Reversecore MCP逆向工程服务 是 AI Skill Hub 本期精选MCP工具之一。综合评分 8.2 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
安全优先的MCP服务器,集成Ghidra和Radare2等逆向工程工具,为AI智能体提供程序分析和反编译能力。适合安全研究员、逆向工程师和AI应用开发者,可自动化二进制分析工作流。
Reversecore MCP逆向工程服务 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
安全优先的MCP服务器,集成Ghidra和Radare2等逆向工程工具,为AI智能体提供程序分析和反编译能力。适合安全研究员、逆向工程师和AI应用开发者,可自动化二进制分析工作流。
Reversecore MCP逆向工程服务 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/sjkim1127/Reversecore_MCP
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"reversecore-mcp------": {
"command": "npx",
"args": ["-y", "reversecore_mcp"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 Reversecore MCP逆向工程服务 执行以下任务... Claude: [自动调用 Reversecore MCP逆向工程服务 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"reversecore_mcp______": {
"command": "npx",
"args": ["-y", "reversecore_mcp"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
<img src="icon.png" alt="Reversecore MCP" width="480" />
pytest tests/unit/ -v
pytest tests/integration/ -v
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 4 cores | 8+ cores |
| RAM | 8 GB | 16 GB |
| Storage | 20 GB | 50 GB SSD |
| OS | Linux / macOS | Docker environment (any OS) |
| Docker | 20.10+ | 24.0+ |
| Python (local mode) | 3.10 | 3.11 or 3.12 |
---
The fastest way to get started with zero dependency installation:
docker run -i --rm \
-v /path/to/your/samples:/app/workspace \
-e REVERSECORE_WORKSPACE=/app/workspace \
-e MCP_TRANSPORT=stdio \
ghcr.io/sjkim1127/reversecore_mcp:latest
git clone https://github.com/sjkim1127/Reversecore_MCP.git
cd Reversecore_MCP
./scripts/run-docker.sh # auto-detects Intel / Apple Silicon
Or manually:
docker compose --profile x86 up -d # Intel/AMD
docker compose --profile arm64 up -d # Apple Silicon (M1/M2/M3)
If you run the server via Docker Compose (in the background), this mode uses standard stdio channeled directly inside the running container. It offers zero startup latency, persistent analysis memory, and perfect compatibility (bypasses IDE client-side HTTP/SSE connection bugs).
{
"mcpServers": {
"Reversecore_MCP": {
"command": "docker",
"args": [
"exec",
"-i",
"-e",
"MCP_TRANSPORT=stdio",
"reversecore-mcp-arm64",
"python",
"server.py"
]
}
}
}
Note: Replace reversecore-mcp-arm64 with reversecore-mcp if you are on an Intel/AMD architecture.
---
If you prefer running a fresh, isolated container automatically on every request:
<details> <summary>🍎 macOS</summary>
{
"mcpServers": {
"reversecore": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/Users/YOUR_USERNAME/samples:/app/workspace",
"-e", "REVERSECORE_WORKSPACE=/app/workspace",
"-e", "MCP_TRANSPORT=stdio",
"ghcr.io/sjkim1127/reversecore_mcp:latest"
]
}
}
}
</details>
<details> <summary>🐧 Linux</summary>
{
"mcpServers": {
"reversecore": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/home/YOUR_USERNAME/samples:/app/workspace",
"-e", "REVERSECORE_WORKSPACE=/app/workspace",
"-e", "MCP_TRANSPORT=stdio",
"ghcr.io/sjkim1127/reversecore_mcp:latest"
]
}
}
}
</details>
<details> <summary>🪟 Windows</summary>
{
"mcpServers": {
"reversecore": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "C:/samples:/app/workspace",
"-e", "REVERSECORE_WORKSPACE=/app/workspace",
"-e", "MCP_TRANSPORT=stdio",
"ghcr.io/sjkim1127/reversecore_mcp:latest"
]
}
}
}
</details>
⚠️ Important — File Paths Inside Docker Your local folder is mounted to/app/workspaceinside the container. Always reference files by filename only, not by your local full path. | ❌ Wrong | ✅ Correct | |---|---| |r2_decompile("/Users/john/samples/mal.exe")|r2_decompile("mal.exe")|
---
git clone https://github.com/sjkim1127/Reversecore_MCP.git
cd Reversecore_MCP
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
pip install -r requirements-dev.txt
pre-commit install # installs Gitleaks, Ruff, Bandit hooks
Activate expert analysis modes by referencing these prompts in your AI client:
| Prompt | Use Case |
|---|---|
full_analysis_mode | 6-phase comprehensive analysis: triage → disassembly → behavior → network → persistence → report |
basic_analysis_mode | Rapid triage for initial assessment and quick verdicts |
game_analysis_mode | Game client analysis with anti-cheat detection and memory inspection |
firmware_analysis_mode | IoT/embedded firmware: binwalk extraction, UART strings, hardcoded credentials |
report_generation_mode | Structured session workflow with MITRE ATT&CK technique mapping |
How prompts work: Each prompt primes the AI with an expert persona, structured Chain-of-Thought checkpoints, and evidence classification (OBSERVED/INFERRED/POSSIBLE). This produces analyst-grade output, not just raw tool output.
