Skip to main content
Glama

RE-MCP Server

Reverse Engineering Model Context Protocol Server

A local, privacy-first server that orchestrates Ghidra, Binary Ninja, x64dbg, and system tools to provide AI assistants (including Grok, Claude, and Cursor) with powerful binary analysis capabilities. All processing occurs locally; sensitive binaries are never transmitted to external services.

Key Benefits

  • Accelerated Analysis — Automates repetitive reverse engineering tasks through integrated tool orchestration and AI-assisted summarization.

  • Privacy by Design — Binaries and analysis results remain entirely on the analyst’s infrastructure.

  • Dual Interface — Supports both human analysts via a web dashboard and AI agents through standardized tool-calling interfaces.

  • Enterprise Ready — Designed with audit logging, compliance workflows, and extensibility for team and organizational deployments.

  • Extensible Architecture — Clean API surface and modular design support future integration with additional reverse engineering platforms and custom analysis scripts.

Related MCP server: pwndbg-lldb-mcp

Installation

git clone https://github.com/your-org/re-mcp-server.git
cd re-mcp-server
python -m venv .venv
source .venv/bin/activate
pip install -e .
re-mcp --port 8000

Using Docker

docker build -t re-mcp-server .
docker run -p 8000:8000 \
  -e GHIDRA_INSTALL_DIR=/path/to/ghidra \
  -v /path/to/local/binaries:/data \
  re-mcp-server

Using pip (when published)

pip install re-mcp-server
re-mcp --port 8000

After starting the server:

Ghidra Integration

To enable full Ghidra headless analysis, set the following environment variable prior to starting the server:

export GHIDRA_INSTALL_DIR=/path/to/your/ghidra_11.0_PUBLIC
uvicorn main:app --reload --port 8000

When analyzeHeadless is detected, the server provides:

  • POST /ghidra_analyze endpoint for headless import and automated analysis

  • ghidra_analyze_binary tool for AI agent integration

  • "Deep Ghidra" functionality in the web dashboard

Analysis executes within an isolated temporary project directory with automatic cleanup upon completion.

Integration with AI Assistants

Configure AI assistants to use the server by including the following guidance in system prompts or tool configurations:

You have access to a local RE-MCP Server at http://localhost:8000.
Use the /call_tool endpoint with tool names returned by GET /tools.
All binary content remains on the local system.

The server publishes OpenAI-compatible tool schemas that are directly consumable by modern agent frameworks.

Core Endpoints

Endpoint

Description

GET /health

Server status and available capabilities

GET /tools

OpenAI-compatible tool definitions

POST /call_tool

Execute a registered tool (recommended for agents)

POST /analyze

Perform static analysis on a local binary

POST /summarize

Generate executive Markdown summary with risk assessment

POST /search_symbols

Search symbol table with contextual results

POST /export_markdown

Export structured Markdown analysis report

POST /ghidra_analyze

Execute full Ghidra headless analysis

Future Development

Planned enhancements include:

  • Native Binary Ninja Python API integration

  • Remote control interface for x64dbg (Windows)

  • Multi-user team features with audit logging and role-based access controls

  • Cryptographic signing of analysis artifacts for compliance workflows

Persistent session memory (introduced in v0.3) enables analysts and AI agents to organize work into named sessions, persist analysis results, and accumulate structured findings over time.

Security and Compliance

  • All binary analysis executes locally; no data is transmitted externally.

  • Action logging is provided to support SOC 2 and audit requirements.

  • Future releases will include support for signed analysis provenance.

Paid Pilot Program

RE-MCP Server is currently available for select paid pilot engagements with qualified organizations.

Target Participants

  • Red team and offensive security organizations

  • Malware research and threat intelligence teams

  • Firmware and embedded systems security groups

  • DFIR and incident response consultancies

  • Defense and critical infrastructure security teams

Pilot Scope (8–12 weeks)

  • Full access to current capabilities (Ghidra integration, persistent session memory, AI agent tooling, Executive Dashboard)

  • Dedicated support channel and priority feature input

  • Custom onboarding and workflow integration assistance

  • Option to influence roadmap priorities

Pilot Objectives

  • Validate time savings and risk reduction in real operational environments

  • Assess fit for team collaboration and compliance workflows

  • Gather structured feedback for v1.0 commercial release

Engagement Model Pilot engagements are offered on a fixed-fee basis with clear success criteria defined jointly with the participating organization. Successful pilots have a direct path to annual licensing.

Organizations interested in participating should contact the team with a brief description of their use case and team size.

F
license - not found
-
quality - not tested
B
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Steeve-Crypto/AnotherRE-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server