TriageMCP (PE File Analysis)

Integrates with multiple security tools to perform static analysis of PE files, extracting critical information like import tables, metadata, strings, and malware capabilities for rapid triage of suspicious Windows executables.

TriageMCP is a server that enables LLMs to perform basic static analysis of PE (Portable Executable) files. It integrates with multiple security tools including detect-it-easy, YARA, capa, floss, and UPX to extract critical information such as import/export tables, section details, metadata, strings, and capabilities. The implementation provides tools for calculating file hashes, analyzing PE structures, scanning with YARA rules, unpacking UPX-compressed executables, and identifying malware capabilities - making it particularly valuable for security analysts who need to quickly triage suspicious Windows executables without manual tool interaction.