Built as a Python-based MCP server that bridges Binary Ninja's API with LLMs, requiring Python 3.8+ and various Python packages including Pydantic for data validation
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@BinAssistMCPdecompile the main function and explain what it does"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
BinAssistMCP
Comprehensive Model Context Protocol (MCP) server for Binary Ninja with AI-powered reverse engineering capabilities
Summary
BinAssistMCP is a powerful bridge between Binary Ninja and Large Language Models (LLMs) like Claude, providing comprehensive reverse engineering tools through the Model Context Protocol (MCP). It enables AI-assisted binary analysis by exposing Binary Ninja's advanced capabilities through Server-Sent Events (SSE) and Streamable HTTP transports.
Key Features
MCP 2025-11-25 Compliant: Full support for tool annotations, resources, and prompts
Dual Transport Support: SSE (Server-Sent Events) and Streamable HTTP transports
39 Consolidated Tools: Streamlined Binary Ninja API wrapper with unified tool design
8 MCP Resources: Browsable, cacheable binary metadata
7 Guided Prompts: Pre-built workflows for common reverse engineering tasks
Multi-Binary Sessions: Concurrent analysis of multiple binaries with intelligent context management
Analysis Caching: LRU cache with binary-scoped invalidation for improved performance
Async Task Support: Non-blocking execution for long-running operations
Thread-Safe: RLock-based synchronization for concurrent access
Auto-Integration: Seamless Binary Ninja plugin with automatic startup capabilities
Use Cases
AI-Assisted Reverse Engineering: Leverage LLMs for intelligent code analysis and documentation
Protocol Analysis: Trace network data flows and reconstruct protocol structures
Vulnerability Research: Systematic security audits with guided workflows
Automated Binary Analysis: Script complex analysis workflows with natural language
Code Understanding: Generate comprehensive documentation and explanations
Related MCP server: Binary Ninja MCP
Architecture
src/binassist_mcp/
├── server.py # FastMCP server - SSE/Streamable HTTP transport, tool registration
├── tools.py # Binary Ninja API wrapper - 39 MCP tools
├── plugin.py # Binary Ninja plugin integration
├── context.py # Thread-safe multi-binary session management
├── config.py # Pydantic configuration with Binary Ninja settings
├── prompts.py # 7 guided workflow prompts
├── resources.py # 8 MCP resource definitions
├── cache.py # LRU analysis cache with invalidation
├── tasks.py # Async task manager for long-running operations
├── logging.py # Binary Ninja logging integration
└── utils.py # Utility functions
__init__.py # Plugin entry point (root level)Tools (39 Total)
BinAssistMCP provides 39 tools organized into functional categories. Tools include MCP annotations (readOnlyHint, idempotentHint) to help clients make informed decisions.
Binary Management
Tool | Description |
| List all loaded binary files |
| Check analysis status and metadata |
| Force analysis update and wait for completion |
Code Analysis (Consolidated)
Tool | Description |
| Unified code retrieval - supports formats: |
| Get Low-Level IL for a function |
| Comprehensive function analysis with control flow and complexity metrics |
| Get basic block information for control flow analysis |
| Get stack frame layout with variable offsets |
Cross-References (Consolidated)
Tool | Description |
| Unified cross-references - actions: |
Comments (Consolidated)
Tool | Description |
| Unified comment management - actions: |
Variables (Consolidated)
Tool | Description |
| Unified variable management - actions: |
Types (Consolidated)
Tool | Description |
| Unified type management - actions: |
| List all classes and structures |
Function Discovery
Tool | Description |
| List all functions with metadata (paginated) |
| Find functions by name pattern |
| Advanced filtering by size, complexity, parameters |
| Multi-target search (name, comments, calls, variables) |
| Comprehensive statistics for all functions |
Symbol Management
Tool | Description |
| Rename functions and data variables |
| Rename multiple symbols in one operation |
| List namespaces and symbol organization |
Binary Information
Tool | Description |
| Import table grouped by module |
| Export table with symbol information |
| String extraction with filtering |
| Search strings by pattern |
| Memory segment layout |
| Binary section information |
| List all binary entry points |
Data Analysis
Tool | Description |
| Define data variables at addresses |
| List all defined data variables |
| Read and analyze raw data |
| Search for byte patterns in binary |
Navigation & Bookmarks
Tool | Description |
| Get current cursor position with context |
| Identify function at current address |
| Unified bookmark management - actions: |
Task Management
Tool | Description |
| Start an async background task |
| Check status of async operations |
| List all pending/running tasks |
| Cancel a running task |
MCP Resources (8 Total)
Resources provide browsable, cacheable data that clients can access without tool calls.
