Which integrations are available for this server?

Enables dynamic analysis of Android applications, including device management, script injection, process inspection, and frida-server installation/starting. Provides tools for iOS app analysis, including device readiness checks and Frida-based instrumentation. Offers dynamic analysis on Linux targets, including process attachment and memory inspection via Frida. Supports macOS application security research with device management and script injection capabilities.

How do I use fuzzmind-frida-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@fuzzmind-frida-mcp attach to process 1234 and list loaded modules" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

fuzzmind-frida-mcp

by fuzzmind

Overview Schema Related Servers Score Discussions

Python

Local

fuzzmind-frida-mcp

Version MCP Frida Frida Tools Python License

A Frida MCP server for authorized dynamic analysis and application security research. It exposes device/session management, script injection, process and memory inspection, runtime helpers, and platform-focused workflows for macOS, iOS, Android, Windows, Linux, and kernel targets.

Positioning

This is a broad Frida automation layer for FuzzMind research workflows, not a minimal general-purpose Frida wrapper. It is designed so MCP-capable agents can drive long-running Frida sessions, scripts, runtime APIs, platform workflows, and security recipes with structured tool calls.

The goal is close practical coverage of the Frida Python API, GumJS API, frida-tools workflows, Gadget setup, and common application-security research tasks. It does not claim byte-for-byte or 100% behavioral parity with every Frida CLI interaction, every language binding, or every future upstream API.

For standalone Frida users, the official frida, frida-trace, and frida-tools CLI remain the smallest interface. This MCP is intentionally larger because it is also meant to integrate with FuzzMind internal research products and systems, including Mantis, Corvus, and others. These integrations are optional and are not required to run this MCP.

Install

uv tool install fuzzmind-frida-mcp
# or
pip install fuzzmind-frida-mcp

Requires Frida. Package dependencies install frida>=17.9.3,<18 and frida-tools>=14.8.1,<15.

Version support

Component	Supported version
fuzzmind-frida-mcp	0.1.0
Python	3.11+
frida	17.9.3 to <18
frida-tools	14.8.1 to <15

Frida 17+ API users must bundle or provide ObjC/Java/Swift bridge packages when using those high-level runtimes. The MCP injects safe bridge stubs when bridge packages are unavailable, so runtime tools fail with explicit guidance instead of JavaScript ReferenceError.

The MCP runtime itself only needs Python Frida bindings and frida-tools. Node.js, TypeScript, and Rust Frida bindings are not required to run this server. ObjC/Java/Swift bridges are optional runtime packages for high-level target APIs; use frida_bridge_status to inspect them and frida_bridge_install to install them through official frida-pm when needed. By default these bridge packages are stored under ~/.fuzzmind/frida-mcp/frida-bridges (or FUZZMIND_FRIDA_BRIDGE_ROOT), so PyPI/uv installations do not need a writable source checkout.

Android frida-server helpers operate on a user-supplied frida-server binary; the MCP does not download platform binaries for you. Gadget helpers generate configs and stage assets, but signing, repackaging, and platform policy changes remain explicit external steps.

Quick start

Claude Code

claude mcp add frida -- fuzzmind-frida-mcp

Codex / OpenCode / generic MCP

This server speaks standard MCP over stdio. It is not tied to Claude Code; use the same command with Codex, OpenCode, Claude Desktop, or any MCP client that can launch a stdio server.

{
  "mcpServers": {
    "frida": {
      "command": "fuzzmind-frida-mcp"
    }
  }
}

Run standalone

fuzzmind-frida-mcp

When started by an MCP client, this runs as a stdio server and waits for client messages. When run directly from an interactive terminal, it prints a short usage note and exits so stdout is not polluted accidentally. For a local sanity check:

fuzzmind-frida-mcp --check
fuzzmind-frida-mcp --diagnose
fuzzmind-frida-mcp --version

To force stdio server mode from a terminal:

fuzzmind-frida-mcp --stdio

Tool catalogue

Frida CLI option mapping

The MCP exposes Frida CLI-style controls as structured tool arguments instead of requiring an agent to build shell commands:

