Skip to main content

A security-first MCP server that empowers AI agents to perform automated reverse engineering, malware analysis, forensics, vulnerability research, and SAST — powered by Radare2, YARA, LIEF, Capstone, and more.

Project description

Reversecore MCP

Security-first Model Context Protocol server for reverse engineering, malware analysis, digital forensics, vulnerability research, and SAST.

Reversecore MCP gives MCP-compatible AI agents structured access to Radare2, r2ghidra, YARA, LIEF, Capstone, angr, Qiling, Volatility3, Scapy, and additional analysis engines. It is designed around explicit workspace boundaries, input validation, non-root containers, and security regression testing.

Installation

Full container image — recommended

The container image includes the supported native toolchain and is the most reproducible installation method:

docker run -i --rm \
  -v /absolute/path/to/samples:/app/workspace \
  -e REVERSECORE_WORKSPACE=/app/workspace \
  -e MCP_TRANSPORT=stdio \
  ghcr.io/sjkim1127/reversecore_mcp:2.1.0

Python package

Install the MCP server and all Python feature extras from PyPI:

pip install "reversecore-mcp[full]"

Native programs such as Radare2, YARA, Graphviz, Binwalk, and The Sleuth Kit must be installed separately when using the Python package directly.

Run the stdio server with:

MCP_TRANSPORT=stdio \
REVERSECORE_WORKSPACE=/absolute/path/to/samples \
reversecore-mcp

MCP client configuration

{
  "mcpServers": {
    "reversecore": {
      "command": "reversecore-mcp",
      "env": {
        "MCP_TRANSPORT": "stdio",
        "REVERSECORE_WORKSPACE": "/absolute/path/to/samples"
      }
    }
  }
}

Capabilities

  • Static analysis, disassembly, decompilation, cross-references, and CFG recovery
  • Malware triage, IOC extraction, YARA scanning, and MITRE ATT&CK mapping
  • Symbolic execution, emulation, fuzzing harness generation, and ROP analysis
  • Memory, disk, network, and host-artifact forensics
  • Python and C/C++ source-code security analysis
  • Structured evidence, session tracking, metrics, and report generation

Security model

Reversecore MCP processes potentially hostile binaries. Use a dedicated workspace and prefer the hardened container configuration for untrusted samples. The project CI includes dependency auditing, CodeQL, secret scanning, container scanning, path-boundary tests, fuzzing, and network-isolation checks.

Detailed configuration, tool documentation, Docker Compose profiles, and client examples are available in the GitHub repository.

Registry identity

  • MCP Registry name: io.github.sjkim1127/reversecore-mcp
  • PyPI package: reversecore-mcp
  • OCI image: ghcr.io/sjkim1127/reversecore_mcp

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reversecore_mcp-3.0.2.tar.gz (342.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reversecore_mcp-3.0.2-py3-none-any.whl (387.4 kB view details)

Uploaded Python 3

File details

Details for the file reversecore_mcp-3.0.2.tar.gz.

File metadata

  • Download URL: reversecore_mcp-3.0.2.tar.gz
  • Upload date:
  • Size: 342.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reversecore_mcp-3.0.2.tar.gz
Algorithm Hash digest
SHA256 1afe92f96f9785292d1bb64b646aac27d5c166206aa6b40e95c406c81543428c
MD5 fda4be17c11f84e2ea0b62e1aab68595
BLAKE2b-256 8f34a5a832e031e8206a3a36d2790a83e5c77c848198f09ba9f00961c2434815

See more details on using hashes here.

Provenance

The following attestation bundles were made for reversecore_mcp-3.0.2.tar.gz:

Publisher: release.yml on sjkim1127/Reversecore_MCP

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file reversecore_mcp-3.0.2-py3-none-any.whl.

File metadata

  • Download URL: reversecore_mcp-3.0.2-py3-none-any.whl
  • Upload date:
  • Size: 387.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reversecore_mcp-3.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 dfa8e5eb390df54884369aa710d207120fc76aaf7041f2f580e06a60f73f0903
MD5 07156440b27235bf60c757c22be9e4ee
BLAKE2b-256 4a11bf66467e71079933a8a8d156ed2d63e8475c4c1b12a4c5189a6f380f1918

See more details on using hashes here.

Provenance

The following attestation bundles were made for reversecore_mcp-3.0.2-py3-none-any.whl:

Publisher: release.yml on sjkim1127/Reversecore_MCP

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page