
Model Context Protocol server for Cyberbro.
This project is packaged as a standard Python distribution and can be launched with:
uvx mcp-cyberbropip install mcp-cyberbrothenmcp-cyberbro
Why this server
- Analyze observables (IP, domain, URL, hash, etc.) via Cyberbro engines.
- Integrate threat-analysis actions directly in MCP-capable assistants.
- Run with
stdio,sse, orstreamable-httptransports. - Compatible with any MCP client that supports one of these transports.
Installation
Use with uvx (standalone)
uvx mcp-cyberbro --cyberbro_url http://localhost:5000
Use with pip
pip install mcp-cyberbro
mcp-cyberbro --cyberbro_url http://localhost:5000
Local development
pip install -e .
mcp-cyberbro --cyberbro_url http://localhost:5000
Docker
Default container command starts in streamable-http mode on port 8000.
docker run --rm -p 8000:8000 \
-e CYBERBRO_URL=http://host.docker.internal:5000 \
ghcr.io/stanfrbd/mcp-cyberbro:latest
To force stdio transport:
docker run -i --rm \
-e CYBERBRO_URL=http://host.docker.internal:5000 \
ghcr.io/stanfrbd/mcp-cyberbro:latest \
--transport stdio
Configuration
Copy .env.example and set at least:
CYBERBRO_URL(required)
Supported environment variables:
CYBERBRO_URLAPI_PREFIX(default:api)SSL_VERIFY(true/false)MCP_TRANSPORT(stdio,sse,streamable-http)MCP_HOSTMCP_PORTMCP_MOUNT_PATHMCP_SSE_PATHMCP_STREAMABLE_HTTP_PATH
CLI flags are also available and override env values.
MCP Client Integration
You can use this server with Claude Desktop, Claude Code, Cursor, OpenAI-compatible MCP clients, or any other MCP client.
Example config using uvx:
{
"mcpServers": {
"cyberbro": {
"command": "uvx",
"args": ["mcp-cyberbro"],
"env": {
"CYBERBRO_URL": "http://localhost:5000"
}
}
}
}
Example with Docker + stdio:
{
"mcpServers": {
"cyberbro": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"CYBERBRO_URL",
"ghcr.io/stanfrbd/mcp-cyberbro:latest",
"--transport",
"stdio"
],
"env": {
"CYBERBRO_URL": "http://localhost:5000"
}
}
}
}
Usage in VSCode - Example
Create .vscode/mcp.json
{
"servers": {
"mcp-cyberbro": {
"type": "stdio",
"command": "uvx",
"args": [
"mcp-cyberbro"
],
"env": {
"CYBERBRO_URL": "http://127.0.0.1:5000"
}
}
}
}
MCP Registry Metadata
server.json is included for MCP Registry publication and points to PyPI package mcp-cyberbro.
Release Pipelines
Release-created workflows:
.github/workflows/publish-test-pypi.yml.github/workflows/publish-pypi.yml.github/workflows/publish-mcp-plugin.yml
Available Tools
analyze_observableis_analysis_completeget_analysis_resultsget_enginesget_web_url
Example Prompts
Here are practical prompt examples you can use with any MCP-capable assistant connected to Cyberbro.
Getting Indicator Details
- Cyberbro: Check indicators for target.com
- Can you check this IP reputation with Cyberbro? 192.168.1.1. Use github, google and virustotal engines.
- I want to analyze the domain example.com. What can Cyberbro tell me about it? Use max 3 engines.
- Analyze these observables with Cyberbro: suspicious-domain.com, 8.8.8.8, and 44d88612fea8a8f36de82e1278abb02f. Use all available engines.
Observable Analysis
- I found this (hash|domain|url|ip|extension). Can you submit it for analysis to Cyberbro and analyze the results?
OSINT Investigation
- Create an OSINT report for the domain example.com using Cyberbro. Use all available engines and pivot on the results for more information. Use a maximum of 10 analysis requests.
Acknowledgements
License
MIT
Similar Plugins
drbinary-chat-plugin
Local cyber security assistant for PC issue detection, malware analysis, and system scanning
Help us improve
Share bugs, ideas, or general feedback.