Frida CLI option	MCP surface
`-D`, `-U`, `-R`, `-H`, certificates, origin, token, keepalive	device/remote tools and `device_id` arguments
`-f`, `-p`, `-n`, `-N`, `-F`, `-W`	`frida_connect`, `frida_await_spawn`, `frida_spawn_with_options`
`--stdio`, `--aux`, `--realm`, `--pause`	`frida_connect` / `frida_spawn_with_options` arguments
`-l`, `-e`, `--runtime`, `--debug`, `-P`, `--auto-perform`, `--exit-on-error`	`frida_script_load`, `frida_script_load_file`, `frida_script_run_file`, `frida_eval`, `frida_interactive_eval`
`-C`, `--toolchain`	`frida_cmodule_compile`
`-c`, `-O`, `-q`, `-t`, `-o`, `--eternalize`, `--kill-on-exit`	`frida_codeshare_run`, `frida_cli_options_file_parse`, `frida_script_eternalize`, script output/event tools
`frida-trace`, `frida-discover`, `gum-graft`	`frida_trace`, `frida_discover`, `frida_gum_graft`

Agent workflows

Tool	Description
`frida_target_snapshot`	First-step target snapshot for agents: process metadata, runtime bridges, modules, threads, range counts, and recommended next tools
`frida_host_diagnostics`	Inspect local Frida, tool, device, and process-listing readiness
`frida_bridge_status`	Check whether Frida 17 ObjC/Java/Swift bridge packages can be bundled
`frida_bridge_install`	Install ObjC/Java/Swift bridge packages with official `frida-pm`
`frida_gadget_config`	Generate a Frida Gadget configuration
`frida_gadget_script_template`	Generate a Gadget-compatible script template
`frida_gadget_bundle_assets`	Stage Gadget library, config, and optional script into a packaging directory
`frida_android_frida_server_status`	Check Android adb/frida-server readiness without modifying the device
`frida_android_frida_server_install`	Push a user-supplied frida-server binary to an Android device
`frida_android_frida_server_start`	Start frida-server on an Android device
`frida_android_frida_server_stop`	Stop frida-server on an Android device
`frida_android_frida_server_setup`	Install, start, and optionally port-forward frida-server
`frida_android_port_forward`	Create an adb TCP port forward for frida-server or Gadget
`frida_android_port_forward_list`	List adb TCP port forwards
`frida_android_port_forward_remove`	Remove an adb TCP port forward
`frida_android_device_prepare`	Summarize Android readiness for Frida app analysis
`frida_ios_device_prepare`	Summarize iOS/macOS USB-device readiness for Frida app analysis
`frida_gumjs_template`	Generate advanced GumJS templates for direct `frida_script_load` use

