Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

LitterBox — Self-Hosted Payload Sandbox (MCP)

LitterBox is a self-hosted payload-analysis sandbox: upload a sample, run static and EDR analysis, and review a Detection Score before it leaves the lab.

Listo para agents

Staging seguro para este activo

Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.

Stage only · 17/100Política: staging
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp Config
Instalación
Stage only
Confianza
Confianza: Established
Entrada
Asset
Comando de staging seguro
npx -y tokrepo@latest install 3a4c4478-0dd6-59d2-a592-8a83a8eddd05 --target codex

Primero deja archivos en staging; la activación requiere revisar el README y el plan staged.

Introducción

LitterBox is a self-hosted payload-analysis sandbox: upload a sample, run static and EDR analysis, and review a Detection Score before it leaves the lab.

  • Best for: Red/blue teams who need a repeatable lab sandbox to measure detection before live engagements
  • Works with: Python 3.11+; Windows and Docker (Linux); optional EDR profiles; includes a wiki-linked MCP integration (per README)
  • Setup time: 30–90 minutes (Docker build can take ~1 hour)

Practical Notes

  • GitHub: 1,416 stars · 161 forks; pushed 2026-05-05 (verified via GitHub API).
  • README states Docker setup provisions a Windows 10 container with KVM and exposes UI at http://127.0.0.1:1337.
  • README lists bundled scanners with versions/dates (e.g., PE-Sieve 0.4.1.2 updated 2026-05-02; Elastic YARA rules commit d131ea8).

Main

If you use LitterBox in a real workflow, keep it disciplined:

  1. Treat it as a staging gate: every payload must pass the same pipeline before it leaves the lab.
  2. Keep EDR profiles and scanner versions under change control; the README’s scanner table makes drift visible.
  3. Use the results to decide between:
    • rewrite/refactor (reduce detections)
    • environmental changes (different execution context)
    • abandon (too risky)
  4. Run it isolated. The README’s advisory calls out VM isolation and “development use only”.

Even if you never use the MCP path, the “Detection Score + indicators breakdown” framing is a strong way to standardize review discussions.

FAQ

Q: Is this safe to run on a workstation? A: Only in isolated environments. The README warns against production use and recommends VM/dedicated lab setups.

Q: Where do EDR profiles live? A: README says to drop YAML profiles under Config/edr_profiles/ so the upload page picks them up at boot.

Q: Does it support MCP? A: README links to a wiki page named LitterBoxMCP under its documentation table.

🙏

Fuente y agradecimientos

Source: https://github.com/BlackSnufkin/LitterBox > License: GPL-3.0 > GitHub stars: 1,416 · forks: 161

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados