fuzzmind-frida-mcp 0.1.0

Frida MCP server for authorized dynamic analysis and application security research

fuzzmind-frida-mcp

A Frida MCP server for authorized dynamic analysis and application security research. It exposes device/session management, script injection, process and memory inspection, runtime helpers, and platform-focused workflows for macOS, iOS, Android, Windows, Linux, and kernel targets.

Positioning

This is a broad Frida automation layer for FuzzMind research workflows, not a minimal general-purpose Frida wrapper. It is designed so MCP-capable agents can drive long-running Frida sessions, scripts, runtime APIs, platform workflows, and security recipes with structured tool calls.

The goal is close practical coverage of the Frida Python API, GumJS API, frida-tools workflows, Gadget setup, and common application-security research tasks. It does not claim byte-for-byte or 100% behavioral parity with every Frida CLI interaction, every language binding, or every future upstream API.

For standalone Frida users, the official frida, frida-trace, and frida-tools CLI remain the smallest interface. This MCP is intentionally larger because it is also meant to integrate with FuzzMind internal research products and systems, including Mantis, Corvus, and others. These integrations are optional and are not required to run this MCP.

Install

uv tool install fuzzmind-frida-mcp
# or
pip install fuzzmind-frida-mcp

Requires Frida. Package dependencies install frida>=17.9.3,<18 and frida-tools>=14.8.1,<15.

Version support

Component	Supported version
fuzzmind-frida-mcp	0.1.0
Python	3.11+
frida	17.9.3 to <18
frida-tools	14.8.1 to <15

Frida 17+ API users must bundle or provide ObjC/Java/Swift bridge packages when using those high-level runtimes. The MCP injects safe bridge stubs when bridge packages are unavailable, so runtime tools fail with explicit guidance instead of JavaScript ReferenceError.

The MCP runtime itself only needs Python Frida bindings and frida-tools. Node.js, TypeScript, and Rust Frida bindings are not required to run this server. ObjC/Java/Swift bridges are optional runtime packages for high-level target APIs; use frida_bridge_status to inspect them and frida_bridge_install to install them through official frida-pm when needed. By default these bridge packages are stored under ~/.fuzzmind/frida-mcp/frida-bridges (or FUZZMIND_FRIDA_BRIDGE_ROOT), so PyPI/uv installations do not need a writable source checkout.

Android frida-server helpers operate on a user-supplied frida-server binary; the MCP does not download platform binaries for you. Gadget helpers generate configs and stage assets, but signing, repackaging, and platform policy changes remain explicit external steps.

Quick start

Claude Code

claude mcp add frida -- fuzzmind-frida-mcp

Codex / OpenCode / generic MCP

This server speaks standard MCP over stdio. It is not tied to Claude Code; use the same command with Codex, OpenCode, Claude Desktop, or any MCP client that can launch a stdio server.

{
  "mcpServers": {
    "frida": {
      "command": "fuzzmind-frida-mcp"
    }
  }
}

Run standalone

fuzzmind-frida-mcp

When started by an MCP client, this runs as a stdio server and waits for client messages. When run directly from an interactive terminal, it prints a short usage note and exits so stdout is not polluted accidentally. For a local sanity check:

fuzzmind-frida-mcp --check
fuzzmind-frida-mcp --diagnose
fuzzmind-frida-mcp --version

To force stdio server mode from a terminal:

fuzzmind-frida-mcp --stdio

Tool catalogue

Frida CLI option mapping

The MCP exposes Frida CLI-style controls as structured tool arguments instead of requiring an agent to build shell commands:

Frida CLI option	MCP surface
-D, -U, -R, -H, certificates, origin, token, keepalive	device/remote tools and device_id arguments
-f, -p, -n, -N, -F, -W	frida_connect, frida_await_spawn, frida_spawn_with_options
--stdio, --aux, --realm, --pause	frida_connect / frida_spawn_with_options arguments
-l, -e, --runtime, --debug, -P, --auto-perform, --exit-on-error	frida_script_load, frida_script_load_file, frida_script_run_file, frida_eval, frida_interactive_eval
-C, --toolchain	frida_cmodule_compile
-c, -O, -q, -t, -o, --eternalize, --kill-on-exit	frida_codeshare_run, frida_cli_options_file_parse, frida_script_eternalize, script output/event tools
frida-trace, frida-discover, gum-graft	frida_trace, frida_discover, frida_gum_graft