Official Frida APIs

Tool	Description
`frida_device_get_usb`	Resolve the first USB device with `get_usb_device()`
`frida_device_get_remote`	Resolve Frida's default remote device
`frida_device_get_matching`	Find a device with a DeviceManager predicate
`frida_remote_device_add`	Add a remote device with certificate/origin/token/keepalive options
`frida_remote_device_remove`	Remove a remote device from DeviceManager
`frida_device_query_system_parameters`	Read `Device.query_system_parameters()`
`frida_device_override_option`	Set an official Device option override
`frida_device_unpair`	Unpair a paired device
`frida_device_input`	Send raw stdin bytes to a spawned target
`frida_device_get_process`	Resolve a process with `Device.get_process()`
`frida_device_is_lost`	Check `Device.is_lost()`
`frida_inject_library_blob`	Inject a library from bytes with `Device.inject_library_blob()`
`frida_spawn_with_options`	Spawn with argv/env/envp/cwd/stdio/aux without attaching
`frida_pending_spawn_list`	List device-level pending spawns
`frida_pending_children_list`	List session child-gating pending children
`frida_event_subscribe`	Subscribe to DeviceManager, Device, or Session events
`frida_event_get_events`	Read queued official event-subscription events
`frida_event_unsubscribe`	Remove an official event subscription
`frida_bus_attach`	Attach to a device bus and queue bus messages
`frida_bus_post`	Post a bus message, optionally with binary data
`frida_bus_get_events`	Read queued bus events
`frida_bus_detach`	Drop a bus event queue
`frida_session_enable_child_gating`	Enable official session child gating
`frida_session_disable_child_gating`	Disable official session child gating
`frida_session_resume`	Resume a session through `Session.resume()`
`frida_session_is_detached`	Check `Session.is_detached()`
`frida_session_setup_peer_connection`	Configure peer connection / relay support
`frida_session_join_portal`	Join a PortalService from a session
`frida_session_leave_portal`	Terminate a portal membership
`frida_script_load_bytes`	Load compiled script bytes
`frida_session_compile_script`	Compile script source through the active session
`frida_session_snapshot_script`	Build a Frida script snapshot
`frida_script_list_exports`	List exported RPC methods
`frida_script_enable_debugger`	Enable script debugger
`frida_script_disable_debugger`	Disable script debugger
`frida_script_post_binary`	Post a message with binary data to a script
`frida_script_set_log_handler`	Queue Script log handler events
`frida_script_get_log_events`	Read queued Script log events
`frida_script_get_log_handler`	Inspect the active Script log handler
`frida_script_reset_log_handler`	Reset Script logging to the Frida default
`frida_compiler_build`	Build a bundle with `frida.Compiler`
`frida_compiler_watch`	Start `Compiler.watch()` and queue compiler events
`frida_compiler_watch_get_events`	Read queued compiler watch events
`frida_compiler_watch_stop`	Stop tracking a compiler watch
`frida_package_search`	Search Frida packages with PackageManager
`frida_package_install`	Install Frida packages with PackageManager
`frida_package_registry`	Read `PackageManager.registry`
`frida_portal_start`	Start a PortalService with EndpointParameters
`frida_portal_stop`	Stop a PortalService
`frida_portal_broadcast`	Broadcast through a PortalService
`frida_portal_narrowcast`	Narrowcast through a PortalService tag
`frida_portal_post`	Post to one PortalService connection
`frida_portal_tag`	Tag a PortalService connection
`frida_portal_untag`	Remove a PortalService tag
`frida_portal_enumerate_tags`	List PortalService connection tags
`frida_portal_get_events`	Read PortalService events
`frida_service_request`	Open a device service and send one request
`frida_open_channel`	Open a raw device channel readiness probe
`frida_channel_open`	Open a raw device channel for repeated IO
`frida_channel_read`	Read bytes from an open device channel
`frida_channel_write`	Write bytes to an open device channel
`frida_channel_close`	Close an open device channel
`frida_service_open`	Open a device service for repeated requests/events
`frida_service_request_by_id`	Send a request through an open service
`frida_service_get_events`	Read queued service events
`frida_service_close`	Cancel and forget an open service
`frida_module_map_snapshot`	Snapshot/query modules with GumJS ModuleMap
`frida_memory_copy`	Copy memory with `Memory.copy()`
`frida_memory_scan_sync`	Scan memory synchronously
`frida_memory_check_code_pointer`	Validate a code pointer
`frida_memory_dup`	Duplicate memory with `Memory.dup()`
`frida_module_load`	Load a module with `Module.load()`
`frida_module_ensure_initialized`	Force module initialization
`frida_module_find_global_export_by_name`	Resolve a global export by name
`frida_process_attach_thread_observer`	Observe thread add/remove events
`frida_process_attach_module_observer`	Observe module load/unload events
`frida_gum_script_evaluate`	Evaluate code with GumJS `Script.evaluate()`
`frida_gum_script_load`	Load code with GumJS `Script.load()`
`frida_gum_script_register_source_map`	Register a GumJS source map
`frida_interceptor_flush`	Flush Interceptor changes
`frida_interceptor_revert`	Revert an Interceptor replacement
`frida_system_function_call`	Call a native function with SystemFunction
`frida_thread_hardware_breakpoint`	Set/unset a hardware breakpoint
`frida_thread_hardware_watchpoint`	Set/unset a hardware watchpoint
`frida_code_writer_template`	Generate CodeWriter/Relocator templates
`frida_kernel_enumerate_ranges`	Enumerate kernel ranges
`frida_kernel_enumerate_module_ranges`	Enumerate kernel module ranges
`frida_kernel_alloc`	Allocate kernel memory
`frida_kernel_protect`	Change kernel memory protection
`frida_stalker_add_call_probe`	Install a temporary Stalker call probe
`frida_stalker_invalidate`	Invalidate Stalker translations
`frida_rust_module_compile`	Compile a GumJS RustModule
`frida_checksum_memory`	Compute a GumJS Checksum over memory
`frida_worker_template`	Generate a GumJS Worker template
`frida_sampler_template`	Generate a GumJS Sampler template
`frida_java_enumerate_class_loaders`	Enumerate Java class loaders
`frida_java_choose`	Find live Java instances
`frida_java_backtrace`	Capture Java backtrace frames
`frida_java_deoptimize`	Trigger Java deoptimization
`frida_objc_implement_template`	Generate an ObjC.implement template
`frida_objc_bind_data`	Bind host data to an ObjC object