---
git clone https://github.com/sjkim1127/Reversecore_MCP.git
cd Reversecore_MCP
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
python server.py
Prerequisites for local mode: Radare2 must be installed on your system (r2 --version). YARA is installed automatically viayara-python.
---
If you prefer network-based streaming (Server-Sent Events) for remote clients:
{
"mcpServers": {
"Reversecore_MCP": {
"url": "http://localhost:8000/mcp/sse"
}
}
}
---
All settings can be provided via environment variables or a .env file (see .env.example):
| Variable | Default | Description |
|---|---|---|
MCP_TRANSPORT | http | Transport mode: stdio or http |
REVERSECORE_WORKSPACE | /app/workspace | Analysis workspace directory |
REVERSECORE_READ_DIRS | "" | Additional colon-separated read-only directories |
LOG_LEVEL | INFO | Logging verbosity: DEBUG, INFO, WARNING, ERROR |
MCP_API_KEY | *(unset)* | API key for HTTP mode authentication (optional) |
RATE_LIMIT | 60 | Max requests per minute (HTTP mode only) |
TOOL_TIMEOUT | 300 | Default tool execution timeout in seconds |
R2_POOL_SIZE | 4 | Radare2 connection pool size |
REDIS_URL | redis://localhost:6379 | Redis URL for background task queue |
SMTP_HOST | *(unset)* | SMTP host for report email delivery |
SMTP_PORT | 587 | SMTP port |
SMTP_USER | *(unset)* | SMTP username |
SMTP_PASSWORD | *(unset)* | SMTP password |
---
| Tool | Backend | Description |
|---|---|---|
analyze_xrefs | Radare2 | Track function calls, data references, and control flow |
r2_read_memory | Radare2 | Read raw bytes from a given virtual address |
r2_list_structures | SQLite | List all annotated C structs from the persistent annotation DB |
r2_create_structure | SQLite | Create and persist a new struct annotation |
r2_add_bookmark | SQLite | Annotate an address with a persistent comment |
r2_list_bookmarks | SQLite | List all address bookmarks across the workspace |
r2_list_types | Radare2 | List all known types in the current binary analysis |
| Module | Purpose |
|---|---|
core/config.py | Centralized environment-aware configuration |
core/security.py | Input sanitization & path validation |
core/validators.py | File & binary path validators |
core/r2_pool.py | Thread-safe Radare2 connection pool |
core/r2_helpers.py | Structured Radare2 output utilities |
core/metrics.py | Per-tool execution times & error rates |
core/memory.py | Async SQLite AI memory store |
core/mitre_mapper.py | MITRE ATT&CK technique mapping engine |
core/evidence.py | Evidence classification (OBSERVED/INFERRED/POSSIBLE) |
core/resilience.py | Retry, circuit-breaker, timeout patterns |
core/task_queue.py | Background task queue (Redis + arq) |
core/extension_registry.py | Plugin/extension registration system |
core/sast/ | Python AST scanner + C/C++ regex scanner |
---
Every push to main runs the following gates — all must pass before deployment:
Lint & Security Gate Unit Tests (Python Matrix)
├─ Gitleaks (secret scan) ├─ pytest 3.10 --cov-fail-under=80
├─ Hadolint (Dockerfile) ├─ pytest 3.11 --cov-fail-under=80
├─ Ruff check + format └─ pytest 3.12 --cov-fail-under=80
├─ Mypy type check (87 files)
├─ Bandit (all severities) Docker Verification
└─ pip-audit (zero CVE) ├─ Build multi-arch image (amd64/arm64)
├─ Trivy container scan (LOW→CRITICAL)
CodeQL Analysis ├─ Integration tests (inside container)
└─ Python SAST └─ E2E MCP tool invocation
Deploy (main branch only)
└─ Push to GHCR + Trivy rescan on published image
Zero-bypass policy: CI/CD failures are never resolved by modifying pipeline configuration. Root causes are always fixed directly in source code or dependencies.