URI Pattern | Description |
| Complete binary overview |
| All functions with metadata |
| Import table |
| Export table |
| String table |
| Binary metadata (arch, platform, entry point) |
| Memory segments with permissions |
| Binary sections |
MCP Prompts (7 Total)
Pre-built prompts guide LLMs through structured analysis workflows.
Prompt | Arguments | Description |
|
| Comprehensive function analysis workflow |
|
| Security audit checklist (memory safety, input validation, crypto) |
|
| Generate Doxygen-style documentation |
|
| Track data dependencies and taint propagation |
|
| Diff two functions for similarity analysis |
|
| Recover structure definitions from usage patterns |
|
| Trace POSIX/Winsock send/recv for protocol analysis |
Example: Network Protocol Analysis
The trace_network_data prompt guides analysis of network communication:
Identify Network Functions: Finds POSIX (
send/recv/sendto/recvfrom) and Winsock (WSASend/WSARecv) callsTrace Call Stacks: Maps application handlers down to network I/O
Analyze Buffers: Identifies protocol structures (headers, length fields, TLV encoding)
Reconstruct Protocols: Generates C struct definitions for message formats
Security Assessment: Checks for buffer overflows, integer issues, information disclosure
Installation
Prerequisites
Binary Ninja: Version 4000 or higher
Python: 3.8+ (typically bundled with Binary Ninja)
Platform: Windows, macOS, or Linux
NOTE: Windows users should start with: BinAssistMCP on Windows
Option 1: Binary Ninja Plugin Manager (Recommended)
Open Binary Ninja
Navigate to Tools → Manage Plugins
Search for "BinAssistMCP"
Click Install
Restart Binary Ninja
Option 2: Manual Installation
# Clone the repository
git clone https://github.com/jtang613/BinAssistMCP.git
cd BinAssistMCP
# Install dependencies
pip install -r requirements.txtCopy to your Binary Ninja plugins directory:
Platform | Path |
Windows |
|
macOS |
|
Linux |
|
Configuration
Binary Ninja Settings
Open Edit → Preferences → binassistmcp:
Setting | Default | Description |
|
| Server bind address |
|
| Server port |
|
| Transport: |
|
| Maximum concurrent binaries |
|
| Auto-start server on file load |
Environment Variables
export BINASSISTMCP_SERVER__HOST=localhost
export BINASSISTMCP_SERVER__PORT=9090
export BINASSISTMCP_SERVER__TRANSPORT=streamablehttp
export BINASSISTMCP_BINARY__MAX_BINARIES=10Usage
Starting the Server
Via Binary Ninja Menu:
Tools → BinAssistMCP → Start Server
Check log panel for:
BinAssistMCP server started on http://localhost:9090
Auto-Startup: Server starts automatically when Binary Ninja loads a file (configurable).
Connecting MCP Clients
Streamable HTTP (Default):
http://localhost:9090/mcpServer-Sent Events:
http://localhost:9090/sseClaude Desktop Configuration
Add to your Claude Desktop MCP configuration (claude_desktop_config.json):
{
"mcpServers": {
"binassist": {
"url": "http://localhost:9090/mcp"
}
}
}Integration Examples
Basic Function Analysis
User: "Analyze the main function and explain what it does"
Claude uses:
1. get_functions() - find main
2. get_code(format='decompile') - get readable code
3. xrefs(action='refs_from') - find called functions
4. analyze_function() - get complexity metricsVulnerability Research
User: "Find buffer overflow vulnerabilities in input handling functions"
Claude uses:
1. search_functions_advanced(search_in='calls') - find memcpy/strcpy callers
2. get_code(format='decompile') - examine implementations
3. variables(action='list') - check buffer sizes
4. comments(action='set') - document findingsProtocol Reverse Engineering
User: "Analyze the network protocol used by this binary"
Claude uses the trace_network_data prompt:
1. Identifies send/recv call sites
2. Traces data flow from handlers to network I/O
3. Reconstructs message structures
4. Checks for network vulnerabilitiesTroubleshooting
Server Issues
Problem | Solution |
Server won't start | Check port 9090 availability, verify dependencies |
Connection refused | Ensure server is running, check firewall settings |
Tools return errors | Wait for analysis completion, verify binary is loaded |
Performance
Slow decompilation: Results are cached; second request is faster
Memory usage: Reduce
max_binariessettingLong operations: Check task status with
get_task_status
Logs
Check Binary Ninja's Log panel for detailed error messages.
Contributing
Fork the repository
Create a feature branch
Follow existing code patterns (Pydantic models, type hints, docstrings)
Test with multiple binary types
Submit a pull request
License
This project is licensed under the MIT License - see the LICENSE file for details.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.