Cybershield Mcp
What is Cybershield Mcp
CyberShield-MCP is a fully functional MCP (Model Context Protocol) server designed for cybersecurity on Windows. It exposes defensive tools such as HTTP APIs ready for use by AI agents, Claude Desktop, or custom scripts, making it easy to integrate, extensible, and ready to automate your digital defense.
Use cases
Use cases for CyberShield-MCP include automated network monitoring, real-time threat detection and response, system diagnostics and hardening, log analysis for security events, and managing active processes to ensure system integrity.
How to use
To use CyberShield-MCP, install it via pip with the command pip install mcp[cli] langchain langchain-ollama fastapi uvicorn requests. For environment variables, run mcp install -f. Control the server through Claude Desktop or LangChain agents to execute defensive commands and manage system resources.
Key features
Key features of CyberShield-MCP include secure exposure of critical system commands, integration with AI for contextual decision-making, a variety of defensive tools for diagnostics and system hardening, and the ability to automate responses to security threats.
Where to use
CyberShield-MCP is primarily used in cybersecurity fields, particularly for organizations that require automated defense mechanisms on Windows systems. It is suitable for IT security teams, system administrators, and organizations looking to enhance their cybersecurity posture.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Cybershield Mcp
CyberShield-MCP is a fully functional MCP (Model Context Protocol) server designed for cybersecurity on Windows. It exposes defensive tools such as HTTP APIs ready for use by AI agents, Claude Desktop, or custom scripts, making it easy to integrate, extensible, and ready to automate your digital defense.
Use cases
Use cases for CyberShield-MCP include automated network monitoring, real-time threat detection and response, system diagnostics and hardening, log analysis for security events, and managing active processes to ensure system integrity.
How to use
To use CyberShield-MCP, install it via pip with the command pip install mcp[cli] langchain langchain-ollama fastapi uvicorn requests. For environment variables, run mcp install -f. Control the server through Claude Desktop or LangChain agents to execute defensive commands and manage system resources.
Key features
Key features of CyberShield-MCP include secure exposure of critical system commands, integration with AI for contextual decision-making, a variety of defensive tools for diagnostics and system hardening, and the ability to automate responses to security threats.
Where to use
CyberShield-MCP is primarily used in cybersecurity fields, particularly for organizations that require automated defense mechanisms on Windows systems. It is suitable for IT security teams, system administrators, and organizations looking to enhance their cybersecurity posture.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
🛡️ CyberShield MCP — Servidor MCP de Defensa Autónoma (Windows)
CyberShield MCP es un servidor MCP (Model Context Protocol) completamente funcional diseñado para ejecutar herramientas defensivas, consultar recursos del sistema y tomar decisiones de seguridad con apoyo de inteligencia artificial.
Funciona sobre Windows, expone comandos críticos del sistema de forma segura, y puede ser controlado desde Claude Desktop o mediante agentes LangChain, creando así una defensa contextual, precisa y autónoma.
⚙️ Requisitos y dependencias
💡 Solo compatible con Windows por ahora (utiliza netsh, ping, Get-WinEvent, etc.)
Instalación rápida:
pip install mcp[cli] langchain langchain-ollama fastapi uvicorn requests
Si usás variables de entorno en .env, ejecutá:
mcp install -f
📂 Estructura del proyecto
cybershield_mcp/ ├── server.py # Punto de entrada principal ├── pyproject.toml # Configuración del proyecto (con uv o poetry) ├── README.md # Descripción del proyecto ├── .env # Variables de entorno (si usás `mcp install -f`) │ ├── tools/ # Herramientas de defensa y diagnóstico │ ├── __init__.py │ ├── firewall.py # Bloqueo y desbloqueo de puertos/IPs │ ├── diagnostics.py # Ping y escaneo con nmap │ ├── logs.py # Análisis de logs con Context │ ├── hardening.py # Fortalecimiento del sistema │ ├── agent_response.py # Acciones automáticas y diagnóstico rápido │ ├── network_watch.py # Conexiones activas y detección de IPs raras │ ├── eventlog_analyzer.py # Revisión de eventos de seguridad (logins fallidos, privilegios) │ └── processes.py # Escaneo y gestión de procesos activos │ ├── resources/ │ ├── __init__.py │ └── firewall_state.py # Consulta del estado actual del firewall │ ├── prompts/ │ ├── __init__.py │ └── threat_response.py # Prompt para decidir acción ante amenazas │ ├── utils/ │ ├── __init__.py │ └── commands.py # Funciones comunes para subprocess seguro │ ├── fastapi_mcp_server.py # Exposición HTTP de herramientas MCP para integración externa ├── agent_langchain.py # Agente IA con LangChain + Ollama usando MCP vía FastAPI ├── Dockerfile # Imagen Docker del servidor FastAPI ├── docker-compose.yml # Despliegue simplificado con Docker Compose
🧠 Modos de uso con IA
🧠 Claude Desktop
- Instalar tu servidor en Claude:
uv run mcp install server.py --name "CyberShield Agent"
- Ejecutar el servidor MCP:
uv run mcp dev server.py
- Claude ahora podrá usar frases como:
- “Haz ping a 8.8.8.8”
- “Bloquea la IP 192.168.1.50”
- “Activa el modo cuarentena”
- “¿Estoy bajo ataque?”
🔗 LangChain + Ollama (modo agente autónomo)
- Levantar el servidor FastAPI:
uvicorn fastapi_mcp_server:app --port 4242
- Usar
agent_langchain.pypara lanzar un agente con herramientas como:
bloquear ip automáticamentediagnóstico del sistemalistar procesos sospechosos
python agent_langchain.py
- El agente decidirá con tu LLM cuándo ejecutar herramientas defensivas (bloqueo, diagnóstico, etc.)
🐳 Integración con Docker
Dockerfile
Ya incluido en el proyecto. Crea una imagen del servidor FastAPI para correr en cualquier entorno.
Para construir y correr:
docker build -t cybershield-api . docker run -p 4242:4242 --name cybershield cybershield-api
O con docker-compose:
docker-compose up --build
Esto te da:
- Reproducibilidad
- Despliegue rápido
- Entorno controlado
- Posibilidad de llevar tu MCP a servidores Linux sin instalación directa
🧪 Testing con MCP Inspector
Corré:
uv run mcp dev server.py
Y abrí el Inspector Web cuando interactúes con Claude o LangChain.
Podés ver:
- Funciones ejecutadas
- Argumentos pasados
- Tiempos de respuesta y errores
💬 Ejemplos rápidos (Claude o LangChain)
🛠 @tool: do_ping(host: str)
“Haz ping a 8.8.8.8”
📦 @resource: firewall://rules
“Muéstrame las reglas activas del firewall”
🧠 @prompt: suggest_block_action(threat_description)
“He detectado conexiones sospechosas desde 192.168.1.42. ¿Qué debería hacer?”
🔗 FastAPI
🧰 ¿Qué podés hacer con CyberShield MCP?
✅ Automatizar defensa en sistemas Windows
✅ Ejecutar comandos críticos mediante IA
✅ Fortalecer el sistema y reducir superficie de ataque
✅ Coordinar respuestas desde agentes IA o modelos conversacionales
✅ Exponer herramientas como endpoints HTTP para integraciones más amplias
✅ Desplegarlo fácilmente en cualquier entorno con Docker
¿Listo para una defensa con cerebro? Clonalo, conectalo con Claude o tu agente LangChain, ¡y empezá a blindar tu sistema! 💥
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
