A curated list of reverse engineering tools with MCP (Model Context Protocol) servers, enabling AI-assisted analysis and automation. Help us build the most comprehensive collection by contributing new tools or creating MCP servers for missing categories!

• Disassemblers & Decompilers
• Debuggers
• Static Analysis Tools
• Dynamic Analysis Tools
• Network Analysis
• Android/Mobile RE Tools
• Security Testing Tools
• Missing Categories (Need Community Help!)
• Presentations and Tutorials
• Getting Started with MCP Development
• Contributing
• License

• ida-pro-mcp: Most popular implementation with 20+ tools, automated installation, and streamlined architecture for function analysis and decompilation.
• ida-mcp-server: Python-based implementation for developers preferring Python integration.
• mcp-server-idapro: TypeScript-based MCP server providing tools for binary analysis and script execution.
• ida-mcp-server-plugin: IDA Pro plugin with SSE (Server-Sent Events) protocol support for real-time integration with Claude and Cursor.
• headless-ida-mcp-server: Headless automation-focused server for CI/CD integration and batch processing.

• GhidraMCP: Most comprehensive with 5.4k+ stars, featuring extensive documentation and multi-client support.
• reverse-engineering-assistant: AI-first approach with chain-of-reasoning techniques and tool-driven analysis (ReVa).
• ghidra-mcp: Spring Boot enterprise integration for team environments.
• GhydraMCP: Multi-headed MCP server supporting multiple Ghidra instances.

• binary_ninja_mcp: Seamless Claude Desktop integration with comprehensive plugin architecture.
• binaryninja-mcp: Feature-rich implementation with "superpower" capabilities.
• binja_mcp: Alternative community implementation.
• binja-lattice-mcp: Security-focused with token-based authentication and encrypted communication.

• radare2-mcp: Official Radare2 implementation with 26+ tools via STDIO transport.
• x64dbgMCP: Exposes 40+ x64dbg SDK tools for Windows debugging.
• CutterMCP: Rizin-based analysis with modern GUI integration.

• LLDB: ⭐ Official native MCP support as of June 2025, plus community implementations.
• GDB MCP Server: Multiple implementations providing comprehensive debugging capabilities.

• WinDbg: No MCP implementation (critical gap for Windows/kernel debugging)
• OllyDbg: Missing MCP server
• Immunity Debugger: No MCP integration
• rr debugger: Time-travel debugging without MCP support

• YaraFlux: YARA-based MCP server for malware detection and signature matching.

• BinDiff: No MCP server for binary diffing
• angr: Missing symbolic execution framework integration
• Triton: No dynamic symbolic execution support
• Bindiff: Binary comparison without MCP

• frida-mcp: MCP server for Frida with process management, script injection, and real-time instrumentation.

• Intel Pin: No MCP server for dynamic binary instrumentation
• DynamoRIO: Missing MCP integration for code coverage analysis
• API Monitor: No MCP support for Windows API monitoring
• Process Monitor: Missing MCP server
• Detours: No MCP integration for Windows API hooking

• WireMCP: Wireshark MCP server with threat detection capabilities.
• Burp Suite MCP: Official PortSwigger implementation.
• BurpMCP: Community extension for enhanced security testing.
• ZAP-MCP: OWASP ZAP integration with SQLMap support.

• Fiddler: No MCP server for HTTP debugging
• mitmproxy: Missing MCP integration

• Jadx MCP Plugin: Decompiling Android apps with AI assistance.
• jadx-mcp-server: Alternative JADX integration.
• apktool-mcp-server: APK manipulation and analysis (part of Android RE MCP Suites).
• Frida: Available via frida-mcp for mobile dynamic analysis.

• dex2jar: No MCP server for DEX to JAR conversion
• objection: Missing Frida-based mobile testing integration
• MobSF: No MCP support for Mobile Security Framework
• APK Analyzer: Missing Android Studio integration
• Androguard: No MCP server for Python-based Android analysis

• mcp-for-security: Collection including SQLMap, FFUF, NMAP, Masscan and more.
• Multiple Burp Suite implementations: See Network Analysis section.
• OWASP ZAP: Multiple MCP servers available.

