REMnux MCP Server
OfficialEnables AI assistants to execute malware analysis tools on a REMnux system via Docker, SSH, or local connections, with automated file-type analysis and security guardrails.
Enables AI assistants to execute malware analysis tools on a REMnux system via Docker, SSH, or local connections. It provides automated file-type analysis, structured tool discovery, and security guardrails for streamlined malware investigation.
What it does
- Execute malware analysis tools on REMnux systems
- Suggest appropriate tools based on file type
- Run automated tool chains with structured output
- Extract indicators of compromise (IOCs)
- Connect to REMnux via Docker, SSH, or local deployment
- Apply security guardrails to prevent dangerous commands
Best for
About REMnux MCP Server
REMnux MCP Server is an official MCP server published by REMnux that provides AI assistants with tools and capabilities via the Model Context Protocol. REMnux MCP Server: Run REMnux malware analysis via Docker, SSH or locally with automated file-type analysis, sandbox too It is categorized under auth security, developer tools.
How to install
You can install REMnux MCP Server in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
REMnux MCP Server is released under the GPL-3.0 license.
remnux-mcp-server
MCP server for using the REMnux malware analysis toolkit via AI assistants.
Overview
This server enables AI assistants (Claude Code, OpenCode, Cursor, etc.) to execute malware analysis tools on a REMnux system. It supports three deployment scenarios:
- AI tool on your machine, REMnux as Docker/VM — MCP server runs on your machine, reaches into REMnux over Docker exec or SSH
- AI tool and MCP server both on REMnux — everything runs locally on the same REMnux system (simplest setup)
- AI tool on your machine, MCP server on REMnux — MCP server runs inside REMnux, your AI tool connects over HTTP
Beyond raw command execution, the server encodes malware analysis domain expertise:
- Recommends the right tools for each file type (
suggest_tools) and retrieves usage flags for any installed tool (get_tool_help) - Runs appropriate tool chains automatically (
analyze_file) with structured output and IOC extraction - Uses neutral language to counteract confirmation bias in AI-generated verdicts
For additional tool documentation, you can optionally enable the REMnux docs MCP server.
Architecture
Three deployment scenarios are supported depending on where the MCP server and AI assistant run.
Scenario 1: Server on Analyst's Machine
The MCP server runs on the analyst's workstation and connects to a separate REMnux system over Docker exec or SSH.
+--------------------------------------------------------------------+
| Analyst's Machine |
| |
| +----------------+ +--------------------------------------+ |
| | AI Assistant |---->| remnux-mcp-server (npm package) | |
| | (Claude Code, | MCP | | |
| | Cursor, etc) | | - Blocked command patterns | |
| +----------------+ | - Dangerous pipe blocking | |
| | - Path sandboxing (opt-in) | |
| +------|-------------------------------+ |
| | |
| +-----------+----------+ |
| v v |
| +--------------+ +--------------+ |
| | Docker Exec | | SSH | |
| | (container) | | (VM) | |
| +------+-------+ +------+-------+ |
| | | |
+-------------------|---------------------|---------------------------+
v v
+-----------+ +-----------+
| REMnux | | REMnux |
| Container | | VM |
+-----------+ +-----------+
Scenario 2: Everything on REMnux
The AI assistant and MCP server both run on the REMnux system. The server uses the Local connector with stdio transport — no network, no Docker exec, no SSH. This is the simplest setup.
+-------------------------------+
| REMnux (VM or bare metal) |
| |
| +----------------+ |
| | AI Assistant | |
| | (Claude Code, | stdio |
| | OpenCode) +--------+ |
| +----------------+ | |
| v |
| +-------------------------+ |
| | remnux-mcp-server | |
| | --mode=local (default) | |
| | | |
| | - Local connector | |
| | - Security layers | |
| +-------------------------+ |
| |
| REMnux tools (native) |
+-------------------------------+
Scenario 3: Server Inside REMnux
The MCP server runs inside the REMnux VM or container using the Local connector. The AI assistant connects over the network via Streamable HTTP transport. This is the deployment scenario used by REMnux salt-states.
+----------------+ Streamable HTTP +------------------------------+
| AI Assistant |----(network)------->| REMnux (VM/Container) |
| (Claude Code, | | |
| Cursor, etc) | | +------------------------+ |
+----------------+ | | remnux-mcp-server | |
| | --mode=local | |
| | --transport=http | |
| | | |
| | - Local connector | |
| | - Security layers | |
| +------------------------+ |
| |
| REMnux tools (native) |
+------------------------------+
Quick Start
Prerequisites: Node.js >= 18, plus Docker (for container mode) or SSH access (for VM mode).
Optional: For additional tool documentation beyond what suggest_tools and get_tool_help provide, you can enable the REMnux docs MCP server alongside this one.
Choose the scenario that matches your setup.
Scenario 1: AI Tool on Your Machine, REMnux as Docker/VM
Your AI assistant (Claude Code, Cursor, etc.) runs on your physical machine. The MCP server also runs on your machine and reaches into REMnux over Docker exec or SSH to run analysis tools.
