MCP.so
登录

Radare2 MCP Server

@radareorg

关于 Radare2 MCP Server

MCP stdio server for radare2

基本信息

分类

其他

许可证

MIT

运行时

c

传输方式

stdio

发布者

radareorg

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "radare2-mcp-radareorg": {
      "command": "docker",
      "args": [
        "build",
        "-t",
        "r2mcp",
        "."
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Radare2 MCP Server?

Radare2 MCP Server is an MCP (Model Context Protocol) server that bridges the radare2 reverse engineering framework with AI agents such as OpenCode, Mai, VSCode, Claude, and CLION. Built entirely in C using native radare2 APIs, it enables seamless binary analysis, connects to local or remote radare2/iaito sessions via r2pipe, and supports both stdin/stdout and HTTP communication modes. It is designed for security researchers and developers who want to use AI to assist with binary analysis.

How to use Radare2 MCP Server?

Install via r2pm -Uci r2mcp. Then configure your MCP client (e.g., Claude Desktop, VSCode, Zed) with the command "r2pm" and arguments ["-r", "r2mcp"]. Alternatively, build from source with make install or use the Docker image. The server can also run as a radare2 core plugin (r2mcp start inside r2) or as a standalone HTTP server using r2mcp -H <port>. HTTP mode supports bearer authentication, session multiplexing via X-Session-ID, and fine-grained tool configuration.

Key features of Radare2 MCP Server

  • Fully written in C using native radare2 APIs
  • Works from CLI, as an r2 plugin, or as an MCP server
  • Seamless binary analysis with radare2
  • Connects to any local or remote r2/iaito session via r2pipe
  • Supports readonly mode, sandbox lock, and restrict tools
  • Optional raw access to run r2 commands or r2js scripts

Use cases of Radare2 MCP Server

  • Automated binary analysis with AI agents in VSCode, Claude, or Zed
  • Interactive reverse engineering in Claude Desktop
  • Remote binary analysis via r2pipe across networked sessions
  • Using radare2 as a core plugin for on-the-fly analysis within an existing r2 session
  • Integrating AI-powered reverse engineering into CI/CD pipelines (via Docker)

FAQ from Radare2 MCP Server

What is the difference between stdin/stdout and HTTP mode?

Stdin/stdout is the default MCP communication model. HTTP mode (-H <port>) enables session multiplexing via the X-Session-ID header and supports bearer authentication with the -a option.

Does Radare2 MCP Server require radare2 to be installed?

Yes. The package is installed via r2pm or built from source using radare2’s native APIs. A radare2 installation (version 6.1.2 or later recommended) is required.

Can Radare2 MCP Server connect to an already running radare2 session?

Yes. It can connect to any local or remote r2/iaito session using r2pipe. The r2 core plugin mode also reuses the current RCore object, so MCP tools operate on the file and analysis state already loaded.

How do I secure the HTTP server?

Use -a <token> to set a bearer token, or -A to generate a random token printed on stderr. The R2MCP_AUTH_TOKEN environment variable can also be used.

Is there a readonly mode for safety?

Yes. Radare2 MCP Server supports a readonly mode, sandbox lock, and can restrict which tools are exposed. The r2mcp.readonly and r2mcp.sandbox eval keys control these settings.

评论

其他 分类下的更多 MCP 服务器