Agent workflows

Tool	Description
frida_target_snapshot	First-step target snapshot for agents: process metadata, runtime bridges, modules, threads, range counts, and recommended next tools
frida_host_diagnostics	Inspect local Frida, tool, device, and process-listing readiness
frida_bridge_status	Check whether Frida 17 ObjC/Java/Swift bridge packages can be bundled
frida_bridge_install	Install ObjC/Java/Swift bridge packages with official frida-pm
frida_gadget_config	Generate a Frida Gadget configuration
frida_gadget_script_template	Generate a Gadget-compatible script template
frida_gadget_bundle_assets	Stage Gadget library, config, and optional script into a packaging directory
frida_android_frida_server_status	Check Android adb/frida-server readiness without modifying the device
frida_android_frida_server_install	Push a user-supplied frida-server binary to an Android device
frida_android_frida_server_start	Start frida-server on an Android device
frida_android_frida_server_stop	Stop frida-server on an Android device
frida_android_frida_server_setup	Install, start, and optionally port-forward frida-server
frida_android_port_forward	Create an adb TCP port forward for frida-server or Gadget
frida_android_port_forward_list	List adb TCP port forwards
frida_android_port_forward_remove	Remove an adb TCP port forward
frida_android_device_prepare	Summarize Android readiness for Frida app analysis
frida_ios_device_prepare	Summarize iOS/macOS USB-device readiness for Frida app analysis
frida_gumjs_template	Generate advanced GumJS templates for direct frida_script_load use

