Skip to main content
hc
Submit
4 compared

Reverse engineering MCP servers compared

Reverse-engineering and debugging MCP servers that connect Claude to RE tooling, compared on trust, setup, and safety.

Open in the interactive comparison tool
FieldGhidraMCP Server

Ghidra plugin and MCP bridge that lets AI assistants inspect, decompile, rename, comment, and analyze binaries through Ghidra reverse-engineering workflows.

Open dossier 		IDA Pro MCP Server

MCP server and Claude Code plugin for connecting IDA Pro or headless idalib to AI assistants for reverse engineering, decompilation, xref lookup, renaming, commenting, and binary analysis workflows.

Open dossier 		JADX AI MCP Server

JADX plugin and companion Python MCP server that lets Claude inspect, search, refactor, and debug decompiled Android APKs from JADX-GUI.

Open dossier 		WinDbg MCP Server

MCP server that connects Claude to Windows CDB/WinDbg for crash dump discovery, dump triage, remote debugging targets, custom debugger commands, debugger cleanup, and CTRL+BREAK interrupts.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorLaurieWiredmrexodiazinja-codersvnscha
Added2026-06-052026-06-052026-06-052026-06-06
Platforms
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesReverse engineering may be legally restricted; confirm authorization before analyzing third-party or proprietary binaries. Malware, exploit samples, and unknown binaries should be handled in isolated environments with limited network and filesystem access. LLM-generated names, comments, and conclusions must be verified against Ghidra decompiler output, disassembly, imports, exports, and xrefs. Keep backups of Ghidra projects before allowing an agent to rename symbols, alter comments, or save project state.Reverse engineering may be legally or contractually restricted; confirm authorization before analyzing proprietary binaries or third-party samples. Malware samples and exploit tooling should be handled in isolated environments with network and filesystem controls. LLMs can hallucinate reverse-engineering conclusions; verify findings against disassembly, decompiler output, xrefs, and reproducible scripts. Do not let an agent patch, rename, comment, or save IDA databases used for evidence without review and backups.Use this server only for APKs and Android applications you own, are responsible for, or are explicitly authorized to inspect. The plugin exposes decompiled classes, methods, fields, smali, manifests, strings, resources, xrefs, and debugger state to the MCP client. Rename and refactor tools can modify JADX project state and naming decisions; review changes before saving project output or using generated reports. The architecture docs describe a local plugin service with no built-in authentication; keep it bound to localhost unless you add network controls. Optional HTTP mode for the MCP server should not be exposed to untrusted networks without authentication, TLS, and firewall restrictions. Decompiled strings, manifests, and resources can contain prompt-injection text or untrusted content; treat tool output as untrusted input.WinDbg MCP starts CDB processes and can run arbitrary WinDbg commands supplied through the MCP tool call. Remote debugging tools can attach to live targets, inspect process state, send CTRL+BREAK, and interrupt execution. Crash dump analyses and remote connections remain active until closed or the CDB process is terminated. Symbol paths can fetch symbols from network symbol servers and can disclose module names, versions, and debugging context. Do not expose streamable HTTP mode beyond a trusted host without transport security, authentication, and network controls.
Privacy notesBinaries, function names, strings, imports, exports, decompilation output, comments, and analysis notes may be sent to the MCP client and model. Extracted strings and decompiled code can expose proprietary logic, credentials, API endpoints, malware indicators, or customer data. Generated reports can reveal sensitive vulnerability research or product internals.Binaries, IDA databases, symbol names, strings, comments, decompiler output, and vulnerability findings may be sent to the MCP client and model. Proprietary firmware, customer crash samples, malware indicators, license keys, and embedded secrets can appear in extracted strings or decompiled code. Reports and prompts may reveal unreleased product internals or sensitive security research.APK source, package names, manifests, resources, strings, selected text, debugger variables, and analysis prompts may be sent to the model provider. Debugger tools can expose runtime values, tokens, identifiers, device data, or user information from the analyzed application. Reverse-engineering work can reveal proprietary code, licensed assets, customer data, or confidential security findings. Avoid uploading malware samples, third-party apps, client applications, or regulated data to external model providers without approval.Crash dumps can contain memory, stack values, command lines, environment variables, file paths, registry data, sensitive values, PII, customer data, and proprietary code or symbols. WinDbg output, dump paths, remote connection strings, symbol paths, module lists, thread stacks, exception records, and debugger command output may be visible to the MCP client and model provider. Verbose logs, command transcripts, dump triage prompts, and saved analysis results can retain sensitive crash data after use. Redact dump paths, remote endpoints, symbols, process details, and command output before sharing logs, screenshots, or PR comments.
Prerequisites
  • Installed Ghidra.
  • Python 3.
  • MCP Python SDK dependencies required by the project.
  • Latest GhidraMCP release zip imported as a Ghidra extension.
  • IDA Pro 8.3 or newer, with IDA Pro 9 recommended; IDA Free is not supported.
  • Python 3.11 or newer and uv.
  • Globally activated idalib for the headless Claude Code plugin path.
  • Supported MCP client such as Claude Code, Claude Desktop, Codex, Cursor, Gemini CLI, or another documented host.
  • Java 11 or newer and JADX-GUI installed.
  • Python and uv available for installing or running the companion MCP server.
  • The JADX AI MCP plugin installed in JADX-GUI.
  • An Android APK, JADX project, or reverse-engineering target you are authorized to analyze.
  • Windows environment with Debugging Tools for Windows, CDB, or WinDbg installed.
  • Python 3.10 or newer.
  • MCP client configuration access for stdio or reviewed streamable HTTP transport.
  • Crash dumps, dump directories, or remote debugging targets you are authorized to inspect.
Install
python bridge_mcp_ghidra.py --transport sse
claude plugin marketplace add mrexodia/claude-marketplace && claude plugin install ida-pro-mcp@mrexodia
jadx plugins --install "github:zinja-coder:jadx-ai-mcp"
pip install mcp-windbg
Config
{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": ["/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py"]
    }
  }
}
{
  "mcpServers": {
    "ida-pro": {
      "command": "uv",
      "args": ["run", "idalib-mcp", "--stdio"]
    }
  }
}
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "jadx_mcp_server"
    }
  }
}
{
  "mcpServers": {
    "mcp_windbg": {
      "command": "python",
      "args": ["-m", "mcp_windbg"],
      "env": {
        "CDB_PATH": "<optional-cdb-executable-path>",
        "_NT_SYMBOL_PATH": "<reviewed-symbol-path>"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
More comparisons, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.