MCP Hub
Back to servers

Rogue Binary MCP

Rust MCP server for binary analysis and reverse engineering.

Registry
Stars
14
Forks
2
Updated
Apr 25, 2026
Validated
Apr 27, 2026
View Source
Claim this server

Rogue Binary MCP

Death to Malware.

rbinmcp is a Rust MCP server for binary analysis, reverse engineering, and malware triage. It is built specifically for AI agents, with compact outputs and focused follow-up tools designed to keep analysis token cost low.

The project is intentionally focused on binary work. The production MCP surface helps an agent inspect binaries, collect evidence, compare artifacts, and pivot into deeper reverse-engineering views.

Public documentation: Rogue Binary Wiki

What It Provides

  • Fast first-pass binary triage through triage_binary
  • Static PE, ELF, and Mach-O parsing through static_view
  • radare2-backed sessions, metadata, search, disassembly, decompilation, xrefs, traces, and compact function projections
  • Ghidra-backed import, cached project inspection, decompilation, CFGs, xrefs, P-code, callsite facts, and targeted analysis slices
  • Native wrappers for file, strings, objdump, radiff2, and the Rust binwalk crate
  • Pure Rust analysis for hardening/security properties, static call graphs, capability clustering, fuzzable-function suggestions, component evidence, entropy, compiler and packer hints, crypto constants, DLL export shape, MBA simplification, and VM bytecode helpers
  • AI-agent usability helpers for tool discovery, backend status, workflows, and error guidance

Run list_tools from an MCP client for the authoritative live tool list.

Start Here

Use these tools first when analyzing an unknown binary:

  • get_backend_status - confirm which optional backends are available
  • list_tools or lookup_tool - discover the exact live surface
  • triage_binary - file hashes, format, sections, imports, function stats, strings, xref-heavy functions, and call-graph summary
  • static_view - quick PE/ELF/Mach-O metadata without opening r2
  • binary_security_properties - Rust-native hardening posture with direct evidence and bounded output
  • static_callgraph - Rust-native x86/x64 call graph summary with paged nodes, edges, confidence, and external fanout
  • binary_capabilities - ranked capability families with import/callgraph evidence and source function attachments
  • fuzzable_functions - bounded fuzz target suggestions with evidence and follow-up tool calls
  • binary_component_profile - high-confidence component evidence, imported libraries, and low-confidence runtime hints
  • r2_open then r2_function_view - cheap function triage and compact control-flow context
  • ghidra_import then ghidra_decompiler_calls - import once, then query focused decompiler projections
  • ghidra_callsite_facts - listing-grounded call argument evidence when pseudocode may be misleading

Tool Families

Orchestration

  • triage_binary builds a compact multi-backend overview for one binary.
  • int_convert converts decimal, hex, binary, and octal values with printable ASCII context.

Static Parsing

  • static_view reads PE, ELF, and Mach-O metadata through goblin.
  • Supported static modes include format info, sections, imports, exports, relocations, libraries, and entry points.
  • Universal/fat Mach-O containers are projected through a selected architecture slice so agents can inspect real sections, imports, libraries, and entry points without a separate preprocessing step.
  • export_hash_resolve resolves API/export hashes against local PE/DLL export corpora and optional candidates.

Native Tools

  • file_identify wraps file(1) for human file type and MIME type.
  • strings_extract wraps strings(1) with structured limits and offsets.
  • objdump_view exposes mode-driven headers, disassembly, section dumps, and archive-member views.
  • objdump_search_disasm searches objdump disassembly and returns contextual matches.
  • binary_diff wraps radiff2 for code, graph, and byte-oriented binary diffs.
  • binwalk_scan uses the Rust binwalk crate for embedded signature scans.

radare2 Tools

  • Session lifecycle: r2_open, r2_close, r2_sessions, and r2_cmd.
  • Metadata and inventory: r2_metadata, r2_find, r2_classes, r2_imports_grouped, and r2_lookup_address.
  • Code views: r2_disassemble, r2_decompile, and r2_function_view.
  • References and flow: r2_xrefs, r2_trace_data_flow, r2_value_trace, and r2_var_xrefs.
  • Focused binary projections: r2_path_digest, r2_artifact_summary, r2_field_xrefs, r2_jump_table_slices, and r2_esil_accesses.
  • Byte and expression helpers: r2_get_bytes and r2_calculate.

Prefer r2_function_view mode analyze for first-pass function triage, then use mode cfg, refs, vars, profile, or strings when narrowing the question.

