MCP Observatory
github analyzed 2361dfd

ahammadshawki8/DeepSIFT

github

DeepSIFT - A zero-hallucination autonomous DFIR agent for the SANS SIFT Workstation. 148 typed, audited, guard-railed MCP forensic tools with per-claim grounding verification, 4-axis confidence scoring, and an HMAC-signable chain of custody. .

maintainer
ahammadshawki8
license
MIT
first seen
2026-06-14
last seen
2026-06-14
releases · 30d
0
short id

Drift inferred · capture-to-capture

No drift recorded — single capability capture; advisories appear once its surface changes.

capabilities 60 tools
transport stdio counts 60 tools · 0 res · 0 prompts permission surface via code analysis

tools

  • adversarial_review

    Challenge current hypothesis with counter-arguments before finish_analysis

  • correlate_artifacts

    Join findings across memory/disk/network/registry by PID, path, IP, user

  • create_super_timeline

    Build a Plaso super-timeline from a disk image (long-running)

  • detect_contradictions

    Find UNRESOLVED_CONTRADICTION findings: DKOM, ghost PIDs, log wipes, hidden services

  • detect_packer

    Entropy analysis + UPX/MPRESS/Themida signature detection

  • extract_dns_queries

    DNS extraction — DGA detection, beaconing, DNS tunneling

  • extract_file

    Extract file by inode number to exports/

  • extract_strings

    String extraction + IOC pattern scan (IPs, URLs, base64, registry)

  • filter_timeline

    Extract events for a specific time window; highlights suspicious keywords

  • find_injected_code

    malfind with injection type classification

  • finish_analysis

    Structured report with grounding score, 4-axis confidence score, audit_ids citation

  • get_browser_history

    Extract WEBHIST events (URLs, downloads, searches) from timeline

  • get_cachedump

    Domain cached credential hashes (DCC2)

  • get_callbacks

    Kernel callback registrations

  • get_command_history

    cmdline with suspicious pattern detection

  • get_devicetree

    Kernel device tree

  • get_driverirp

    IRP dispatch table hook detection (rootkit)

  • get_env_vars

    Process environment block variables

  • get_file_listing

    Recursive file listing with deleted-file flags

  • get_filescan

    FILE_OBJECT pool scan

  • get_getsids

    Security identifiers per process (privilege enumeration)

  • get_hashdump

    NTLM password hash extraction from SAM in memory

  • get_ldrmodules

    Compare InLoad / InMem / InInit PEB lists

  • get_loaded_dlls

    DLL listing for a specific PID

  • get_lsadump

    LSA secrets from memory (service account passwords)

  • get_modules

    Kernel module list; flags unsigned/suspicious drivers

  • get_mutexes

    Mutex object scan (mutantscan)

  • get_network_connections

    netscan with external IP flagging + MITRE tags

  • get_partition_table

    Read partition layout; returns sector offsets for follow-up calls

  • get_pe_metadata

    PE header, sections, imports, compile timestamp, entropy

  • get_privileges

    Token privilege enumeration per PID

  • get_process_list

    EPROCESS walk; SANS Hunt Evil baseline comparison

  • get_registry_hives

    List hives in memory image

  • get_registry_key

    Read a specific registry key from memory

  • get_running_services

    svcscan with suspicious binary path detection (T1543.003)

  • get_ssdt

    System Service Descriptor Table hooks

  • get_timeliner

    Memory-resident timestamp timeline

  • get_vad_info

    Virtual Address Descriptor tree

  • list_hayabusa_rules

    Show available Hayabusa rule profiles

  • list_yara_rule_sets

    Enumerate available rule sets

  • lookup_ip_reputation

    AbuseIPDB + VirusTotal APIs

  • parse_amcache

    Amcache.hve via AmcacheParser

  • parse_arp_cache

    Volatility netstat as host enumeration proxy

  • parse_event_logs

    .evtx via EvtxECmd

  • parse_hayabusa

    Apply 3,700+ community Sigma rules to .evtx directory

  • parse_jump_lists

    AutomaticDestinations via JLECmd

  • parse_lnk_files

    Recent Items via LECmd

  • parse_mft

    $MFT via MFTECmd

  • parse_pcap_summary

    TShark PCAP summary — top talkers, exfil signals

  • parse_prefetch

    C:\Windows\Prefetch via PECmd

  • parse_recycle_bin

    $Recycle.Bin via RBCmd

  • parse_registry_hive

    Any hive via RECmd

  • parse_shimcache

    SYSTEM hive via AppCompatCacheParser

  • parse_srum

    SRUDB.dat via SrumECmd

  • parse_usn_journal

    $UsnJrnl:$J via MFTECmd

  • scan_file_with_yara

    Static file scan against named rule set

  • scan_hidden_processes

    pslist vs psscan diff → DKOM detection (T1014)

  • scan_memory_with_yara

    Yarascan via Volatility 3 (finds memory-resident payloads)

