NexusCore MCP

What it does

NexusCore MCP is a specialized server for AI-driven dynamic malware analysis. It enables LLMs to interactively manipulate malware execution, bypass anti-debugging checks, and perform forensic triage in real-time by bridging AI agents with low-level system instrumentation.

Tools

• spawn_process: Spawns a process in suspended state with optional Frida instrumentation.
• attach_process: Attaches to an existing running process.
• resume_process: Resumes a suspended process.
• inject_frida_script: Injects custom Frida JavaScript into a process.
• die_scan: Detects packers, compilers, and protectors using Detect It Easy.
• capa_scan: Analyzes malware capabilities using CAPA.
• find_oep: Finds the Original Entry Point of packed executables.
• scan_persistence: Scans for persistence mechanisms in Registry and Startup folders.
• cape_submit: Submits samples to CAPEv2 sandbox.

Installation

Add the following to your claude_desktop_config.json:

{
  "mcpServers": {
    "nexuscore": {
      "command": "C:\\Path\\To\\NexusCore_MCP\\target\\release\\nexuscore_mcp.exe",
      "args": [],
      "env": {
        "CAPE_API_URL": "http://127.0.0.1:8000",
        "RUST_LOG": "info"
      }
    }
  }
}

Supported hosts

Confirmed for Claude Desktop and Cursor.