Official Frida APIs

Tool	Description
frida_device_get_usb	Resolve the first USB device with get_usb_device()
frida_device_get_remote	Resolve Frida's default remote device
frida_device_get_matching	Find a device with a DeviceManager predicate
frida_remote_device_add	Add a remote device with certificate/origin/token/keepalive options
frida_remote_device_remove	Remove a remote device from DeviceManager
frida_device_query_system_parameters	Read Device.query_system_parameters()
frida_device_override_option	Set an official Device option override
frida_device_unpair	Unpair a paired device
frida_device_input	Send raw stdin bytes to a spawned target
frida_device_get_process	Resolve a process with Device.get_process()
frida_device_is_lost	Check Device.is_lost()
frida_inject_library_blob	Inject a library from bytes with Device.inject_library_blob()
frida_spawn_with_options	Spawn with argv/env/envp/cwd/stdio/aux without attaching
frida_pending_spawn_list	List device-level pending spawns
frida_pending_children_list	List session child-gating pending children
frida_event_subscribe	Subscribe to DeviceManager, Device, or Session events
frida_event_get_events	Read queued official event-subscription events
frida_event_unsubscribe	Remove an official event subscription
frida_bus_attach	Attach to a device bus and queue bus messages
frida_bus_post	Post a bus message, optionally with binary data
frida_bus_get_events	Read queued bus events
frida_bus_detach	Drop a bus event queue
frida_session_enable_child_gating	Enable official session child gating
frida_session_disable_child_gating	Disable official session child gating
frida_session_resume	Resume a session through Session.resume()
frida_session_is_detached	Check Session.is_detached()
frida_session_setup_peer_connection	Configure peer connection / relay support
frida_session_join_portal	Join a PortalService from a session
frida_session_leave_portal	Terminate a portal membership
frida_script_load_bytes	Load compiled script bytes
frida_session_compile_script	Compile script source through the active session
frida_session_snapshot_script	Build a Frida script snapshot
frida_script_list_exports	List exported RPC methods
frida_script_enable_debugger	Enable script debugger
frida_script_disable_debugger	Disable script debugger
frida_script_post_binary	Post a message with binary data to a script
frida_script_set_log_handler	Queue Script log handler events
frida_script_get_log_events	Read queued Script log events
frida_script_get_log_handler	Inspect the active Script log handler
frida_script_reset_log_handler	Reset Script logging to the Frida default
frida_compiler_build	Build a bundle with frida.Compiler
frida_compiler_watch	Start Compiler.watch() and queue compiler events
frida_compiler_watch_get_events	Read queued compiler watch events
frida_compiler_watch_stop	Stop tracking a compiler watch
frida_package_search	Search Frida packages with PackageManager
frida_package_install	Install Frida packages with PackageManager
frida_package_registry	Read PackageManager.registry
frida_portal_start	Start a PortalService with EndpointParameters
frida_portal_stop	Stop a PortalService
frida_portal_broadcast	Broadcast through a PortalService
frida_portal_narrowcast	Narrowcast through a PortalService tag
frida_portal_post	Post to one PortalService connection
frida_portal_tag	Tag a PortalService connection
frida_portal_untag	Remove a PortalService tag
frida_portal_enumerate_tags	List PortalService connection tags
frida_portal_get_events	Read PortalService events
frida_service_request	Open a device service and send one request
frida_open_channel	Open a raw device channel readiness probe
frida_channel_open	Open a raw device channel for repeated IO
frida_channel_read	Read bytes from an open device channel
frida_channel_write	Write bytes to an open device channel
frida_channel_close	Close an open device channel
frida_service_open	Open a device service for repeated requests/events
frida_service_request_by_id	Send a request through an open service
frida_service_get_events	Read queued service events
frida_service_close	Cancel and forget an open service
frida_module_map_snapshot	Snapshot/query modules with GumJS ModuleMap
frida_memory_copy	Copy memory with Memory.copy()
frida_memory_scan_sync	Scan memory synchronously
frida_memory_check_code_pointer	Validate a code pointer
frida_memory_dup	Duplicate memory with Memory.dup()
frida_module_load	Load a module with Module.load()
frida_module_ensure_initialized	Force module initialization
frida_module_find_global_export_by_name	Resolve a global export by name
frida_process_attach_thread_observer	Observe thread add/remove events
frida_process_attach_module_observer	Observe module load/unload events
frida_gum_script_evaluate	Evaluate code with GumJS Script.evaluate()
frida_gum_script_load	Load code with GumJS Script.load()
frida_gum_script_register_source_map	Register a GumJS source map
frida_interceptor_flush	Flush Interceptor changes
frida_interceptor_revert	Revert an Interceptor replacement
frida_system_function_call	Call a native function with SystemFunction
frida_thread_hardware_breakpoint	Set/unset a hardware breakpoint
frida_thread_hardware_watchpoint	Set/unset a hardware watchpoint
frida_code_writer_template	Generate CodeWriter/Relocator templates
frida_kernel_enumerate_ranges	Enumerate kernel ranges
frida_kernel_enumerate_module_ranges	Enumerate kernel module ranges
frida_kernel_alloc	Allocate kernel memory
frida_kernel_protect	Change kernel memory protection
frida_stalker_add_call_probe	Install a temporary Stalker call probe
frida_stalker_invalidate	Invalidate Stalker translations
frida_rust_module_compile	Compile a GumJS RustModule
frida_checksum_memory	Compute a GumJS Checksum over memory
frida_worker_template	Generate a GumJS Worker template
frida_sampler_template	Generate a GumJS Sampler template
frida_java_enumerate_class_loaders	Enumerate Java class loaders
frida_java_choose	Find live Java instances
frida_java_backtrace	Capture Java backtrace frames
frida_java_deoptimize	Trigger Java deoptimization
frida_objc_implement_template	Generate an ObjC.implement template
frida_objc_bind_data	Bind host data to an ObjC object

Device management

Tool	Description
frida_list_devices	List all available Frida devices (USB, remote, local)
frida_get_device_info	Get info about a specific Frida device or the default local device
frida_remote_device_add	Add a remote Frida server with official DeviceManager options
frida_list_apps	List all installed applications on a device (not just running)
frida_get_frontmost_app	Get the frontmost (foreground) application on a device
frida_launch_app	Spawn and resume an application by bundle/package identifier
frida_kill_app	Kill a process by PID or name on a device
frida_resume_process	Resume a suspended process by PID