Ghidra Tools

  • Availability and cache: ghidra_check, ghidra_import, ghidra_project_binaries, ghidra_binary_metadata, and ghidra_delete_binary.
  • Inventory and search: ghidra_inventory, ghidra_xrefs, ghidra_search_bytes, ghidra_read_bytes, and symbol/string/data modes through inventory.
  • Code views: ghidra_decompile, ghidra_decompile_meta, ghidra_disassemble, ghidra_pcode, ghidra_cfg, ghidra_callgraph, and ghidra_decompiler_cfg.
  • Decompiler projections: ghidra_decompiler_calls, ghidra_decompiler_block_behavior, ghidra_decompiler_memory, ghidra_decompiler_slice, and ghidra_decompiler_divergence.
  • Function evidence: ghidra_callsite_slices, ghidra_callsite_facts, ghidra_function_checkpoints, ghidra_function_dossier, ghidra_path_digest, ghidra_variables, and ghidra_thunk_target.
  • Specialized reverse-engineering views: ghidra_dynamic_dispatch_table, ghidra_context_api_slots, ghidra_jump_table_field_summary, ghidra_field_flow, ghidra_field_lineage, ghidra_indirect_jump_slices, and ghidra_local_buffer_slices.
  • Persistent project edits: ghidra_rename_function, ghidra_set_function_prototype, ghidra_set_bookmark, ghidra_set_comment, ghidra_create_label, and ghidra_create_function.

Import is cache-backed by SHA-256. Most read tools use the warm path with analyzeHeadless -process <name> -noanalysis, so the expensive import and analysis work happens once per binary.

For large targets, use ghidra_decompiler_calls first, then narrow with ghidra_decompiler_block_behavior, ghidra_decompiler_memory, ghidra_decompiler_slice, or ghidra_callsite_facts.

Analysis Tools

  • binary_security_properties reports Rust-native loader and hardening properties for PE, ELF, and Mach-O: NX/DEP, PIE/ASLR, RELRO/bind-now, executable stack, RPATH/RUNPATH, PE CFG/SafeSEH/Authenticode indicators, and Mach-O code signature/hardened-runtime hints.
  • static_callgraph builds a bounded Rust-native x86/x64 graph from PE, ELF, and Mach-O executable sections using iced-x86, with function seeds from entry points, exports, symbols, PE unwind ranges, section starts, and direct call targets. It resolves static import thunks and stubs where evidence is available, then reports direct calls, tailcalls, import/API fanout, top connected functions, and per-edge confidence.
  • binary_capabilities clusters imports, symbols, and static-callgraph external calls into capability families such as network, file I/O, process/thread, registry, crypto, compression, anti-debug, dynamic loading, and memory allocation/protection.
  • fuzzable_functions ranks functions by parser/decoder/input-handling names, proximity to file/network/compression APIs, callgraph position, and thunk/runtime penalties. Results are fuzzing-interest suggestions with evidence, not vulnerability claims.
  • binary_component_profile separates high-confidence components, imported shared libraries, and low-confidence runtime/package hints. The first pass supports Go build info, Rust cargo-auditable .dep-v0 sections when decodable, imported library inventory, and .NET runtime hints.
  • entropy_profile scores section entropy and packer likelihood.
  • compiler_packer_detect identifies compiler, runtime, packer, and protector hints.
  • crypto_detect scans bytes for common crypto constants.
  • dll_export_profile analyzes DLL exports, dispatch shape, lifecycle hints, and plugin/host indicators.

AI-Agent Usability And Reference Helpers

These helpers reduce context cost while using rbinmcp:

  • Tool discovery: list_tools, lookup_tool, lookup_r2_cmd, and get_workflow
  • Runtime help: get_backend_status, get_architecture, get_ghidra_info, and lookup_error

Install

rbinmcp is published in the MCP registry as:

io.github.kirkderp/rbinmcp

The registry package points to the public OCI image:

ghcr.io/kirkderp/rbinmcp:1.0.0

Run the image directly:

docker run --rm -i ghcr.io/kirkderp/rbinmcp:1.0.0

For binary analysis, mount the directory that contains the samples you want the MCP server to read:

docker run --rm -i \
  -v /absolute/path/to/samples:/samples:ro \
  ghcr.io/kirkderp/rbinmcp:1.0.0

Then use paths inside the container, such as /samples/app.exe, when calling tools.

