OLETools Secure MCP Server
by pradeep895
This project provides a secure microservice using `FastMCP` to analyze Microsoft Office documents for potential malicious content using static analysis techniques. It leverages external tools like `oletools`, `XLMMacroDeobfuscator`, and `pefile`.
Last updated: N/A
What is OLETools Secure MCP Server?
The OLETools Secure MCP Server is a microservice designed to analyze Microsoft Office documents and related file types for malicious content. It uses static analysis techniques and integrates with tools like oletools, XLMMacroDeobfuscator, and pefile to identify potential threats.
How to use OLETools Secure MCP Server?
To use the server, first clone the repository, install the necessary dependencies using pip, configure the Claude Desktop application, run the config file, and then start the mcp_service.py script. Once running, the server can be accessed through the Claude Desktop application to analyze files by typing analyze_vba_macros in <filepath\example.xlsm>.
Key features of OLETools Secure MCP Server
Analyzes VBA Macros (olevba)
Detects XLM Macros (XLMMacroDeobfuscator, olevba)
Checks for DDE Links (msodde)
Extracts embedded OLE Objects (oleobj)
Analyzes XLL file exports for suspicious functions (pefile)
Extracts IOCs (URLs, IPs, Hashes, Emails) using iocextract
Provides basic MIME type and file size validation (python-magic)
Uses a configurable scoring system for basic risk classification
Designed for integration with systems supporting the MCP protocol
Use cases of OLETools Secure MCP Server
Automated malware analysis of Office documents
Integration with security information and event management (SIEM) systems
Threat intelligence gathering
Sandboxing and dynamic analysis support
FAQ from OLETools Secure MCP Server
What file types are supported?
What file types are supported?
The server supports Microsoft Office documents (Excel, Word, PowerPoint) and related file types like XLL add-ins.
What is the purpose of the scoring system?
What is the purpose of the scoring system?
The configurable scoring system provides a basic risk classification based on the analysis results.
What is Claude Desktop?
What is Claude Desktop?
Claude Desktop is an application that supports the MCP protocol and integrates with this server for document analysis.
How do I install the dependencies?
How do I install the dependencies?
The dependencies can be installed using pip: pip install -r requirements.txt
Is iocextract required?
Is iocextract required?
No, iocextract is optional but recommended for advanced IOC extraction.