Session lifecycle

Tool	Description
frida_connect	Connect/attach/spawn/await a target and create a persistent Frida session
frida_await_spawn	Wait for a gated spawn matching a pattern, optionally attach and resume
frida_disconnect	Disconnect from the current or a specified Frida session
frida_list_sessions	List all active Frida sessions
frida_switch_session	Switch the active Frida session
frida_is_connected	Check if the current Frida session is alive
frida_session_get_events	Read lifecycle events such as detach/crash/disconnect
frida_session_clear_events	Clear lifecycle events for a persistent session
frida_session_recover	Recover a broken/crashed Frida session by re-attaching
frida_interactive_eval	Execute arbitrary JS in an existing persistent Frida session (REPL)

Long-running scripts and RPC

Tool	Description
frida_script_load	Load a long-running Frida script with runtime, parameters, debugger, and error policy options
frida_script_load_file	Load a local JavaScript file as a long-running Frida script with the same script options
frida_script_list	List scripts loaded in a persistent session
frida_script_unload	Unload a long-running script by script id
frida_script_reload	Reload a long-running script while preserving name and kind
frida_script_call_rpc	Call a function exposed through rpc.exports
frida_script_post_message	Post a JSON-serialisable message to a long-running script
frida_script_get_events	Read queued events emitted by long-running scripts
frida_script_clear_events	Clear queued events for one script or a whole session
frida_script_export_events	Export queued script events to JSON or JSONL

Hooks

Tool	Description
frida_install_hook	Install a persistent hook and return its script id
frida_get_hook_messages	Get queued events from persistent hook scripts
frida_clear_hook_messages	Clear hook event queues for the active session
frida_uninstall_hooks	Unload all persistent hook scripts in the current session
frida_list_hooks	List all installed persistent hooks in the current session
frida_hook_native_by_offset	Hook a native function by module name + hex offset
frida_hook_native_function	Hook a native function by address using Interceptor.attach

Memory

Tool	Description
frida_read_memory	Read raw memory from a target process
frida_write_memory	Write raw bytes to process memory
frida_memory_scan	Scan process memory for a hex pattern
frida_memory_protect	Change memory protection on a region
frida_enumerate_ranges	Enumerate memory ranges matching a protection filter
frida_get_module_base	Get base address of a module by name (partial match)
frida_memory_dump_regions	Dump all readable memory regions from a target process to disk
frida_dump_module	Dump a live in-memory module image to disk
frida_memory_alloc	Allocate memory inside a target process via Memory.alloc
frida_memory_patch_code	Patch executable code at an address using Memory.patchCode
frida_memory_query_protection	Query memory protection at a specific address
frida_memory_alloc_string	Allocate a string inside a target process
frida_memory_access_monitor	Monitor memory accesses (read/write/execute) on specified ranges
frida_read_typed	Read a typed value from process memory
frida_write_typed	Write a typed value to process memory
frida_hexdump	Formatted hex dump of memory at an address
frida_memory_dup	Duplicate memory with GumJS Memory.dup()

Process introspection

Tool	Description
frida_check	Verify frida + frida-tools install state and version
frida_list_processes	Enumerate running processes via Frida's local device
frida_process_info	Get detailed process metadata (pid, arch, platform, etc.)
frida_enumerate_threads	List all threads with state and registers
frida_enumerate_modules	List all loaded modules in a target process
frida_enumerate_exports	List exported symbols from a specific module
frida_enumerate_imports	Enumerate imports of a module
frida_enumerate_symbols	List all symbols (not just exports) from a module
frida_enumerate_sections	Enumerate sections (name, base, size, protection) of a module
frida_enumerate_dependencies	Enumerate dependencies of a module
frida_enumerate_malloc_ranges	Enumerate malloc heap ranges filtered by memory protection
frida_find_export_by_name	Find a single export by name, optionally scoped to a module
frida_find_symbol_by_name	Find a symbol by name within a module
frida_resolve_debug_symbol	Resolve a debug symbol from an address
frida_find_functions_named	Find all functions with an exact name
frida_find_functions_matching	Find functions matching a glob pattern
frida_load_debug_symbols	Load debug symbols from a file (e.g. dSYM)

Interceptor

Tool	Description
frida_intercept_objc_method	Hook a specific ObjC method via Interceptor and log invocations
frida_interceptor_replace	Replace a native function entirely using Interceptor.replace
frida_spoof_return	Spoof the return value of a function
frida_callstack_tracer	Trace call stacks for a specific function, symbolicated