To keep overflow output, r2 sessions, temporary files, and Ghidra cache data across container runs, add a cache volume:

docker run --rm -i \
  -v rbinmcp-cache:/cache/rbinmcp \
  -v /absolute/path/to/samples:/samples:ro \
  ghcr.io/kirkderp/rbinmcp:1.0.0

Generic MCP client command:

{
  "command": "docker",
  "args": [
    "run",
    "--rm",
    "-i",
    "-v",
    "/absolute/path/to/samples:/samples:ro",
    "-v",
    "rbinmcp-cache:/cache/rbinmcp",
    "ghcr.io/kirkderp/rbinmcp:1.0.0"
  ]
}

The image includes the rbm-server binary, bundled Ghidra postScripts, Ghidra, radare2, radiff2, file, strings, objdump, Rust-native analysis, and the cache defaults needed by the MCP tools.

Configuration

Environment variables:

  • RBINMCP_CACHE_DIR - override the cache root
  • GHIDRA_INSTALL_DIR - Ghidra install root
  • RBINMCP_GHIDRA_SCRIPTS_DIR - override bundled script directory
  • RBINMCP_GHIDRA_TIMEOUT - standard Ghidra call timeout in seconds, default 60
  • RBINMCP_GHIDRA_IMPORT_TIMEOUT - Ghidra import timeout in seconds, default 900
  • RBINMCP_R2_OPEN_TIMEOUT - radare2 open timeout in seconds, default 120
  • RBINMCP_NATIVE_TIMEOUT - native tool timeout in seconds, default 60

Default cache root is the platform user cache directory plus rbinmcp, unless RBINMCP_CACHE_DIR is set.

Cache contents:

  • overflow/ for large MCP responses written by the output guard
  • ghidra/ for per-SHA-256 Ghidra projects
  • r2_sessions/ for r2 session state
  • tmp/ for temporary tool files

Recommended Workflows

Quick triage:

  1. get_backend_status
  2. file_identify
  3. triage_binary
  4. static_view with mode=info
  5. binary_security_properties
  6. static_callgraph
  7. binary_capabilities
  8. fuzzable_functions
  9. binary_component_profile
  10. strings_extract

Quick binary posture:

  1. file_identify
  2. static_view with mode=info
  3. binary_security_properties
  4. entropy_profile
  5. compiler_packer_detect
  6. binary_component_profile

Callgraph-first triage:

  1. static_view with mode=info
  2. static_callgraph with default paging
  3. binary_capabilities to rank API families and source functions
  4. Pick a high-signal function from top_connected_functions, external_api_fanout, or capability evidence
  5. r2_function_view with mode=analyze
  6. ghidra_decompiler_calls only after narrowing the function

Capability triage:

  1. static_view with mode=imports
  2. binary_capabilities
  3. Pivot from a ranked capability source function into r2_function_view
  4. Use ghidra_decompiler_calls or ghidra_callsite_facts only for the narrowed function

Fuzz target discovery:

  1. static_callgraph with bounded paging
  2. binary_capabilities to identify input-facing API families
  3. fuzzable_functions to rank parser, decoder, unpacking, and input-handling candidates
  4. r2_function_view on a candidate address before drafting a harness
  5. ghidra_callsite_facts for exact argument setup at selected input API callsites

Component inventory:

  1. static_view with mode=info
  2. binary_component_profile
  3. Review identified_components, imported_libraries, and low_confidence_hints separately
  4. Use strings_extract only when a low-confidence runtime hint needs manual confirmation

r2 function analysis:

  1. r2_open
  2. r2_metadata with mode=functions
  3. r2_function_view with mode=analyze
  4. r2_function_view with mode=cfg or mode=refs
  5. r2_disassemble or r2_decompile only after narrowing the target

Ghidra decompiler workflow:

  1. ghidra_check
  2. ghidra_import
  3. ghidra_project_binaries
  4. ghidra_inventory with mode=functions
  5. ghidra_decompiler_calls
  6. ghidra_callsite_facts for exact listing-grounded call setup
  7. ghidra_cfg when decompiler CFG is invalid, timed out, or too transformed

Packed or staged binary workflow:

  1. entropy_profile
  2. binwalk_scan
  3. compiler_packer_detect
  4. r2_path_digest or ghidra_path_digest
  5. ghidra_dynamic_dispatch_table when a hash/API dispatcher is suspected

Binary comparison workflow:

  1. file_identify for both files
  2. binary_diff with mode=code
  3. binary_diff with mode=graph
  4. binary_diff with mode=bytes

Security And License

Reviews

No reviews yet

Sign in to write a review