Binary Ninja plugin that starts an MCP HTTP server and a bridge so that LLM-based MCP clients (e.g., Claude Desktop) can query and modify the currently–opened binary. Provides endpoints for decompilation, renaming, commenting, type editing, etc.
https://github.com/fosdickio/binary_ninja_mcpYour Binary Ninja workflow just got a major upgrade. Instead of manually grinding through decompilation, function analysis, and binary exploration, you can now chat with Claude (or any MCP-compatible AI) about your binaries in real-time.
Binary analysis is tedious. You're constantly switching between the Binary Ninja interface, taking notes, cross-referencing functions, and building mental models of complex binaries. What if you could just ask your AI assistant to "generate a comprehensive analysis report of this malware sample" or "rename all the crypto functions with descriptive names"?
That's exactly what Binary Ninja MCP delivers. It creates a bridge between Binary Ninja's powerful analysis engine and AI assistants, turning your reverse engineering workflow into a conversation.
Automated Analysis Reports: Instead of manually documenting your findings, ask Claude to generate structured reports covering imports, exports, key functions, and potential attack vectors. Perfect for client deliverables or team handoffs.
Intelligent Function Naming: Stop manually renaming sub_401000 to something meaningful. Describe what you think the function does, and let the AI suggest appropriate names based on the decompiled code.
Contextual Binary Exploration: Ask questions like "What functions handle network communication?" or "Show me all the functions that might be doing cryptographic operations" and get immediate, context-aware answers.
Interactive Decompilation: Get explanations of complex decompiled code, suggestions for variable names, or help understanding control flow without leaving your analysis context.
The plugin runs as a local MCP server within Binary Ninja, so your binary data never leaves your machine. Claude Desktop connects directly to your running Binary Ninja instance, maintaining full access to your current analysis session.
Quick Setup: Install through Binary Ninja's Plugin Manager, start the MCP server, configure Claude Desktop, and you're analyzing binaries with AI assistance in under 5 minutes.
Real-time Integration: Every change you make in Binary Ninja is immediately available to your AI assistant. Rename a function manually, and Claude instantly knows about it for future conversations.
Whether you're analyzing malware, hunting for vulnerabilities, or reverse engineering proprietary protocols, this combination dramatically speeds up the discovery phase. Instead of spending hours building an understanding of a binary's structure, you can query the AI about specific aspects and get immediate insights.
Malware Analysis: "What persistence mechanisms does this sample use?" gets you a comprehensive breakdown of registry modifications, file drops, and scheduled tasks.
Vulnerability Research: "Which functions handle user input without validation?" helps you quickly identify potential attack surfaces.
Protocol Reverse Engineering: "Map out the network communication functions and their parameters" gives you a head start on understanding custom protocols.
The 20+ available functions cover everything from basic binary information to advanced type manipulation:
Install the plugin through Binary Ninja's Plugin Manager, set up the Claude Desktop bridge, and start having conversations about your binaries. The setup is straightforward, and the automated configuration script handles the Claude Desktop integration on macOS.
The moment you start your first conversation with Claude about a loaded binary, you'll understand why this belongs in every reverse engineer's toolkit. It's not just about automation—it's about having an expert analyst available 24/7 to help you understand what you're looking at.
Your binaries are about to become a lot more talkative.