Stalker

Tool	Description
frida_stalker_coverage	Collect basic-block coverage using Frida Stalker
frida_stalker_configure	Configure and start Stalker with advanced options on a specific thread
frida_spawn_gating	Enable spawn gating to intercept all new process spawns
frida_child_process_trap	Monitor child process creation by hooking spawn/fork/exec APIs
frida_discover	Run official frida-discover for internal function discovery
frida_gum_graft	Run official gum-graft when available

Script injection

Tool	Description
frida_script_run_file	Run a local Frida JS script against a process with runtime/parameters options
frida_eval	Evaluate inline JavaScript against a target
frida_cli_compile_bundle	Compile a Frida JS script with frida-compile
frida_cli_options_file_parse	Parse a Frida CLI --options-file into tokens for agent planning
frida_codeshare_run	Run an official frida-tools CodeShare script via frida -c
frida_script_eternalize	Inject a script and eternalize it so it survives session detach
frida_cmodule_compile	Compile inline C code and load it via CModule, with optional toolchain selection
frida_native_function_call	Call a native function by address inside a target process
frida_inject_library	Inject a shared library (.dylib / .so) into a target process
frida_trace	frida-trace function-tracing capture for N seconds

Objective-C

Tool	Description
frida_objc_classes	Enumerate ObjC class names matching a pattern
frida_objc_choose	Find live ObjC instances of a class on the heap
frida_objc_register_class	Register a new ObjC class at runtime
frida_objc_create_block	Create an ObjC block at runtime
frida_objc_schedule	Schedule JavaScript on the ObjC main thread dispatch queue
frida_objc_inspect_object	Inspect an ObjC object at a given address
frida_objc_call_method	Call an ObjC method on an object at a given address
frida_objc_list_protocols	List all registered ObjC protocols
frida_dump_class	Dump full ObjC class structure: methods, protocols, ivars
frida_xpc_intercept	xpcspy-style XPC message capture

Swift

Tool	Description
frida_swift_demangle	Demangle a Swift symbol using the in-process Swift runtime
frida_api_resolver	Resolve API symbols using Frida's ApiResolver

Java / Android Runtime

Tool	Description
frida_java_list_classes	Enumerate loaded Java/ART classes
frida_java_list_methods	List declared methods of a Java class
frida_java_hook_method	Hook all overloads of a Java method
frida_java_call	Execute arbitrary JS inside a Java.perform() block
frida_java_load_dex	Dynamically load a DEX file into an Android process

Security bypass

Tool	Description
frida_ssl_pinning_disable	Universal SSL pinning bypass (Android + iOS/macOS)
frida_ssl_keylog	Extract TLS session keys for Wireshark decryption
frida_crypto_hook	Hook crypto APIs to capture encryption/decryption operations
frida_string_sniffer	Sniff strings as they are created at runtime
frida_time_warp	Warp time perception for a target process
frida_anti_root_bypass	Bypass root/jailbreak detection
frida_anti_debug_bypass	Bypass debugger detection mechanisms

File system

Tool	Description
frida_file_list	List files in a directory on the target's filesystem
frida_file_read	Read a file from the target's filesystem view
frida_file_download	Download a file from the target to the local host
frida_file_write	Write data to a file on the target's filesystem
frida_file_seek_read	Read bytes from a file at a specific offset

Database

Tool	Description
frida_sqlite_open	Open a SQLite database and list tables
frida_sqlite_exec	Execute SQL against a SQLite database inside the target
frida_sqlite_dump	Full schema + data dump of a SQLite database

Network

Tool	Description
frida_socket_connect	Open a TCP/UDP connection from within the target process
frida_socket_listen	Open a listening socket inside the target process

Cloak

Tool	Description
frida_cloak_thread	Hide a thread from in-process detection
frida_cloak_range	Hide a memory range from detection
frida_cloak_fd	Hide a file descriptor from detection

Profiler

Tool	Description
frida_profiler_start	Start profiling specific addresses
frida_profiler_report	Retrieve the profiler report
frida_instruction_parse	Disassemble a single instruction at an address

