Model Context Protocol moderate risk

Binary Ninja

Binary Ninja MCP enables seamless integration between Binary Ninja and LLM clients, enhancing reverse engineering workflows with AI assistance.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Install

pip install -r

Config

{
    "mcpServers": {
        "binary_ninja_mcp": {
            "command": "/ABSOLUTE/PATH/TO/Binary Ninja/plugins/repositories/community/plugins/fosdickio_binary_ninja_mcp/.venv/bin/python",
            "args": [
                "/ABSOLUTE/PATH/TO/Binary Ninja/plugins/repositories/community/plugins/fosdickio_binary_ninja_mcp/bridge/binja_mcp_bridge.py"
            ]
        }
    }
}

Exposed MCP Tools (7)

safe

decompile_function

Decompiles a function by name or address, returning HLIL-like code.

Read-only operation that retrieves decompiled code.

safe

get_assembly_function

Retrieves the assembly representation of a function by name or address.

Read-only operation that retrieves assembly code.

moderate

define_types

Adds type definitions from a C string type definition.

Modifies the binary analysis by adding type information.

high

make_function_at

Creates a function at a specified address.

Can create new functions, potentially altering program control flow.

safe

get_xrefs_to

Get all cross references (code and data) to an address.

Read-only operation that retrieves cross-reference information.

safe

get_comment

Get the comment at a specific address.

Read-only operation that retrieves comments.

moderate

delete_comment

Delete the comment at a specific address.

Deletes a comment at a specific address.

Safety Assessment

Binary Ninja MCP is generally safe for reverse engineering tasks when used with caution. The read-only operations pose minimal risk, but users should exercise care when using tools that modify the binary analysis or create new functions. It is risky if combined with an untrusted LLM that could generate malicious modifications.

Primarily focuses on reverse engineering tasks.
Requires user interaction to initiate actions.
No direct internet access from the core plugin.
Most operations are read-only, retrieving information from the binary.

Includes tools that can modify the binary analysis (e.g., adding comments, defining types).
Potential for misuse if combined with unrestricted LLM prompts.
Requires careful handling of user-defined types and comments to avoid unintended consequences.
The `make_function_at` tool could lead to unexpected code execution if used improperly.