Velociraptor

v1.0.0Securitystable

Repo to hold mcp server for velociraptor

velociraptormcpai-integration
Share:
39
Stars
0
Downloads
0
Weekly
0/5

What is Velociraptor?

Velociraptor is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to repo to hold mcp server for velociraptor

Repo to hold mcp server for velociraptor

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Repo to hold mcp server for velociraptor

Use Cases

Interact with Velociraptor forensics and incident response platform.
socfortress

Maintainer

LicenseAGPL-3.0
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx velociraptor

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Velociraptor

The Velociraptor MCP Server bridges Velociraptor — the open-source digital forensics and incident response (DFIR) platform — with large language models, enabling natural language queries and intelligent analysis of forensic data. It exposes eight purpose-built tools for authenticating to a Velociraptor instance, querying clients, listing and collecting artifacts, running VQL (Velociraptor Query Language) queries, and retrieving collection results. Security analysts use it to investigate incidents faster by asking questions in plain English instead of writing raw VQL.

Prerequisites

  • Python 3.11 or higher
  • A running Velociraptor server instance with API access enabled
  • A Velociraptor API configuration file (api.config.yaml) generated from your server's admin interface
  • An MCP-compatible client such as Claude Desktop or VS Code
  • Network connectivity from the machine running the MCP server to the Velociraptor server
1

Create a Python virtual environment

Isolate the installation to avoid dependency conflicts with other Python projects.

python -m venv .venv
source .venv/bin/activate
# On Windows: .venv\Scripts\activate
2

Install the Velociraptor MCP server

Install directly from the GitHub repository using pip.

pip install git+https://github.com/socfortress/velociraptor-mcp-server.git
3

Generate your Velociraptor API config file

From your Velociraptor server's admin interface, generate an api.config.yaml file. This file contains the gRPC endpoint, TLS certificates, and credentials the MCP server uses to authenticate.

# On the Velociraptor server, run:
velociraptor --config /etc/velociraptor/server.config.yaml config api_client \
  --name mcp-client --role reader api.config.yaml
4

Create a .env configuration file

Create a .env file in your working directory with the path to your api.config.yaml and any optional settings.

# .env
VELOCIRAPTOR_API_KEY=/path/to/api.config.yaml
VELOCIRAPTOR_SSL_VERIFY=false
VELOCIRAPTOR_TIMEOUT=30
MCP_SERVER_HOST=127.0.0.1
MCP_SERVER_PORT=8000
LOG_LEVEL=INFO
5

Start the MCP server

Run the server using the CLI command. It will start listening on 127.0.0.1:8000 by default.

velociraptor-mcp-server

# Or with custom options:
velociraptor-mcp-server --host 0.0.0.0 --port 8080 --log-level DEBUG
6

Configure your MCP client

Add the server to your Claude Desktop or other MCP client configuration, pointing to the running HTTP server.

{
  "mcpServers": {
    "velociraptor": {
      "url": "http://127.0.0.1:8000/mcp"
    }
  }
}

Velociraptor Examples

Client configuration (Claude Desktop)

Connect Claude Desktop to a locally running Velociraptor MCP server. Adjust the URL if you changed the host or port.

{
  "mcpServers": {
    "velociraptor": {
      "url": "http://127.0.0.1:8000/mcp"
    }
  }
}

Prompts to try

Use natural language to interact with your Velociraptor DFIR platform through Claude.

- "List all Windows clients currently connected to Velociraptor."
- "Get detailed information about the client with hostname workstation-01."
- "Run a VQL query to find all active network connections on client C.1234567890."
- "Collect the Windows.System.Users artifact from client C.1234567890 and show me the results."
- "List all available Linux artifacts related to network activity."
- "What artifacts can I collect to investigate a potential ransomware infection on a Windows host?"

Troubleshooting Velociraptor

Authentication fails with gRPC connection errors

Verify the path in VELOCIRAPTOR_API_KEY points to a valid api.config.yaml file. If your server uses a self-signed certificate, set VELOCIRAPTOR_SSL_VERIFY=false in your .env file. Check that the Velociraptor server's gRPC port (usually 8001) is accessible from the machine running the MCP server.

CollectArtifactTool returns no results or times out

Artifact collection is asynchronous — the tool returns a flow_id, and you must use GetCollectionResultsTool with that flow_id to retrieve results. Increase max_retries and retry_delay if the client is slow or offline. Check flow status directly in the Velociraptor GUI to confirm the collection completed.

Specific tools are not available or need to be disabled

Use the VELOCIRAPTOR_DISABLED_TOOLS environment variable with a comma-separated list of tool names to disable. Example: VELOCIRAPTOR_DISABLED_TOOLS=CollectArtifactTool,RunVQLQueryTool. This restricts which operations Claude can perform.

Frequently Asked Questions about Velociraptor

What is Velociraptor?

Velociraptor is a Model Context Protocol (MCP) server that repo to hold mcp server for velociraptor It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Velociraptor?

Follow the installation instructions on the Velociraptor GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Velociraptor?

Velociraptor works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Velociraptor free to use?

Yes, Velociraptor is open source and available under the AGPL-3.0 license. You can use it freely in both personal and commercial projects.

Velociraptor Alternatives — Similar Security Servers

Looking for alternatives to Velociraptor? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "velociraptor": { "command": "npx", "args": ["-y", "velociraptor"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Velociraptor?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides