Back to Home
sjkim1127 icon

Reversecore_MCP

Verified Safe

by sjkim1127

View Source

Overview

Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.

Installation

Run Command
./scripts/run-docker.sh

Environment Variables

  • MCP_TRANSPORT
  • LOG_LEVEL
  • LIEF_MAX_FILE_SIZE
  • REPORT_SMTP_SERVER
  • REPORT_SMTP_PORT
  • REPORT_SMTP_USERNAME
  • REPORT_SMTP_PASSWORD
  • REPORT_SMTP_USE_TLS
  • REPORT_SENDER_NAME
  • REPORT_QUICK_CONTACTS
  • REPORT_DEFAULT_TIMEZONE
  • REPORT_DEFAULT_CLASSIFICATION
  • REPORT_DEFAULT_ANALYST

Security Notes

The project demonstrates a strong focus on security. It uses robust path validation (`validate_file_path`) to prevent path traversal, strictly filters/blocks dangerous Radare2 commands (`_BLOCKED_R2_COMMANDS`, `_validate_r2_command`), and sanitizes user input for commands and YARA rules. External tool execution is wrapped in `execute_subprocess_async` with timeouts and output limits. Binary patching (`_create_binary_patch`) includes backup creation and audit logging. Ghidra operations are isolated via `asyncio.to_thread`. The system runs within Docker for containment. Potential risks remain from the inherent complexity of integrating numerous external, often powerful, native tools (e.g., Ghidra, Radare2, Capa, Binwalk, DIE), which could have undiscovered vulnerabilities or bypasses if their outputs are malformed or exploited.

Similar Servers

mcp-server-code-execution-mode

258

This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.

Other
8
$Low

TriageMCP

73

Enables an LLM to perform static analysis and triage of PE files using local security tools.

Other
3
$Medium

MalwareBazaar_MCP

22

An AI-driven MCP server interfacing with Malware Bazaar for real-time threat intelligence and sample metadata, supporting cybersecurity research workflows.

Other
8
$Medium

ida_domain_mcp

15

A headless IDA Pro server for remote, programmatic binary analysis and reverse engineering via the Model Context Protocol (MCP).

Other
3
$High

Stats

Interest Score51
Security Score9
Cost ClassMedium
Avg Tokens5000
Stars43
Forks6
Last Update2026-01-05

Tags

reverse engineeringmalware analysisbinary analysisGhidraRadare2AI agentssecurity researchvulnerability detectionthreat huntingforensics