Device management

Tool	Description
`frida_list_devices`	List all available Frida devices (USB, remote, local)
`frida_get_device_info`	Get info about a specific Frida device or the default local device
`frida_remote_device_add`	Add a remote Frida server with official DeviceManager options
`frida_list_apps`	List all installed applications on a device (not just running)
`frida_get_frontmost_app`	Get the frontmost (foreground) application on a device
`frida_launch_app`	Spawn and resume an application by bundle/package identifier
`frida_kill_app`	Kill a process by PID or name on a device
`frida_resume_process`	Resume a suspended process by PID

Session lifecycle

Tool	Description
`frida_connect`	Connect/attach/spawn/await a target and create a persistent Frida session
`frida_await_spawn`	Wait for a gated spawn matching a pattern, optionally attach and resume
`frida_disconnect`	Disconnect from the current or a specified Frida session
`frida_list_sessions`	List all active Frida sessions
`frida_switch_session`	Switch the active Frida session
`frida_is_connected`	Check if the current Frida session is alive
`frida_session_get_events`	Read lifecycle events such as detach/crash/disconnect
`frida_session_clear_events`	Clear lifecycle events for a persistent session
`frida_session_recover`	Recover a broken/crashed Frida session by re-attaching
`frida_interactive_eval`	Execute arbitrary JS in an existing persistent Frida session (REPL)

Long-running scripts and RPC

Tool	Description
`frida_script_load`	Load a long-running Frida script with runtime, parameters, debugger, and error policy options
`frida_script_load_file`	Load a local JavaScript file as a long-running Frida script with the same script options
`frida_script_list`	List scripts loaded in a persistent session
`frida_script_unload`	Unload a long-running script by script id
`frida_script_reload`	Reload a long-running script while preserving name and kind
`frida_script_call_rpc`	Call a function exposed through `rpc.exports`
`frida_script_post_message`	Post a JSON-serialisable message to a long-running script
`frida_script_get_events`	Read queued events emitted by long-running scripts
`frida_script_clear_events`	Clear queued events for one script or a whole session
`frida_script_export_events`	Export queued script events to JSON or JSONL

Hooks

Tool	Description
`frida_install_hook`	Install a persistent hook and return its script id
`frida_get_hook_messages`	Get queued events from persistent hook scripts
`frida_clear_hook_messages`	Clear hook event queues for the active session
`frida_uninstall_hooks`	Unload all persistent hook scripts in the current session
`frida_list_hooks`	List all installed persistent hooks in the current session
`frida_hook_native_by_offset`	Hook a native function by module name + hex offset
`frida_hook_native_function`	Hook a native function by address using Interceptor.attach