With Docker (recommended):
# Start REMnux container
docker run -d --name remnux remnux/remnux-distro:noble
# Add to Claude Code (stdio transport — server runs as a child process)
claude mcp add remnux -- npx @remnux/mcp-server --mode=docker --container=remnux
With a VM (SSH):
# Key-based auth via SSH agent (default) — ensure your key is loaded:
# ssh-add ~/.ssh/your_key
claude mcp add remnux -- npx @remnux/mcp-server --mode=ssh --host=YOUR_VM_IP --user=remnux
# Password auth
claude mcp add remnux -- npx @remnux/mcp-server --mode=ssh --host=YOUR_VM_IP --user=remnux --password=YOUR_PASSWORD
Claude Desktop / Cursor config (add to MCP settings JSON):
{
"mcpServers": {
"remnux": {
"command": "npx",
"args": ["@remnux/mcp-server", "--mode=docker", "--container=remnux"]
}
}
}
The upload_from_host and download_file tools handle file transfer between your machine and REMnux. You can optionally mount shared Docker volumes, but the built-in tools are simpler and maintain container isolation.
Scenario 2: AI Tool and MCP Server Both on REMnux
Your AI assistant (OpenCode, Claude Code, etc.) runs directly on the REMnux VM or container. The MCP server runs on the same system using the local connector — no network, no Docker exec, no SSH. Tools execute natively.
Stdio transport (same machine, recommended):
Add the server to your AI tool's MCP config. The tool launches it automatically via stdio:
{
"mcpServers": {
"remnux": {
"command": "remnux-mcp-server"
}
}
}
Local mode is the default — no --mode flag needed. The default paths (/home/remnux/files/samples and /home/remnux/files/output) match the REMnux filesystem layout, so no additional configuration is needed.
In local mode, analysis tools also accept absolute file paths, so you can reference files anywhere on the filesystem without uploading them first.
Scenario 3: AI Tool on Your Machine, MCP Server on REMnux (HTTP)
Your AI assistant runs on your physical machine, but instead of the MCP server also running on your machine (Scenario 1), it runs inside REMnux and listens on a network port. Your AI tool connects over HTTP.
Use this when you want REMnux to be self-contained — the MCP server and analysis tools are co-located, and your AI tool just needs network access.
On REMnux (start the server):
export MCP_TOKEN=$(openssl rand -hex 32)
remnux-mcp-server --mode=local --transport=http --http-host=0.0.0.0
echo "Token: $MCP_TOKEN" # save this for the client
On your machine (connect Claude Code):
claude mcp add remnux --transport http http://REMNUX_IP:3000/mcp \
--header "Authorization: Bearer YOUR_TOKEN"
Claude Desktop / Cursor config:
{
"mcpServers": {
"remnux": {
"type": "streamable-http",
"url": "http://REMNUX_IP:3000/mcp",
"headers": {
"Authorization": "Bearer YOUR_TOKEN"
}
}
}
}
Security Notes (HTTP transport)
- Always use a token in production. Without
--http-tokenorMCP_TOKEN, any network client can execute commands. - Default bind is
127.0.0.1— set--http-host=0.0.0.0to allow network access. - Generate strong tokens:
openssl rand -hex 32 - Use
MCP_TOKENenv var to avoid exposing the token in process listings. - For HTTPS, place a reverse proxy (nginx, caddy) in front of the MCP server. The bearer token travels in plaintext over HTTP without this.
- DNS rebinding protection is automatically enabled when binding to localhost.
CLI Options
| Flag | Description | Default |
|---|---|---|
--mode | Connection mode: local, docker, or ssh | local |
--container | Docker container name/ID (for docker mode) | remnux |
--host | SSH host (for ssh mode) | - |
--user | SSH user (for ssh mode) | remnux |
--port | SSH port (for ssh mode) | 22 |
--password | SSH password (for ssh mode; uses SSH agent if omitted) | - |
--samples-dir | Samples directory path inside REMnux | /home/remnux/files/samples |
| `--output-d |
README truncated. View full README on GitHub.
Alternatives
Related Skills
Browse all skillsUse when working with the OpenAI API (Responses API) or OpenAI platform features (tools, streaming, Realtime API, auth, models, rate limits, MCP) and you need authoritative, up-to-date documentation (schemas, examples, limits, edge cases). Prefer the OpenAI Developer Documentation MCP server tools when available; otherwise guide the user to enable `openaiDeveloperDocs`.
Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication. Triggers: "azure-identity", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust".
CCXT cryptocurrency exchange library for TypeScript and JavaScript developers (Node.js and browser). Covers both REST API (standard) and WebSocket API (real-time). Helps install CCXT, connect to exchanges, fetch market data, place orders, stream live tickers/orderbooks, handle authentication, and manage errors. Use when working with crypto exchanges in TypeScript/JavaScript projects, trading bots, arbitrage systems, or portfolio management tools. Includes both REST and WebSocket examples.
.NET/C# backend developer for ASP.NET Core APIs with Entity Framework Core. Builds REST APIs, minimal APIs, gRPC services, authentication with Identity/JWT, authorization, database operations, background services, SignalR real-time features. Activates for: .NET, C#, ASP.NET Core, Entity Framework Core, EF Core, .NET Core, minimal API, Web API, gRPC, authentication .NET, Identity, JWT .NET, authorization, LINQ, async/await C#, background service, IHostedService, SignalR, SQL Server, PostgreSQL .NET, dependency injection, middleware .NET.
Build full-stack applications with Supabase (PostgreSQL, Auth, Storage, Real-time, Edge Functions). Use when implementing authentication, database design with RLS, file storage, real-time features, or serverless functions.