The following categories represent significant opportunities for community contribution. These tools are essential to reverse engineering workflows but currently lack MCP integration:

• UPX: Universal Packer - NO MCP SERVER
• PEiD: Packer identifier - NO MCP SERVER
• Detect It Easy: Signature-based packer detection - NO MCP SERVER
• ExeinfoPE: Executable analyzer - NO MCP SERVER

• MalCat: Dynamic malware analysis - NO MCP SERVER
• Cuckoo Sandbox: Dynamic malware analysis - NO MCP SERVER
• CAPE: Configuration and Payload Extraction - NO MCP SERVER
• Joe Sandbox: Commercial malware analysis - NO MCP SERVER
• ANY.RUN: Interactive malware analysis - NO MCP SERVER
• pestudio: Static malware analysis - NO MCP SERVER

• AFL++: Advanced fuzzing framework - NO MCP SERVER
• libFuzzer: LLVM fuzzing library - NO MCP SERVER
• honggfuzz: Security-oriented fuzzer - NO MCP SERVER
• Radamsa: Test case generator - NO MCP SERVER

• ExifTool: Metadata extraction - NO MCP SERVER
• Foremost: File carving - NO MCP SERVER
• binwalk: Firmware analysis - NO MCP SERVER

• Automated AI Reverse Engineering with MCP for IDA and Ghidra: Live demonstration of MCP plugins with practical examples.
• Using an MCP Server with IDA and VS Code / Roo Code for Vulnerability Research: Comprehensive vulnerability research workflow.
• Setting up IDA Pro MCP server for AI assisted reverse engineering: Step-by-step installation and configuration guide.
• Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI: Guide for local AI integration.

Want to create an MCP server for a missing tool? Here are resources to get started:

• Microsoft MCP for Beginners: Comprehensive curriculum with examples in multiple languages.
• MCP Dev Days: Microsoft's official MCP conference and learning resources.
• MCP Specification: Official protocol documentation.

Most successful RE tool MCP servers follow these patterns:

• Plugin + Bridge Architecture: GUI tools use a plugin that bridges to an external MCP server
• SSE (Server-Sent Events): Preferred transport for real-time integration
• Headless Variants: Automation-focused servers for CI/CD workflows
• Security-First: OAuth 2.1, encrypted communication, and sandboxed execution

Check out the simplest implementations in each category:

• IDA Pro: mrexodia/ida-pro-mcp - Clean, well-documented architecture
• Ghidra: suidpit/ghidra-mcp - Straightforward Java implementation
• Static Analysis: ThreatFlux/YaraFlux - Simple YARA integration

Based on community needs assessment:

1. Fuzzing Tools: AFL++ integration would enable AI-guided fuzzing
2. Windows Debugging: WinDbg MCP would complete debugger ecosystem
3. Malware Sandboxes: Cuckoo/CAPE integration for automated analysis

• World's Biggest MCP Hackathon: May 2025 event with $10K+ prizes
• HuggingFace Agents-MCP Hackathon: 4,100+ participants, $16.5K prizes
• MCP Dev Days: Microsoft's July 2025 virtual conference

• Twitter: Share your MCP servers with @EdwardCrowderX
• Awesome Lists: awesome-mcp-servers, awesome-mcp-security
• Community Hubs: PulseMCP, Glama MCP

We welcome contributions! Here's how you can help:

1. Found an MCP server we missed? Open a PR with the tool details
2. Created your own MCP server? We'd love to feature it!
3. Know of tools that need MCP servers? Add them to the "Missing" sections

• Add implementation details (language, transport method, key features)
• Update status information (experimental, active, production-ready)
• Include links to documentation, tutorials, or demo videos

Priority areas needing development:

• Packers/Unpackers (UPX, PEiD, DIE)
• Fuzzing Tools (AFL++, libFuzzer, honggfuzz)
• Windows Debugging (WinDbg)
• Malware Analysis (Cuckoo, CAPE)

When submitting entries, please include:

• Brief description of the tool's purpose
• Key features and capabilities
• Implementation status (experimental/active/production)
• Primary transport method (SSE/STDIO/HTTP)
• Compatible clients (Claude Desktop, Cursor, VSCode, etc.)

This list is released under the MIT license.

Legend: ⭐ = Well-established with multiple implementations | 🚨 = Critical gap needing community contribution