  • search_deleted_files

    List only deleted/unallocated entries

  • verify_findings

    Verbatim token grounding check — every claim vs raw export bytes (run before finish_analysis)

skills & danger signals github-tarball
prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit 2361dfd · analyzer v18 · 10h ago

skills & prompt files 2

code evidence vHEAD · github-tarball
evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 41

  • fs ahammadshawki8-DeepSIFT-2361dfd/agents/orchestrator.py :11 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/agents/reasoning_agent.py :32 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/demo.py :36 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/examiner_portal.py :40 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/examiner_review.py :26 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/investigate.py :28 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/audit.py :9 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/config.py :2 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/custody.py :22 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/evidence_store.py :17 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/parsers/grounding_verifier.py :15 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/preflight.py :18 import shutil
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :16 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :23 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :20 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/correlation.py :11 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :15 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :16 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :16 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/evidence_index.py :10 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_analysis.py :17 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :18 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/hayabusa.py :21 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :19 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/log2timeline.py :4 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_analysis.py :14 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :19 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :18 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :4 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :14 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :13 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :21 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :10 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/yara_tools.py :4 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/preflight.py :15 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/rag/ingest/case_history.py :5 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/rag/ingest/mitre_attack.py :6 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/rag/ingest/run_all.py :70 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/rag/ingest/threat_intel.py :6 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/rag/knowledge_base.py :13 from pathlib import Path
  • fs ahammadshawki8-DeepSIFT-2361dfd/verify_findings.py :22 from pathlib import Path

shell / exec 22

  • shell ahammadshawki8-DeepSIFT-2361dfd/agents/orchestrator.py :79 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/audit.py :58 registry `_run_ez`) before subprocess.run(). The primary control is that every tool
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :15 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :21 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :14 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :14 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :15 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_analysis.py :16 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :17 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/hayabusa.py :19 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :18 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/log2timeline.py :3 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_analysis.py :13 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :17 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :17 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :3 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :13 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :12 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :20 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :17 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :9 import subprocess
  • shell ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/yara_tools.py :3 import subprocess

network 4

  • net ahammadshawki8-DeepSIFT-2361dfd/examiner_portal.py :503 from urllib.parse import urlparse, parse_qs
  • net ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :50 import urllib.request
  • net ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :848 import requests
  • net ahammadshawki8-DeepSIFT-2361dfd/rag/ingest/mitre_attack.py :15 import requests

secrets 1

  • secrets ahammadshawki8-DeepSIFT-2361dfd/examiner_review.py :22 import getpass

database 4

  • db ahammadshawki8-DeepSIFT-2361dfd/agents/orchestrator.py :488 import sqlite3, shutil, tempfile
  • db ahammadshawki8-DeepSIFT-2361dfd/mcp_server/evidence_store.py :16 import sqlite3
  • db ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :20 import sqlite3
  • db ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :18 import sqlite3

