jadx-daemon-mcp
by wrlu
Overview
Decompile and analyze Android application binaries (APKs, DEX, JAR) by exposing a programmatic HTTP API.
Installation
python3 jadx-daemon-mcp/server.pyEnvironment Variables
- JADX_DAEMON_MCP_HOST
- JADX_DAEMON_MCP_PORT
Security Notes
The server lacks authentication, allowing any client with network access to invoke its APIs. It accepts file paths (`filePath`, `dirPath`) directly from user-controlled query parameters, posing a significant risk of arbitrary file loading or path traversal. This could lead to information disclosure from the server's filesystem or potential exploitation through malformed input files processed by the underlying Jadx library. While the Java daemon defaults to binding on 'localhost', a misconfiguration of 'JADX_DAEMON_MCP_HOST' could expose it externally without any access controls.
Similar Servers
jadx-ai-mcp
Integrates an LLM with JADX decompiler to analyze Android APKs, uncover vulnerabilities, and assist in reverse engineering through a Model Context Protocol (MCP) server.
jadx-mcp-server
Facilitates live, LLM-driven reverse engineering and vulnerability analysis of Android APKs by integrating JADX with the Model Context Protocol.
kom
Manages Kubernetes clusters and resources through an SDK-level wrapper and an MCP (Multi-Cluster Platform) server, offering features like CRUD, file operations, log fetching, and SQL-like querying.
easy-code-reader
Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.