---
Reversecore_MCP 是一个基于 MCP 协议构建的自动化恶意软件分析工具。该项目旨在通过集成先进的反汇编能力,为安全分析师提供高效的自动化分析工作流,支持从样本上传到报告生成的全生命周期管理,是提升恶意软件研究效率的强大助手。
本项目具备强大的自动化分析能力,核心功能涵盖了从样本初步分拣(Triage)到深度反汇编(Decompile)的全过程。通过集成 Ghidra 引擎,它可以实现复杂的代码逻辑分析,并结合专家级推理模式,为安全研究人员提供结构化的证据分类与分析报告。
运行本项目需要安装 Python 3.10+ 环境以及 FastMCP 框架。特别需要注意的是,为了实现高级反汇编功能,系统必须配置 Ghidra。项目提供了自动化安装脚本,可将 Ghidra 部署在项目指定的 Tools 目录下,确保分析环境的完整性。
推荐使用 Docker 进行部署,通过构建 Docker 镜像可以实现跨架构的快速运行。对于开发者,也可以通过 pip 安装 requirements-dev.txt 中的依赖进行本地开发。此外,项目支持通过提供的 PowerShell 或 Shell 脚本自动下载并配置特定版本的 Ghidra,简化了手动配置的复杂度。
项目支持多种交互模式。你可以通过单次 JSON 提交(One-Shot Submission)快速生成恶意软件提交记录;也可以进入交互式会话(Interactive Session),通过一系列指令完成从启动分析、添加 IOC、关联 MITRE ATT&CK 框架到最终生成并发送分析报告的完整闭环操作。
用户可以通过脚本自定义 Ghidra 的版本与安装路径。通过运行 install-ghidra 脚本,系统会自动下载指定版本、解压至指定目录并自动更新项目的 .env 配置文件,设置好 GHIDRA_INSTALL_DIR 环境变量,确保 MCP Client(如 Cursor AI)能够正确调用底层分析引擎。
本项目提供了丰富的 API 接口,支持自动化分析流程中的各个环节。开发者可以通过调用特定的函数实现样本上传、交叉引用(X-Refs)查询、结构体分析以及反汇编指令,从而构建高度定制化的自动化安全分析流水线。
项目内置了标准化的分析工作流:从样本上传(Upload)开始,经过分拣(Triage)、交叉引用(X-Refs)、结构体分析(Structures)、反汇编(Decompile)直至最终的防御建议(Defense)。用户可以使用内置的 full_analysis_mode 进行深度专家级推理分析,或使用 basic_analysis_mode 进行快速分拣。
MCP框架下的专业逆向工程工具集成方案,填补AI智能体在程序分析领域空白,架构设计安全优先,Stars增长稳健,具有专业价值。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
经综合评估,Reversecore MCP逆向工程服务 在MCP工具赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | Reversecore_MCP |
| 原始描述 | 开源MCP工具:A security-first MCP server empowering AI agents to orchestrate Ghidra, Radare2,。⭐62 · Python |
| Topics | 逆向工程MCP服务器GhidraRadare2二进制分析 |
| GitHub | https://github.com/sjkim1127/Reversecore_MCP |
| License | MIT |
| 语言 | Python |
收录时间:2026-05-25 · 更新时间:2026-05-30 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端