ida_domain_mcp
Verified Safeby xxyyue
Overview
Provides a headless Model Context Protocol (MCP) server for IDA Pro, enabling AI agents or MCP clients to programmatically open, analyze, and control IDA databases for reverse engineering workflows.
Installation
uvx ida-domain-mcp --transport http://127.0.0.1:8744Environment Variables
- IDADIR
Security Notes
The server exposes powerful IDA Pro functionalities, including arbitrary assembly patching (`patch_address_assembles`) and direct access to IDA's internal APIs (`ida_tools.py` via `getattr`). An attacker or compromised client could use these capabilities to modify binaries, access local files, or potentially execute arbitrary code within the IDA Pro environment. The use of `multiprocessing.Pipe` and `getattr` for tool execution, while common, means a malicious client with access to the MCP endpoint could invoke any exposed function with arbitrary arguments. The default HTTP SSE transport binds to localhost, mitigating remote exploitation, but still poses a risk if local access is gained or if exposed externally without explicit authentication/authorization, which is not provided by the server itself. Careful consideration of client trust and network exposure is critical.
Similar Servers
ida-pro-mcp
AI-powered reverse engineering assistant that bridges IDA Pro with language models through the Model Context Protocol (MCP).
GhidrAssistMCP
Enables AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized Model Context Protocol (MCP) API.
jadx-mcp-server
Provides an MCP server for LLMs to perform automated Android APK reverse engineering, vulnerability analysis, and manifest parsing by interacting with a JADX-AI-MCP plugin.
tmcp
Build Model Context Protocol (MCP) servers for AI agents, enabling them to access context and execute tools.