Memory

Tool	Description
`frida_read_memory`	Read raw memory from a target process
`frida_write_memory`	Write raw bytes to process memory
`frida_memory_scan`	Scan process memory for a hex pattern
`frida_memory_protect`	Change memory protection on a region
`frida_enumerate_ranges`	Enumerate memory ranges matching a protection filter
`frida_get_module_base`	Get base address of a module by name (partial match)
`frida_memory_dump_regions`	Dump all readable memory regions from a target process to disk
`frida_dump_module`	Dump a live in-memory module image to disk
`frida_memory_alloc`	Allocate memory inside a target process via Memory.alloc
`frida_memory_patch_code`	Patch executable code at an address using Memory.patchCode
`frida_memory_query_protection`	Query memory protection at a specific address
`frida_memory_alloc_string`	Allocate a string inside a target process
`frida_memory_access_monitor`	Monitor memory accesses (read/write/execute) on specified ranges
`frida_read_typed`	Read a typed value from process memory
`frida_write_typed`	Write a typed value to process memory
`frida_hexdump`	Formatted hex dump of memory at an address
`frida_memory_dup`	Duplicate memory with GumJS `Memory.dup()`

Process introspection

Tool	Description
`frida_check`	Verify frida + frida-tools install state and version
`frida_list_processes`	Enumerate running processes via Frida's local device
`frida_process_info`	Get detailed process metadata (pid, arch, platform, etc.)
`frida_enumerate_threads`	List all threads with state and registers
`frida_enumerate_modules`	List all loaded modules in a target process
`frida_enumerate_exports`	List exported symbols from a specific module
`frida_enumerate_imports`	Enumerate imports of a module
`frida_enumerate_symbols`	List all symbols (not just exports) from a module
`frida_enumerate_sections`	Enumerate sections (name, base, size, protection) of a module
`frida_enumerate_dependencies`	Enumerate dependencies of a module
`frida_enumerate_malloc_ranges`	Enumerate malloc heap ranges filtered by memory protection
`frida_find_export_by_name`	Find a single export by name, optionally scoped to a module
`frida_find_symbol_by_name`	Find a symbol by name within a module
`frida_resolve_debug_symbol`	Resolve a debug symbol from an address
`frida_find_functions_named`	Find all functions with an exact name
`frida_find_functions_matching`	Find functions matching a glob pattern
`frida_load_debug_symbols`	Load debug symbols from a file (e.g. dSYM)

Interceptor

Tool	Description
`frida_intercept_objc_method`	Hook a specific ObjC method via Interceptor and log invocations
`frida_interceptor_replace`	Replace a native function entirely using Interceptor.replace
`frida_spoof_return`	Spoof the return value of a function
`frida_callstack_tracer`	Trace call stacks for a specific function, symbolicated

Stalker

Tool	Description
`frida_stalker_coverage`	Collect basic-block coverage using Frida Stalker
`frida_stalker_configure`	Configure and start Stalker with advanced options on a specific thread
`frida_spawn_gating`	Enable spawn gating to intercept all new process spawns
`frida_child_process_trap`	Monitor child process creation by hooking spawn/fork/exec APIs
`frida_discover`	Run official `frida-discover` for internal function discovery
`frida_gum_graft`	Run official `gum-graft` when available

Script injection

Tool	Description
`frida_script_run_file`	Run a local Frida JS script against a process with runtime/parameters options
`frida_eval`	Evaluate inline JavaScript against a target
`frida_cli_compile_bundle`	Compile a Frida JS script with `frida-compile`
`frida_cli_options_file_parse`	Parse a Frida CLI `--options-file` into tokens for agent planning
`frida_codeshare_run`	Run an official frida-tools CodeShare script via `frida -c`
`frida_script_eternalize`	Inject a script and eternalize it so it survives session detach
`frida_cmodule_compile`	Compile inline C code and load it via CModule, with optional toolchain selection
`frida_native_function_call`	Call a native function by address inside a target process
`frida_inject_library`	Inject a shared library (.dylib / .so) into a target process
`frida_trace`	frida-trace function-tracing capture for N seconds

