Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

LitterBox — Self-Hosted Payload Sandbox (MCP)

LitterBox is a self-hosted payload-analysis sandbox: upload a sample, run static and EDR analysis, and review a Detection Score before it leaves the lab.

MCP Hub
MCP Hub · Community
Listo para agents

Este activo puede ser leído e instalado directamente por agents

TokRepo expone un comando CLI universal, contrato de instalación, metadata JSON, plan según adaptador y contenido raw para que los agents evalúen compatibilidad, riesgo y próximos pasos.

Native · 94/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp
Instalación
Manual
Confianza
Confianza: Established
Entrada
./setup.sh (Docker path) or python litterbox.py (Windows path)
Comando CLI universal
npx tokrepo install 3a4c4478-0dd6-59d2-a592-8a83a8eddd05
contrato de instalaciónJSON de metadataplan adaptadorcontenido raw
Introducción

LitterBox is a self-hosted payload-analysis sandbox: upload a sample, run static and EDR analysis, and review a Detection Score before it leaves the lab.

  • Best for: Red/blue teams who need a repeatable lab sandbox to measure detection before live engagements
  • Works with: Python 3.11+; Windows and Docker (Linux); optional EDR profiles; includes a wiki-linked MCP integration (per README)
  • Setup time: 30–90 minutes (Docker build can take ~1 hour)

Practical Notes

  • GitHub: 1,416 stars · 161 forks; pushed 2026-05-05 (verified via GitHub API).
  • README states Docker setup provisions a Windows 10 container with KVM and exposes UI at http://127.0.0.1:1337.
  • README lists bundled scanners with versions/dates (e.g., PE-Sieve 0.4.1.2 updated 2026-05-02; Elastic YARA rules commit d131ea8).

Main

If you use LitterBox in a real workflow, keep it disciplined:

  1. Treat it as a staging gate: every payload must pass the same pipeline before it leaves the lab.
  2. Keep EDR profiles and scanner versions under change control; the README’s scanner table makes drift visible.
  3. Use the results to decide between:
    • rewrite/refactor (reduce detections)
    • environmental changes (different execution context)
    • abandon (too risky)
  4. Run it isolated. The README’s advisory calls out VM isolation and “development use only”.

Even if you never use the MCP path, the “Detection Score + indicators breakdown” framing is a strong way to standardize review discussions.

FAQ

Q: Is this safe to run on a workstation? A: Only in isolated environments. The README warns against production use and recommends VM/dedicated lab setups.

Q: Where do EDR profiles live? A: README says to drop YAML profiles under Config/edr_profiles/ so the upload page picks them up at boot.

Q: Does it support MCP? A: README links to a wiki page named LitterBoxMCP under its documentation table.

🙏

Fuente y agradecimientos

Source: https://github.com/BlackSnufkin/LitterBox > License: GPL-3.0 > GitHub stars: 1,416 · forks: 161

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Stash — Self-Hosted Memory + MCP SSE on Postgres/pgvector

Stash is a self-hosted memory layer for agents with an MCP SSE endpoint, backed by Postgres + pgvector and a consolidation pipeline for long-lived recall.

MCP Configs
MCP Hub

Hister — Self-Hosted Search Engine (MCP-ready)

Hister is a privacy-focused self-hosted search engine that full-text indexes visited sites locally, with optional semantic search and MCP agent access.

MCP Configs
MCP Hub

Awesome Remote MCP Servers — Directory of Hosted MCPs

Hosted MCP server directory: copy/paste server URLs with no local installs. Includes a Claude Code HTTP/SSE installation guide.

MCP Configs
MCP Hub

Apify MCP Server — 8,000+ Web Scrapers for Agents

Apify MCP Server connects agents to Apify Actors via a hosted endpoint (mcp.apify.com) or local run, turning thousands of web scrapers into callable tools.

MCP Configs
MCP Hub
Inicio🔍Buscar👤Yo