Kernel

Tool	Description
frida_kernel_read	Read kernel memory at an address
frida_kernel_write	Write raw bytes to kernel memory
frida_kernel_scan	Scan kernel memory for a hex pattern
frida_kernel_enumerate_modules	Enumerate kernel modules (kexts)

Windows platform

Tool	Description
frida_win_api_monitor	Hook Win32 APIs and log call arguments
frida_win_dotnet_list_assemblies	Enumerate .NET assemblies loaded in a target process
frida_win_dotnet_hook_method	Hook a .NET method and log invocations
frida_win_registry_monitor	Monitor Registry operations
frida_win_com_intercept	Intercept a COM vtable method call
frida_win_etw_bypass	Patch EtwEventWrite to neutralise ETW event logging
frida_win_crypto_hook	Hook CryptoAPI and BCrypt encryption/decryption
frida_win_amsi_bypass	Patch AmsiScanBuffer to bypass AMSI scanning
frida_win_hollowing_detect	Detect process hollowing via PE section comparison

Android platform

Tool	Description
frida_android_content_provider_hook	Hook ContentResolver operations for a specific authority
frida_android_intent_intercept	Intercept Intent dispatching
frida_android_shared_prefs_dump	Dump SharedPreferences key-value pairs
frida_android_webview_hook	Hook WebView methods to capture JS bridge interactions
frida_android_jni_hook	Hook JNI functions in libart.so

iOS / macOS platform

Tool	Description
frida_ios_keychain_dump	Dump accessible Keychain items from a target process
frida_ios_ats_bypass	Disable App Transport Security for a target process
frida_ios_url_scheme_hook	Hook URL scheme and Universal Link handling

Linux platform

Tool	Description
frida_linux_syscall_hook	Hook libc syscall wrappers and log arguments
frida_linux_preload_detect	Detect LD_PRELOAD and suspicious library injections
frida_linux_dbus_intercept	Intercept D-Bus method calls and messages
frida_linux_got_hook	Overwrite a GOT/PLT entry for a function in a target module
frida_linux_seccomp_detect	Detect seccomp sandbox status in a target process

Misc

Tool	Description
frida_set_exception_handler	Install an in-process exception handler to catch crashes
frida_run_on_thread	Execute JavaScript on a specific thread
frida_heap_search	Search the heap for live ObjC instances of a class

Platform support

Platform	Capabilities
Cross-platform	Script/session lifecycle, RPC, event queues, process, memory, hooks, stalker, interceptor, ObjC, Swift, Java, files, DB, network, cloak, profiler, kernel, agent workflows
macOS / iOS	ObjC runtime, XPC interception, Keychain, ATS bypass, URL schemes, SSL pinning, code signing
Android	Java/ART bridge, JNI hooks, Intent interception, ContentProvider, WebView, SharedPrefs, root bypass
Windows	Win32 API monitoring, .NET/CLR, COM interception, Registry, ETW bypass, AMSI bypass, CryptoAPI, hollowing detection
Linux	Syscall hooks, LD_PRELOAD detection, D-Bus interception, GOT/PLT hooks, seccomp detection
Kernel	Kernel memory read/write/scan, kext enumeration

Capability summary

Feature	Support
Tool catalogue	Registered MCP tools for Frida workflows
Persistent sessions and scripts	Yes
RPC exports	Long-running scripts can expose callable functions through rpc.exports
Event queues	Script and hook events are stored per script_id
Platform-focused workflows	macOS/iOS, Android, Windows, Linux, kernel
Process and module introspection	Yes
Memory operations	Read, write, scan, protect, dump, typed access
Native instrumentation	Interceptor, Stalker, CModule, NativeFunction
Official Frida APIs	DeviceManager, Device, Bus, Session, Script, Compiler, PackageManager, PortalService, peer connection, ModuleMap, SystemFunction, Thread hardware break/watchpoints, Worker, RustModule, Checksum, Sampler
Runtime helpers	ObjC, Java/ART, Swift, .NET-oriented workflows
Files and databases	Target-side file access and SQLite helpers
Agent workflow entrypoint	Target snapshot with recommended next tools
Bidirectional messaging	script.post() plus target-side recv()

macOS attach permissions

Frida attaches through task ports, and macOS can deny that for several independent reasons. SIP is only one of them. Even with SIP fully disabled, attach may still fail if the terminal/Python host lacks Developer Tools/debugging permission, the target is a protected platform binary, the process is sandboxed, architectures do not match, or the host environment hides the process list.

