Skillget

ida-mcp-rs

mcp
Guvenlik Denetimi
Basarisiz
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 254 GitHub stars
Code Basarisiz
  • rm -rf — Recursive force deletion command in test/http_integration.sh
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is a headless MCP server that integrates IDA Pro with AI agents (like Claude, Codex, and Gemini) to enable AI-powered reverse engineering and binary analysis. It requires a local, licensed installation of IDA Pro to function.

Security Assessment
Risk: Low. The tool operates entirely locally and links directly against your existing IDA Pro libraries. It does not request dangerous system permissions or make external network requests. Because it is designed for reverse engineering, it naturally handles sensitive data (binary files, proprietary firmware, or potentially malicious code). Developers should ensure their AI agent's conversation logs are kept private if they are analyzing confidential binaries. A recursive force deletion command (`rm -rf`) was flagged in an integration test script, but this is standard practice for cleaning up temporary testing environments and poses no threat to end users. No hardcoded secrets were detected.

Quality Assessment
The project demonstrates high quality and strong community confidence, having accumulated 254 GitHub stars. It is under highly active development, with the most recent code push occurring just today. It is properly licensed under the permissive MIT license. Furthermore, the documentation is exceptional, providing clear, platform-specific installation guides for macOS, Linux, and Windows, as well as straightforward setup instructions for various AI clients.

Verdict
Safe to use.
SUMMARY

Headless IDA Pro MCP Server

README.md

ida-mcp-rs

Headless IDA Pro MCP server for AI-powered reverse engineering.

Prerequisites

  • IDA Pro 9.2+ with valid license

Getting Started

Install

macOS (via Homebrew)

brew install blacktop/tap/ida-mcp        # LATEST (IDA 9.3)
brew install blacktop/tap/[email protected]    # IDA 9.2

Linux / Windows

Download the release matching your IDA version from GitHub Releases.

ida-mcp versions mirror IDA Pro versions (v9.3.x for IDA 9.3, v9.2.x for IDA 9.2). A version mismatch is detected at startup with a clear error message.

Build from source

See docs/BUILDING.md.

Platform Setup

macOS

Standard IDA installations in /Applications work automatically:

claude mcp add ida -- ida-mcp

If you see Library not loaded: @rpath/libida.dylib, set DYLD_LIBRARY_PATH to your IDA path:

claude mcp add ida -e DYLD_LIBRARY_PATH='/path/to/IDA.app/Contents/MacOS' -- ida-mcp

Supported paths (auto-detected):

  • /Applications/IDA Professional 9.3.app/Contents/MacOS
  • /Applications/IDA Home 9.3.app/Contents/MacOS
  • /Applications/IDA Essential 9.3.app/Contents/MacOS
  • /Applications/IDA Professional 9.2.app/Contents/MacOS

Linux

Standard IDA installations are auto-detected:

claude mcp add ida -- ida-mcp

If you see library loading errors, set IDADIR:

claude mcp add ida -e IDADIR='/path/to/ida' -- ida-mcp

Supported paths (auto-detected):

  • /opt/idapro-9.3, /opt/idapro-9.2
  • $HOME/idapro-9.3, $HOME/idapro-9.2
  • /usr/local/idapro-9.3, /usr/local/idapro-9.2

Windows

Add your IDA directory to PATH (System Properties > Environment Variables):

$env:PATH = "C:\Program Files\IDA Professional 9.3;$env:PATH"
claude mcp add ida -- ida-mcp

Common Windows IDA paths:

  • C:\Program Files\IDA Professional 9.3
  • C:\Program Files\IDA Home 9.3

Runtime Requirements

The binary links against IDA's libraries at runtime. Standard installation paths are auto-detected via baked RPATHs. For non-standard paths:

Platform Library Fallback Configuration
macOS libida.dylib DYLD_LIBRARY_PATH
Linux libida.so IDADIR or LD_LIBRARY_PATH
Windows ida.dll Add IDA dir to PATH

Configure your AI agent

Claude Code

claude mcp add ida -- ida-mcp

Codex CLI

codex mcp add ida -- ida-mcp

Gemini CLI

gemini mcp add ida -- ida-mcp

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "ida": { "command": "ida-mcp" }
  }
}

Usage

Once configured, you can analyze binaries through your AI agent:

# Open a binary (IDA analyzes raw binaries automatically)
open_idb(path: "~/samples/malware")

# Discover available tools
tool_catalog(query: "find callers")

# List functions
list_functions(limit: 20)

# Disassemble by name
disasm_by_name(name: "main", count: 20)

# Decompile (requires Hex-Rays)
decompile(address: "0x100000f00")

dyld_shared_cache analysis

open_dsc opens a single module from Apple's dyld_shared_cache. On first use it runs idat in the background to create the .i64 (this can take minutes). Subsequent opens are instant.

# Open a module from the DSC
open_dsc(path: "/path/to/dyld_shared_cache_arm64e", arch: "arm64e",
         module: "/usr/lib/libobjc.A.dylib")

# If a background task was started, poll until done
task_status(task_id: "dsc-1")

# Load additional frameworks for cross-module references
open_dsc(path: "/path/to/dyld_shared_cache_arm64e", arch: "arm64e",
         module: "/usr/lib/libobjc.A.dylib",
         frameworks: ["/System/Library/Frameworks/Foundation.framework/Foundation"])

# Incrementally load another DSC dylib into an already-open database
dsc_add_dylib(module: "/usr/lib/libSystem.B.dylib")

# Incrementally load a DSC data/GOT/stub region by address
dsc_add_region(address: "0x180116000")

# After dsc_add_dylib/dsc_add_region, confirm analysis readiness
analysis_status()

Requirements:

  • idat binary (from IDA installation) must be available via $IDADIR or standard install paths
  • The DSC loader and dscu plugin (bundled with IDA 9.x)

IDAPython scripting

run_script executes Python code in the open database via IDA's IDAPython engine. stdout and stderr are captured.

# Inline script
run_script(code: "import idautils\nfor f in idautils.Functions():\n    print(hex(f))")

# Run a .py file from disk
run_script(file: "/path/to/analysis_script.py")

# With timeout (default 120s, max 600s)
run_script(code: "import ida_bytes; print(ida_bytes.get_bytes(0x1000, 16).hex())",
           timeout_secs: 30)

All ida_* modules, idc, and idautils are available. See the IDAPython API reference.

The default tool list includes all tools. Use tool_catalog/tool_help to discover capabilities and avoid dumping the full list into context.

Docs

License

MIT Copyright (c) 2026 blacktop

Yorumlar (0)

Sonuc bulunamadi