tool registrations 155

  • detect_timestomping ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :27
  • detect_log_wiping ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :120
  • detect_secure_deletion ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :204
  • detect_ads_streams ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :295
  • analyze_vss_shadows ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :368
  • detect_prefetch_anomalies ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :435
  • detect_event_log_tampering ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/anti_forensics.py :512
  • parse_chrome_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :160
  • parse_firefox_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :281
  • parse_chrome_extensions ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :371
  • parse_browser_cookies ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :443
  • run_hindsight ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :519
  • parse_browser_passwords ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :571
  • parse_ie_edge_legacy_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :635
  • parse_chromium_cache ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/browser_artifacts.py :706
  • parse_dropbox_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :43
  • parse_onedrive_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :128
  • parse_google_drive_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :198
  • parse_slack_artifacts ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :256
  • parse_teams_artifacts ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :320
  • parse_icloud_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/cloud_artifacts.py :401
  • correlate_artifacts ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/correlation.py :54
  • adversarial_review ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/correlation.py :250
  • detect_contradictions ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/correlation.py :449
  • get_fs_statistics ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :26
  • get_image_info ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :76
  • create_mac_timeline ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :133
  • read_raw_block ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :187
  • analyze_slack_space ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :256
  • verify_image_integrity ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/disk_extended.py :328
  • analyze_pdf_doc ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :30
  • analyze_ole_doc ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :118
  • analyze_rtf_doc ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :197
  • analyze_zip_archive ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :265
  • detect_dde_payload ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/document_analysis.py :343
  • parse_pst_ost ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :32
  • parse_thunderbird ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :108
  • parse_eml_file ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :174
  • extract_email_attachments ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :258
  • analyze_email_headers ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/email_artifacts.py :328
  • index_evidence ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/evidence_index.py :20
  • query_evidence ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/evidence_index.py :50
  • evidence_store_stats ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/evidence_index.py :72
  • get_pe_metadata ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_analysis.py :48
  • extract_strings ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_analysis.py :178
  • detect_packer ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_analysis.py :240
  • run_bulk_extractor ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :29
  • carve_files_foremost ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :96
  • carve_files_scalpel ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :154
  • analyze_with_exiftool ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :206
  • calculate_file_hashes ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :265
  • detect_capabilities_capa ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :312
  • extract_floss_strings ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :380
  • get_file_type ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/file_carving.py :456
  • parse_hayabusa ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/hayabusa.py :115
  • list_hayabusa_rules ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/hayabusa.py :205
  • record_hypothesis ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/investigation_state.py :57
  • update_hypothesis ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/investigation_state.py :90
  • get_investigation_state ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/investigation_state.py :138
  • get_linux_processes ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :45
  • get_linux_bash_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :105
  • get_linux_network ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :164
  • get_linux_modules ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :199
  • get_linux_syscall ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :236
  • get_linux_malfind ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :272
  • get_linux_envars ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :302
  • get_linux_mounts ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :343
  • parse_syslog ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :379
  • parse_linux_crontab ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/linux_forensics.py :460
  • create_super_timeline ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/log2timeline.py :30
  • filter_timeline ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/log2timeline.py :62
  • get_browser_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/log2timeline.py :114
  • parse_pcap_summary ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_analysis.py :38
  • extract_dns_queries ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_analysis.py :138
  • parse_arp_cache ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_analysis.py :227
  • parse_zeek_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :41
  • parse_iis_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :165
  • parse_apache_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :276
  • extract_pcap_files ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :365
  • parse_firewall_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :439
  • decode_rdp_bitmap_cache ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :534
  • parse_netflow ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/network_extended.py :589
  • parse_shellbags ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :93
  • parse_windows_timeline ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :173
  • parse_bam_dam ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :224
  • parse_typed_paths ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :285
  • parse_run_mru ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :326
  • parse_open_save_mru ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :376
  • parse_wordwheelquery ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :408
  • parse_installed_software ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :456
  • parse_sam_hive ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :503
  • parse_logon_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/registry_extended.py :539
  • get_partition_table ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :28
  • get_file_listing ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :54
  • extract_file ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :88
  • search_deleted_files ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/sleuthkit.py :126
  • check_tool_availability ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/system_health.py :11
  • lookup_hash_reputation ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :24
  • lookup_domain_reputation ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :97
  • search_mitre_technique ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :173
  • search_ioc_database ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :234
  • calculate_fuzzy_hash_similarity ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/threat_intel_extended.py :267
  • get_process_list ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :75
  • find_injected_code ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :126
  • get_network_connections ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :169
  • get_loaded_dlls ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :214
  • get_command_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :249
  • get_registry_hives ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :289
  • get_registry_key ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :313
  • get_handles ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :349
  • scan_hidden_processes ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :379
  • get_running_services ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :441
  • verify_findings ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :487
  • finish_analysis ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility.py :562
  • get_modules ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :44
  • get_driverirp ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :94
  • get_getsids ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :138
  • get_hashdump ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :189
  • get_lsadump ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :238
  • get_cachedump ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :283
  • get_clipboard ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :319
  • get_atoms ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :359
  • get_sessions ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :403
  • get_mft_memory ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :447
  • get_ads_memory ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :488
  • dump_process ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_advanced.py :520
  • get_privileges ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :58
  • get_mutexes ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :109
  • get_env_vars ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :157
  • get_vad_info ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :213
  • get_ldrmodules ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :268
  • get_ssdt ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :319
  • get_callbacks ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :368
  • get_filescan ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :418
  • get_timeliner ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :471
  • get_devicetree ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/volatility_extended.py :510
  • parse_event_logs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :283
  • parse_shimcache ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :359
  • parse_amcache ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :403
  • parse_prefetch ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :445
  • parse_mft ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :483
  • parse_lnk_files ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :543
  • parse_jump_lists ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :579
  • parse_registry_hive ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :601
  • parse_recycle_bin ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :640
  • parse_srum ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :679
  • parse_usn_journal ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :766
  • lookup_ip_reputation ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :838
  • parse_userassist ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :898
  • parse_recentdocs ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :957
  • parse_network_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :986
  • parse_usb_history ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/windows_artifacts.py :1016
  • scan_file_with_yara ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/yara_tools.py :36
  • scan_memory_with_yara ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/yara_tools.py :67
  • list_yara_rule_sets ahammadshawki8-DeepSIFT-2361dfd/mcp_server/tools/yara_tools.py :98

declared dependencies 10

  • mcp@>=1.0.0
  • langgraph@>=0.2.0
  • chromadb@>=0.5.0
  • sentence-transformers@>=2.2.0
  • anthropic@>=0.25.0
  • langchain@>=0.2.0
  • langchain-anthropic@>=0.1.0
  • python-dotenv@>=1.0.0
  • pytest@>=7.0.0
  • requests@>=2.31.0