Objective-C

Tool	Description
`frida_objc_classes`	Enumerate ObjC class names matching a pattern
`frida_objc_choose`	Find live ObjC instances of a class on the heap
`frida_objc_register_class`	Register a new ObjC class at runtime
`frida_objc_create_block`	Create an ObjC block at runtime
`frida_objc_schedule`	Schedule JavaScript on the ObjC main thread dispatch queue
`frida_objc_inspect_object`	Inspect an ObjC object at a given address
`frida_objc_call_method`	Call an ObjC method on an object at a given address
`frida_objc_list_protocols`	List all registered ObjC protocols
`frida_dump_class`	Dump full ObjC class structure: methods, protocols, ivars
`frida_xpc_intercept`	xpcspy-style XPC message capture

Swift

Tool	Description
`frida_swift_demangle`	Demangle a Swift symbol using the in-process Swift runtime
`frida_api_resolver`	Resolve API symbols using Frida's ApiResolver

Java / Android Runtime

Tool	Description
`frida_java_list_classes`	Enumerate loaded Java/ART classes
`frida_java_list_methods`	List declared methods of a Java class
`frida_java_hook_method`	Hook all overloads of a Java method
`frida_java_call`	Execute arbitrary JS inside a Java.perform() block
`frida_java_load_dex`	Dynamically load a DEX file into an Android process

Security bypass

Tool	Description
`frida_ssl_pinning_disable`	Universal SSL pinning bypass (Android + iOS/macOS)
`frida_ssl_keylog`	Extract TLS session keys for Wireshark decryption
`frida_crypto_hook`	Hook crypto APIs to capture encryption/decryption operations
`frida_string_sniffer`	Sniff strings as they are created at runtime
`frida_time_warp`	Warp time perception for a target process
`frida_anti_root_bypass`	Bypass root/jailbreak detection
`frida_anti_debug_bypass`	Bypass debugger detection mechanisms

File system

Tool	Description
`frida_file_list`	List files in a directory on the target's filesystem
`frida_file_read`	Read a file from the target's filesystem view
`frida_file_download`	Download a file from the target to the local host
`frida_file_write`	Write data to a file on the target's filesystem
`frida_file_seek_read`	Read bytes from a file at a specific offset

Database

Tool	Description
`frida_sqlite_open`	Open a SQLite database and list tables
`frida_sqlite_exec`	Execute SQL against a SQLite database inside the target
`frida_sqlite_dump`	Full schema + data dump of a SQLite database

Network

Tool	Description
`frida_socket_connect`	Open a TCP/UDP connection from within the target process
`frida_socket_listen`	Open a listening socket inside the target process

Cloak

Tool	Description
`frida_cloak_thread`	Hide a thread from in-process detection
`frida_cloak_range`	Hide a memory range from detection
`frida_cloak_fd`	Hide a file descriptor from detection

Profiler

Tool	Description
`frida_profiler_start`	Start profiling specific addresses
`frida_profiler_report`	Retrieve the profiler report
`frida_instruction_parse`	Disassemble a single instruction at an address

Kernel

Tool	Description
`frida_kernel_read`	Read kernel memory at an address
`frida_kernel_write`	Write raw bytes to kernel memory
`frida_kernel_scan`	Scan kernel memory for a hex pattern
`frida_kernel_enumerate_modules`	Enumerate kernel modules (kexts)

Windows platform

Tool	Description
`frida_win_api_monitor`	Hook Win32 APIs and log call arguments
`frida_win_dotnet_list_assemblies`	Enumerate .NET assemblies loaded in a target process
`frida_win_dotnet_hook_method`	Hook a .NET method and log invocations
`frida_win_registry_monitor`	Monitor Registry operations
`frida_win_com_intercept`	Intercept a COM vtable method call
`frida_win_etw_bypass`	Patch EtwEventWrite to neutralise ETW event logging
`frida_win_crypto_hook`	Hook CryptoAPI and BCrypt encryption/decryption
`frida_win_amsi_bypass`	Patch AmsiScanBuffer to bypass AMSI scanning
`frida_win_hollowing_detect`	Detect process hollowing via PE section comparison

