Built as a Python-based MCP server that bridges Binary Ninja's API with LLMs, requiring Python 3.8+ and various Python packages including Pydantic for data validation
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@BinAssistMCPdecompile the main function and explain what it does"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
BinAssistMCP
Comprehensive Model Context Protocol (MCP) server for Binary Ninja with AI-powered reverse engineering capabilities
Summary
BinAssistMCP is a powerful bridge between Binary Ninja and Large Language Models (LLMs) like Claude, providing comprehensive reverse engineering tools through the Model Context Protocol (MCP). It enables AI-assisted binary analysis by exposing Binary Ninja's advanced capabilities through Server-Sent Events (SSE) and Streamable HTTP transports.
Key Features
MCP 2025-11-25 Compliant: Full support for tool annotations, resources, and prompts
Dual Transport Support: SSE (Server-Sent Events) and Streamable HTTP transports
36 Consolidated Tools: Streamlined Binary Ninja API wrapper with unified tool design
8 MCP Resources: Browsable, cacheable binary metadata
7 Guided Prompts: Pre-built workflows for common reverse engineering tasks
Multi-Binary Sessions: Concurrent analysis of multiple binaries with intelligent context management
Analysis Caching: LRU cache with binary-scoped invalidation for improved performance
Async Task Support: Non-blocking execution for long-running operations
Thread-Safe: RLock-based synchronization for concurrent access
Auto-Integration: Seamless Binary Ninja plugin with automatic startup capabilities
Use Cases
AI-Assisted Reverse Engineering: Leverage LLMs for intelligent code analysis and documentation
Protocol Analysis: Trace network data flows and reconstruct protocol structures
Vulnerability Research: Systematic security audits with guided workflows
Automated Binary Analysis: Script complex analysis workflows with natural language
Code Understanding: Generate comprehensive documentation and explanations
Related MCP server: Binary Ninja MCP
Architecture
src/binassist_mcp/
├── server.py # FastMCP server - SSE/Streamable HTTP transport, tool registration
├── tools.py # Binary Ninja API wrapper - 36 MCP tools
├── plugin.py # Binary Ninja plugin integration
├── context.py # Thread-safe multi-binary session management
├── config.py # Pydantic configuration with Binary Ninja settings
├── prompts.py # 7 guided workflow prompts
├── resources.py # 8 MCP resource definitions
├── cache.py # LRU analysis cache with invalidation
├── tasks.py # Async task manager for long-running operations
├── logging.py # Binary Ninja logging integration
└── utils.py # Utility functions
__init__.py # Plugin entry point (root level)Tools (36 Total)
BinAssistMCP provides 36 tools organized into functional categories. Tools include MCP annotations (readOnlyHint, idempotentHint) to help clients make informed decisions.
Binary Management
Tool | Description |
| List all loaded binary files |
| Check analysis status and metadata |
| Force analysis update and wait for completion |
Code Analysis (Consolidated)
Tool | Description |
| Unified code retrieval - supports formats: |
| Get Low-Level IL for a function |
| Comprehensive function analysis with control flow and complexity metrics |
| Get basic block information for control flow analysis |
| Get stack frame layout with variable offsets |
Cross-References (Consolidated)
Tool | Description |
| Unified cross-references - actions: |
Comments (Consolidated)
Tool | Description |
| Unified comment management - actions: |
Variables (Consolidated)
Tool | Description |
| Unified variable management - actions: |
Types (Consolidated)
Tool | Description |
| Unified type management - actions: |
| List all classes and structures |
Function Discovery
Tool | Description |
| List all functions with metadata (paginated) |
| Find functions by name pattern |
| Advanced filtering by size, complexity, parameters |
| Multi-target search (name, comments, calls, variables) |
| Comprehensive statistics for all functions |
Symbol Management
Tool | Description |
| Rename functions and data variables |
| Rename multiple symbols in one operation |
| List namespaces and symbol organization |
Binary Information
Tool | Description |
| Import table grouped by module |
| Export table with symbol information |
| String extraction with filtering |
| Search strings by pattern |
| Memory segment layout |
| Binary section information |
Data Analysis
Tool | Description |
| Define data variables at addresses |
| List all defined data variables |
| Read and analyze raw data |
| Search for byte patterns in binary |
Navigation
Tool | Description |
| Get current cursor position with context |
| Identify function at current address |
Task Management
Tool | Description |
| Check status of async operations |
| List all pending/running tasks |
| Cancel a running task |
MCP Resources (8 Total)
Resources provide browsable, cacheable data that clients can access without tool calls.
