Velociraptor MCP Bridge

MCPOpen Source53.1

by mgreen27 • Automation & Orchestration

A proof-of-concept MCP bridge that exposes Velociraptor server functionality to MCP clients for Windows triage and forensic queries.

Example Use Cases

1
Collect and inspect network connections on a specific Windows host and flag suspicious processes.
2
Locate and enumerate forensic artifacts (for example, those targeting the USN journal) across managed hosts.
3
Run Velociraptor collections remotely via an MCP client and return triage results for analyst review.

Description

This repository implements a POC Model Context Protocol (MCP) bridge to allow MCP clients (e.g., Claude desktop) to query Velociraptor servers and retrieve forensic/triage data from endpoints. It includes Windows-oriented collections and helper code to query machines by name (for example, list network connections or search for artifacts targeting the USN journal). Installation and API client setup instructions are provided, and the README calls out caveats about data volume, context windows, and dynamic collection creation.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D40/100

3/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

Ownermgreen27

CategoryAutomation & Orchestration

DependenciesStandalone