Android platform

Tool	Description
`frida_android_content_provider_hook`	Hook ContentResolver operations for a specific authority
`frida_android_intent_intercept`	Intercept Intent dispatching
`frida_android_shared_prefs_dump`	Dump SharedPreferences key-value pairs
`frida_android_webview_hook`	Hook WebView methods to capture JS bridge interactions
`frida_android_jni_hook`	Hook JNI functions in libart.so

iOS / macOS platform

Tool	Description
`frida_ios_keychain_dump`	Dump accessible Keychain items from a target process
`frida_ios_ats_bypass`	Disable App Transport Security for a target process
`frida_ios_url_scheme_hook`	Hook URL scheme and Universal Link handling

Linux platform

Tool	Description
`frida_linux_syscall_hook`	Hook libc syscall wrappers and log arguments
`frida_linux_preload_detect`	Detect LD_PRELOAD and suspicious library injections
`frida_linux_dbus_intercept`	Intercept D-Bus method calls and messages
`frida_linux_got_hook`	Overwrite a GOT/PLT entry for a function in a target module
`frida_linux_seccomp_detect`	Detect seccomp sandbox status in a target process

Misc

Tool	Description
`frida_set_exception_handler`	Install an in-process exception handler to catch crashes
`frida_run_on_thread`	Execute JavaScript on a specific thread
`frida_heap_search`	Search the heap for live ObjC instances of a class

Platform support

Platform	Capabilities
Cross-platform	Script/session lifecycle, RPC, event queues, process, memory, hooks, stalker, interceptor, ObjC, Swift, Java, files, DB, network, cloak, profiler, kernel, agent workflows
macOS / iOS	ObjC runtime, XPC interception, Keychain, ATS bypass, URL schemes, SSL pinning, code signing
Android	Java/ART bridge, JNI hooks, Intent interception, ContentProvider, WebView, SharedPrefs, root bypass
Windows	Win32 API monitoring, .NET/CLR, COM interception, Registry, ETW bypass, AMSI bypass, CryptoAPI, hollowing detection
Linux	Syscall hooks, LD_PRELOAD detection, D-Bus interception, GOT/PLT hooks, seccomp detection
Kernel	Kernel memory read/write/scan, kext enumeration

Capability summary

Feature	Support
Tool catalogue	Registered MCP tools for Frida workflows
Persistent sessions and scripts	Yes
RPC exports	Long-running scripts can expose callable functions through `rpc.exports`
Event queues	Script and hook events are stored per `script_id`
Platform-focused workflows	macOS/iOS, Android, Windows, Linux, kernel
Process and module introspection	Yes
Memory operations	Read, write, scan, protect, dump, typed access
Native instrumentation	Interceptor, Stalker, CModule, NativeFunction
Official Frida APIs	DeviceManager, Device, Bus, Session, Script, Compiler, PackageManager, PortalService, peer connection, ModuleMap, SystemFunction, Thread hardware break/watchpoints, Worker, RustModule, Checksum, Sampler
Runtime helpers	ObjC, Java/ART, Swift, .NET-oriented workflows
Files and databases	Target-side file access and SQLite helpers
Agent workflow entrypoint	Target snapshot with recommended next tools
Bidirectional messaging	`script.post()` plus target-side `recv()`

macOS attach permissions

Frida attaches through task ports, and macOS can deny that for several independent reasons. SIP is only one of them. Even with SIP fully disabled, attach may still fail if the terminal/Python host lacks Developer Tools/debugging permission, the target is a protected platform binary, the process is sandboxed, architectures do not match, or the host environment hides the process list.

