What are the requirements for Cyberbro?

Cyberbro requires the following environment variables: CYBERBRO_URL (required), SSL_VERIFY (optional), API_PREFIX (optional). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is Cyberbro free to use?

Yes, Cyberbro is open source and free to use. You can find the source code on GitHub.

What MCP clients support Cyberbro?

Cyberbro works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Cyberbro?

Configure Cyberbro by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Cyberbro MCP Server

Q: What tools does Cyberbro provide?

extract_iocs: Extracts Indicators of Compromise from unstructured text input.. check_reputation: Checks the reputation of an IoC across multiple threat intelligence services..

Q: How do I install Cyberbro?

Install Cyberbro by running: docker pull ghcr.io/stanfrbd/mcp-cyberbro:latest

Add it to Claude Code

Run this in a terminal.

Run in terminal

claude mcp add -e "CYBERBRO_URL=${CYBERBRO_URL}" cyberbro -- docker run -i --rm -e CYBERBRO_URL ghcr.io/stanfrbd/mcp-cyberbro:latest

Required:CYBERBRO_URL+ 2 optional

README.md

Extracts IoCs from garbage input and checks their reputation.

Cyberbro MCP Server

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple services.

🌐 demo.cyberbro.net

mcp-cyberbro-demo

A Model Context Protocol (MCP) server for Cyberbro that provides a comprehensive interface for extracting and analyzing Indicators of Compromise (IoCs) from unstructured input, and checking their reputation using multiple threat intelligence services.

Checkout Cyberbro repository for more information about the platform.

Overview

This MCP server enables interaction with the Cyberbro platform through the Model Context Protocol. MCP is a standard that allows applications to provide context and functionality to Large Language Models (LLMs) in a secure, standardized way—similar to a web API, but designed for LLM integrations.

MCP servers can:

Expose data through Resources (to load information into the LLM's context)
Provide functionality through Tools (to execute code or perform actions)
Define interaction patterns through Prompts (reusable templates for LLM interactions)

This server implements the Tools functionality of MCP, offering a suite of tools for extracting IoCs from text, analyzing them, and checking their reputation across various threat intelligence sources. It allows AI systems like Claude to retrieve, analyze, and act on threat intelligence in real-time.

Features

Multi-Service Reputation Checks: Query IPs, domains, hashes, URLs, and Chrome extension IDs across many threat intelligence sources.
Integrated Reporting: Get detailed, exportable reports and analysis history.
Platform Integrations: Supports Microsoft Defender for Endpoint, CrowdStrike, OpenCTI, and more.
Advanced Search & Visualization: Search with Grep.App, check for breaches, and visualize results.

Why Use Cyberbro with LLMs

LLM-Ready: Designed for seamless use via MCP with Claude or other LLMs—no manual UI needed.
Beginner-Friendly: Simple, accessible, and easy to deploy.
Unique Capabilities: Chrome extension ID lookups, advanced TLD handling, and pragmatic intelligence gathering.
Comprehensive CTI Access: Leverages multiple sources and integrates CTI reports for enriched context.

Installation

Option 1: Using Docker (Recommended)

Export your Cyberbro config as an environment variable:
```
 export CYBERBRO_URL=http://localhost:5000
```
Pull the Docker image from GitHub Container Registry (careful, you must be logged in):
```
docker pull ghcr.io/stanfrbd/mcp-cyberbro:latest
```

Option 2: Local Installation

Clone this repository:

git clone https://github.com/stanfrbd/mcp-cyberbro.git
cd mcp-cyberbro

Install the required dependencies:
```
uv run pip install -r requirements.txt
```
Set environment variables for MCP configuration or provide them as CLI arguments:

Option A: Using environment variables
```
export CYBERBRO_URL=http://localhost:5000
```
Option B: Using CLI arguments
```
uv run mcp-cyberbro-server.py --cyberbro_url http://localhost:5000
```
Start the MCP server:
```
uv run mcp-cyberbro-server.py # env variables already set
```
The server will listen for MCP protocol messages on stdin/stdout and use the environment variables as shown in the Claude Desktop configuration example.

Optional environment variables

SSL_VERIFY: Set to false to disable SSL verification for the Cyberbro URL. This is useful for self-signed certificates or local testing.
API_PREFIX: Set to a custom prefix for the Cyberbro API. This is useful if you have a custom API prefix in your Cyberbro instance.

Optional arguments

--no_ssl_verify: Disable SSL verification for the Cyberbro URL. This is useful for self-signed certificates or local testing.
--api_prefix: Set a custom prefix for the Cyberbro API. This is useful if you have a custom API prefix in your Cyberbro instance.

Usage

Using with Claude Desktop (Docker) - Recommended

[!NOTE] In this configuration, make sure Docker is installed and running on your machine (e.g., Docker Desktop).

To use this MCP server with Claude Desktop, add the following to your Claude Desktop config file (claude_desktop_config.json):

"mcpServers": {
  "cyberbro": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "CYBERBRO_URL",
      "-

Tools (2)

extract_iocsExtracts Indicators of Compromise from unstructured text input.

check_reputationChecks the reputation of an IoC across multiple threat intelligence services.

Environment Variables

CYBERBRO_URLrequiredThe URL of the Cyberbro instance

SSL_VERIFYSet to false to disable SSL verification

API_PREFIXCustom prefix for the Cyberbro API

Configuration

claude_desktop_config.json

{"mcpServers": {"cyberbro": {"command": "docker", "args": ["run", "-i", "--rm", "-e", "CYBERBRO_URL", "ghcr.io/stanfrbd/mcp-cyberbro:latest"], "env": {"CYBERBRO_URL": "http://localhost:5000"}}}}

Try it

→Extract all IP addresses and domains from this security log and check their reputation.

→Analyze the following text for any Indicators of Compromise and report their threat status.

→Check the reputation of this file hash using the Cyberbro tools.

→Scan this email body for malicious URLs and provide a summary of their safety.

Frequently Asked Questions

What are the key features of Cyberbro?

Multi-service reputation checks for IPs, domains, hashes, and URLs. Automated extraction of IoCs from unstructured text. Integration with platforms like Microsoft Defender, CrowdStrike, and OpenCTI. Advanced search capabilities and threat intelligence reporting.

What can I use Cyberbro for?

Automating the triage of security alerts from raw log files. Enriching incident response workflows with real-time threat intelligence. Quickly vetting suspicious links or files found in phishing emails. Centralizing threat intelligence lookups within an LLM-based security assistant.

How do I install Cyberbro?

Install Cyberbro by running: docker pull ghcr.io/stanfrbd/mcp-cyberbro:latest

What MCP clients work with Cyberbro?

Cyberbro works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Cyberbro docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all monitoring servers →

Cyberbro MCP Server

Add it to Claude Code

Cyberbro MCP Server

Overview

Features

Why Use Cyberbro with LLMs

Installation

Option 1: Using Docker (Recommended)

Option 2: Local Installation

Optional environment variables

Optional arguments

Usage

Using with Claude Desktop (Docker) - Recommended

Tools (2)

Environment Variables

Configuration

Try it

Frequently Asked Questions

Turn this server into reusable context

Related MCP Servers