Rbinmcp
by kirkderpcommunityv1.2.0
19
5
A Docker-packaged MCP server for binary analysis and malware triage that exposes tools for inspecting native binaries, .NET assemblies, reverse-engineering views, and artifact comparisons. It bundles backends like radare2, Ghidra, ILSpy, binutils, and related helpers behind one MCP interface with cache-backed analysis state.
From the registry: Rust MCP server for binary analysis and reverse engineering.
Install & configure
Prerequisites
- requiredInstall DockerDocker must be installed and running to launch the MCP server container.
Install in your client
Paste into the AI you're chatting with — it will figure out the rest
Please install the `rbinmcp` MCP server into my current AI client (that's you).
Required prerequisites (do these first if not already done):
- **Install Docker** — Docker must be installed and running to launch the MCP server container.
Canonical MCP server config (stdio transport):
- command: `docker`
- args: ["run","--rm","-i","-v","<absolute-path-to-samples>:/samples:ro","-v","rbinmcp-cache:/cache/rbinmcp","ghcr.io/kirkderp/rbinmcp:1.2.0"]
- optional environment variables:
- `RBINMCP_CACHE_DIR`: Overrides the cache root inside the container. (example: `<cache-dir>`)
- `GHIDRA_INSTALL_DIR`: Overrides the Ghidra install root inside the container. (example: `<ghidra-install-dir>`)
- `RBINMCP_GHIDRA_SCRIPTS_DIR`: Overrides the Ghidra scripts directory inside the container. (example: `<ghidra-scripts-dir>`)
- `RBINMCP_GHIDRA_TIMEOUT`: Sets the normal Ghidra call timeout in seconds. (example: `<ghidra-timeout-seconds>`)
- `RBINMCP_GHIDRA_IMPORT_TIMEOUT`: Sets the Ghidra import timeout in seconds. (example: `<ghidra-import-timeout-seconds>`)
- `RBINMCP_R2_OPEN_TIMEOUT`: Sets the radare2 open timeout in seconds. (example: `<r2-open-timeout-seconds>`)
- `RBINMCP_NATIVE_TIMEOUT`: Sets the native tool timeout in seconds. (example: `<native-timeout-seconds>`)
Note: The README also mentions an MCP registry package name, io.github.kirkderp/rbinmcp, but provides a complete direct Docker stdio configuration and states direct Docker configs pin the image tag. Replace <absolute-path-to-samples> with a real folder to analyze; files in that folder appear inside the container under /samples. A named Docker volume rbinmcp-cache is used for persistent cache data between runs.
Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.Note: The README also mentions an MCP registry package name, io.github.kirkderp/rbinmcp, but provides a complete direct Docker stdio configuration and states direct Docker configs pin the image tag. Replace <absolute-path-to-samples> with a real folder to analyze; files in that folder appear inside the container under /samples. A named Docker volume rbinmcp-cache is used for persistent cache data between runs.
Tools (5)
triage_binary
Quickly returns hashes, format, sections, imports, strings, function stats, and callgraph summary for a binary.
static_view
Shows cheap static metadata and focused views for PE, ELF, or Mach-O files.
dotnet_inventory
Lists managed .NET types such as classes, interfaces, structs, delegates, and enums.
r2_function_view
Provides fast radare2-backed function-level context and analysis views.
ghidra_import
Imports a binary into Ghidra and caches the project for later decompiler-backed queries.
Packages
ghcr.io/kirkderp/rbinmcp:1.2.0
ocitransport: stdio
Details
- Language
- Rust
- License
- MIT
- Released
- Apr 27, 2026
- Last commit
- Apr 28, 2026
- Registry name
- io.github.kirkderp/rbinmcp