For normal development, prefer self-built test apps or explicitly authorized apps first. Avoid using Apple system binaries such as /bin/sleep as the first attach probe; they are platform-signed and can be denied even when launched by your own user. If a self-built target fails, fix local debugging permission before changing SIP. System daemons and Apple platform binaries may require reduced SIP debug restrictions, but that still does not guarantee attach on every target.

Useful checks:

Run frida_check to confirm Python Frida and frida-tools are installed.
Run frida_host_diagnostics from the same shell or MCP client that will run Frida. On macOS it reports Developer Tools status, task-port AuthorizationDB checks, the active Python executable, and whether that Python shows debugger-related code-signing entitlements.
Run frida_list_devices and frida_list_processes; an empty process list usually points to host permission or sandboxing.
Try a self-built process with frida_connect(..., spawn=True) before targeting system services.
On macOS, grant the terminal or Python runner Developer Tools/debugging permission in System Settings when prompted.

If self-built spawn/attach fails with unable to access process ... from the current user account, treat it as a local macOS debug-permission issue first. Check DevToolsSecurity -status, the _developer group, and the code-signing entitlements of the Python interpreter used by fuzzmind-frida-mcp or frida. The official Frida troubleshooting notes cover macOS task-port authorization: https://frida.re/docs/troubleshooting/

Common lab-only recovery steps:

sudo DevToolsSecurity -enable
sudo dseditgroup -o edit -a "$USER" -t user _developer

Restart the terminal or MCP client after changing Developer Tools permissions. If AuthorizationDB task-port checks still fail on a dedicated research host, follow the Frida troubleshooting guidance for system.privilege.taskport. If the Python host remains the blocker, use a disposable pyenv/venv Python for Frida work and sign that interpreter with debugger entitlements rather than changing the system Python.

For release validation, use official Frida packages in a clean project venv and run the real smoke tests with FUZZMIND_FRIDA_REAL_ATTACH=1. These tests require native Frida spawn/attach for a self-built target.

Repository layout

Path	Purpose
`src/fuzzmind_frida_mcp/server.py`	CLI entrypoint and FastMCP startup only
`src/fuzzmind_frida_mcp/toolsets/`	MCP-facing tool functions grouped by exposed surface: lifecycle, instrumentation, runtimes, platform, data, recipes
`src/fuzzmind_frida_mcp/tools/`	Implementation modules used by MCP-facing tools
`src/fuzzmind_frida_mcp/tools/official/`	Thin wrappers around official Frida Python/GumJS APIs, grouped by upstream object
`src/fuzzmind_frida_mcp/tools/lifecycle/`	Device, process, session, and script lifecycle workflows
`src/fuzzmind_frida_mcp/tools/instrumentation/`	Memory, hook, Interceptor, Stalker, Kernel, Cloak, and profiler helpers
`src/fuzzmind_frida_mcp/tools/runtimes/`	Java, ObjC, and Swift runtime workflows
`src/fuzzmind_frida_mcp/tools/platform/`	Android, iOS/macOS, Linux, and Windows focused workflows
`src/fuzzmind_frida_mcp/tools/data/`	File, database, and socket helpers
`src/fuzzmind_frida_mcp/tools/recipes/`	Higher-level security and environment workflows

The official/ package is intentionally separate from high-level workflow modules. For example, tools/official/device.py follows official DeviceManager/Device APIs, while tools/lifecycle/device.py exposes Agent-friendly workflows built on top of Frida.

Contributing

PRs welcome. Please read the CONTRIBUTING document first:

Keep one MCP-facing function per tool and register grouped surfaces through src/fuzzmind_frida_mcp/toolsets/
Put official API thin wrappers under src/fuzzmind_frida_mcp/tools/official/
Add platform-specific tools to the appropriate src/fuzzmind_frida_mcp/tools/platform/ module
Cross-platform implementation tools go in the matching grouped package (instrumentation/, lifecycle/, runtimes/, data/, or recipes/)

License

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

1Releases (12mo)

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/fuzzmind/frida-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server