For normal development, prefer self-built test apps or explicitly authorized apps first. Avoid using Apple system binaries such as /bin/sleep as the first attach probe; they are platform-signed and can be denied even when launched by your own user. If a self-built target fails, fix local debugging permission before changing SIP. System daemons and Apple platform binaries may require reduced SIP debug restrictions, but that still does not guarantee attach on every target.

Useful checks:

• Run frida_check to confirm Python Frida and frida-tools are installed.
• Run frida_host_diagnostics from the same shell or MCP client that will run Frida. On macOS it reports Developer Tools status, task-port AuthorizationDB checks, the active Python executable, and whether that Python shows debugger-related code-signing entitlements.
• Run frida_list_devices and frida_list_processes; an empty process list usually points to host permission or sandboxing.
• Try a self-built process with frida_connect(..., spawn=True) before targeting system services.
• On macOS, grant the terminal or Python runner Developer Tools/debugging permission in System Settings when prompted.

If self-built spawn/attach fails with unable to access process ... from the current user account, treat it as a local macOS debug-permission issue first. Check DevToolsSecurity -status, the _developer group, and the code-signing entitlements of the Python interpreter used by fuzzmind-frida-mcp or frida. The official Frida troubleshooting notes cover macOS task-port authorization: https://frida.re/docs/troubleshooting/

Common lab-only recovery steps:

sudo DevToolsSecurity -enable
sudo dseditgroup -o edit -a "$USER" -t user _developer

Restart the terminal or MCP client after changing Developer Tools permissions. If AuthorizationDB task-port checks still fail on a dedicated research host, follow the Frida troubleshooting guidance for system.privilege.taskport. If the Python host remains the blocker, use a disposable pyenv/venv Python for Frida work and sign that interpreter with debugger entitlements rather than changing the system Python.

For release validation, use official Frida packages in a clean project venv and run the real smoke tests with FUZZMIND_FRIDA_REAL_ATTACH=1. These tests require native Frida spawn/attach for a self-built target.

Repository layout

Path	Purpose
src/fuzzmind_frida_mcp/server.py	CLI entrypoint and FastMCP startup only
src/fuzzmind_frida_mcp/toolsets/	MCP-facing tool functions grouped by exposed surface: lifecycle, instrumentation, runtimes, platform, data, recipes
src/fuzzmind_frida_mcp/tools/	Implementation modules used by MCP-facing tools
src/fuzzmind_frida_mcp/tools/official/	Thin wrappers around official Frida Python/GumJS APIs, grouped by upstream object
src/fuzzmind_frida_mcp/tools/lifecycle/	Device, process, session, and script lifecycle workflows
src/fuzzmind_frida_mcp/tools/instrumentation/	Memory, hook, Interceptor, Stalker, Kernel, Cloak, and profiler helpers
src/fuzzmind_frida_mcp/tools/runtimes/	Java, ObjC, and Swift runtime workflows
src/fuzzmind_frida_mcp/tools/platform/	Android, iOS/macOS, Linux, and Windows focused workflows
src/fuzzmind_frida_mcp/tools/data/	File, database, and socket helpers
src/fuzzmind_frida_mcp/tools/recipes/	Higher-level security and environment workflows

The official/ package is intentionally separate from high-level workflow modules. For example, tools/official/device.py follows official DeviceManager/Device APIs, while tools/lifecycle/device.py exposes Agent-friendly workflows built on top of Frida.

Contributing

PRs welcome. Please read the CONTRIBUTING document first:

• Keep one MCP-facing function per tool and register grouped surfaces through src/fuzzmind_frida_mcp/toolsets/
• Put official API thin wrappers under src/fuzzmind_frida_mcp/tools/official/
• Add platform-specific tools to the appropriate src/fuzzmind_frida_mcp/tools/platform/ module
• Cross-platform implementation tools go in the matching grouped package (instrumentation/, lifecycle/, runtimes/, data/, or recipes/)

License

MIT — Copyright (c) 2026 FuzzMind Security Lab