URI Pattern | Description |
| Complete binary overview |
| All functions with metadata |
| Import table |
| Export table |
| String table |
| Binary metadata (arch, platform, entry point) |
| Memory segments with permissions |
| Binary sections |
MCP Prompts (7 Total)
Pre-built prompts guide LLMs through structured analysis workflows.
Prompt | Arguments | Description |
|
| Comprehensive function analysis workflow |
|
| Security audit checklist (memory safety, input validation, crypto) |
|
| Generate Doxygen-style documentation |
|
| Track data dependencies and taint propagation |
|
| Diff two functions for similarity analysis |
|
| Recover structure definitions from usage patterns |
|
| Trace POSIX/Winsock send/recv for protocol analysis |
Example: Network Protocol Analysis
The trace_network_data prompt guides analysis of network communication:
Identify Network Functions: Finds POSIX (
send/recv/sendto/recvfrom) and Winsock (WSASend/WSARecv) callsTrace Call Stacks: Maps application handlers down to network I/O
Analyze Buffers: Identifies protocol structures (headers, length fields, TLV encoding)
Reconstruct Protocols: Generates C struct definitions for message formats
Security Assessment: Checks for buffer overflows, integer issues, information disclosure
Installation
Prerequisites
Binary Ninja: Version 4000 or higher
Python: 3.8+ (typically bundled with Binary Ninja)
Platform: Windows, macOS, or Linux
NOTE: Windows users should start with: BinAssistMCP on Windows
Option 1: Binary Ninja Plugin Manager (Recommended)
Open Binary Ninja
Navigate to Tools → Manage Plugins
Search for "BinAssistMCP"
Click Install
Restart Binary Ninja
Option 2: Manual Installation
# Clone the repository
git clone https://github.com/jtang613/BinAssistMCP.git
cd BinAssistMCP
# Install dependencies
pip install -r requirements.txtCopy to your Binary Ninja plugins directory:
Platform | Path |
Windows |
|
macOS |
|
Linux |
|
Configuration
Binary Ninja Settings
Open Edit → Preferences → binassistmcp:
Setting | Default | Description |
|
| Server bind address |
|
| Server port |
|
| Transport: |
|
| Maximum concurrent binaries |
|
| Auto-start server on file load |
Environment Variables
export BINASSISTMCP_SERVER__HOST=localhost
export BINASSISTMCP_SERVER__PORT=9090
export BINASSISTMCP_SERVER__TRANSPORT=streamablehttp
export BINASSISTMCP_BINARY__MAX_BINARIES=10Usage
Starting the Server
Via Binary Ninja Menu:
Tools → BinAssistMCP → Start Server
Check log panel for:
BinAssistMCP server started on http://localhost:9090
Auto-Startup: Server starts automatically when Binary Ninja loads a file (configurable).
Connecting MCP Clients
Streamable HTTP (Default):
http://localhost:9090/mcpServer-Sent Events:
http://localhost:9090/sseClaude Desktop Configuration
Add to your Claude Desktop MCP configuration (claude_desktop_config.json):
{
"mcpServers": {
"binassist": {
"url": "http://localhost:9090/mcp"
}
}
}Integration Examples
Basic Function Analysis
User: "Analyze the main function and explain what it does"
Claude uses:
1. get_functions() - find main
2. get_code(format='decompile') - get readable code
3. xrefs_tool(action='refs_from') - find called functions
4. analyze_function() - get complexity metricsVulnerability Research
User: "Find buffer overflow vulnerabilities in input handling functions"
Claude uses:
1. search_functions_advanced(search_in='calls') - find memcpy/strcpy callers
2. get_code(format='decompile') - examine implementations
3. variables_tool(action='list') - check buffer sizes
4. comments_tool(action='set') - document findingsProtocol Reverse Engineering
User: "Analyze the network protocol used by this binary"
Claude uses the trace_network_data prompt:
1. Identifies send/recv call sites
2. Traces data flow from handlers to network I/O
3. Reconstructs message structures
4. Checks for network vulnerabilitiesTroubleshooting
Server Issues
Problem | Solution |
Server won't start | Check port 9090 availability, verify dependencies |
Connection refused | Ensure server is running, check firewall settings |
Tools return errors | Wait for analysis completion, verify binary is loaded |
Performance
Slow decompilation: Results are cached; second request is faster
Memory usage: Reduce
max_binariessettingLong operations: Check task status with
get_task_status
Logs
Check Binary Ninja's Log panel for detailed error messages.
Contributing
Fork the repository
Create a feature branch
Follow existing code patterns (Pydantic models, type hints, docstrings)
Test with multiple binary types
Submit a pull request
License
This project is licensed under the MIT License - see the LICENSE file for details.