Metadata-Version: 2.4
Name: reversecore-mcp
Version: 3.0.2
Summary: A security-first MCP server that empowers AI agents to perform automated reverse engineering, malware analysis, forensics, vulnerability research, and SAST — powered by Radare2, YARA, LIEF, Capstone, and more.
Author: Kim Seongju
License-Expression: MIT
Project-URL: Homepage, https://github.com/sjkim1127/Reversecore_MCP
Project-URL: Documentation, https://github.com/sjkim1127/Reversecore_MCP#readme
Project-URL: Repository, https://github.com/sjkim1127/Reversecore_MCP.git
Project-URL: Issues, https://github.com/sjkim1127/Reversecore_MCP/issues
Project-URL: Changelog, https://github.com/sjkim1127/Reversecore_MCP/releases
Keywords: mcp,model-context-protocol,reverse-engineering,malware-analysis,digital-forensics,vulnerability-research,radare2,yara
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Typing :: Typed
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: mcp[cli]>=1.27.0
Requires-Dist: fastmcp==3.4.4
Requires-Dist: fastapi>=0.100.0
Requires-Dist: uvicorn>=0.30.0
Requires-Dist: python-multipart>=0.0.27
Requires-Dist: aiofiles>=24.0.0
Requires-Dist: aiofile<=3.9.0
Requires-Dist: pydantic>=2.13.0
Requires-Dist: pydantic-settings>=2.0.0
Requires-Dist: loguru>=0.7.0
Requires-Dist: orjson>=3.11.9
Requires-Dist: jinja2>=3.1.0
Requires-Dist: async-lru>=2.0.0
Requires-Dist: aiosqlite>=0.19.0
Requires-Dist: aiosmtplib>=5.1.0
Requires-Dist: python-dotenv>=1.2.2
Requires-Dist: arq>=0.25.0
Requires-Dist: redis>=5.0.0
Requires-Dist: pillow<11,>=10.4.0
Requires-Dist: markdown>=3.6.0
Requires-Dist: xhtml2pdf>=0.2.16
Requires-Dist: numpy<2.3.0
Requires-Dist: contourpy<1.3.3
Requires-Dist: pyxbe<=1.0.3
Requires-Dist: pyxdia<=0.1.0
Requires-Dist: pwntools>=4.12.0
Requires-Dist: ROPgadget>=7.3
Provides-Extra: analysis
Requires-Dist: pefile>=2023.0.0; extra == "analysis"
Requires-Dist: lief>=0.17.6; extra == "analysis"
Requires-Dist: capstone>=5.0.0; extra == "analysis"
Requires-Dist: keystone-engine>=0.9.2; extra == "analysis"
Requires-Dist: yara-python>=4.5.4; extra == "analysis"
Requires-Dist: r2pipe>=1.9.8; extra == "analysis"
Requires-Dist: angr<=9.2.213,>=9.2.0; extra == "analysis"
Requires-Dist: flare-capa>=7.0.0; extra == "analysis"
Provides-Extra: viz
Requires-Dist: graphviz>=0.20.0; extra == "viz"
Requires-Dist: networkx<3.5,>=3.4.2; extra == "viz"
Requires-Dist: matplotlib<3.11,>=3.8.0; extra == "viz"
Provides-Extra: cli
Requires-Dist: psutil>=5.9.0; extra == "cli"
Requires-Dist: requests>=2.31.0; extra == "cli"
Requires-Dist: typer>=0.25.1; extra == "cli"
Requires-Dist: rich>=13.0.0; extra == "cli"
Provides-Extra: magic
Requires-Dist: python-magic>=0.4.27; extra == "magic"
Requires-Dist: python-magic-bin; sys_platform == "win32" and extra == "magic"
Provides-Extra: http
Requires-Dist: slowapi>=0.1.9; extra == "http"
Provides-Extra: emulation
Requires-Dist: qiling>=1.4.6; extra == "emulation"
Requires-Dist: python-afl>=0.7.3; extra == "emulation"
Provides-Extra: forensics
Requires-Dist: volatility3>=2.4.0; extra == "forensics"
Requires-Dist: scapy>=2.5.0; extra == "forensics"
Provides-Extra: full
Requires-Dist: reversecore-mcp[analysis,cli,emulation,forensics,http,magic,viz]; extra == "full"
Provides-Extra: dev
Requires-Dist: pytest>=9.0.3; extra == "dev"
Requires-Dist: pytest-cov>=7.1.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
Requires-Dist: hypothesis>=6.90.0; extra == "dev"
Requires-Dist: pytest-timeout>=2.2.0; extra == "dev"
Requires-Dist: pytest-benchmark>=4.0.0; extra == "dev"
Requires-Dist: pytest-html>=4.1.0; extra == "dev"
Requires-Dist: black>=26.3.1; extra == "dev"
Requires-Dist: ruff>=0.1.0; extra == "dev"
Requires-Dist: mypy>=2.1.0; extra == "dev"
Requires-Dist: types-requests>=2.31.0; extra == "dev"
Requires-Dist: mkdocs>=1.5.0; extra == "dev"
Requires-Dist: mkdocs-material>=9.7.6; extra == "dev"
Requires-Dist: mkdocstrings[python]>=1.0.4; extra == "dev"
Requires-Dist: mkdocs-git-revision-date-localized-plugin>=1.5.2; extra == "dev"
Requires-Dist: pip-tools>=7.4.0; extra == "dev"
Dynamic: license-file

# Reversecore MCP

<!-- mcp-name: io.github.sjkim1127/reversecore-mcp -->

**Security-first Model Context Protocol server for reverse engineering, malware analysis, digital forensics, vulnerability research, and SAST.**

Reversecore MCP gives MCP-compatible AI agents structured access to Radare2, r2ghidra, YARA, LIEF, Capstone, angr, Qiling, Volatility3, Scapy, and additional analysis engines. It is designed around explicit workspace boundaries, input validation, non-root containers, and security regression testing.

## Installation

### Full container image — recommended

The container image includes the supported native toolchain and is the most reproducible installation method:

```bash
docker run -i --rm \
  -v /absolute/path/to/samples:/app/workspace \
  -e REVERSECORE_WORKSPACE=/app/workspace \
  -e MCP_TRANSPORT=stdio \
  ghcr.io/sjkim1127/reversecore_mcp:2.1.0
```

### Python package

Install the MCP server and all Python feature extras from PyPI:

```bash
pip install "reversecore-mcp[full]"
```

Native programs such as Radare2, YARA, Graphviz, Binwalk, and The Sleuth Kit must be installed separately when using the Python package directly.

Run the stdio server with:

```bash
MCP_TRANSPORT=stdio \
REVERSECORE_WORKSPACE=/absolute/path/to/samples \
reversecore-mcp
```

## MCP client configuration

```json
{
  "mcpServers": {
    "reversecore": {
      "command": "reversecore-mcp",
      "env": {
        "MCP_TRANSPORT": "stdio",
        "REVERSECORE_WORKSPACE": "/absolute/path/to/samples"
      }
    }
  }
}
```

## Capabilities

- Static analysis, disassembly, decompilation, cross-references, and CFG recovery
- Malware triage, IOC extraction, YARA scanning, and MITRE ATT&CK mapping
- Symbolic execution, emulation, fuzzing harness generation, and ROP analysis
- Memory, disk, network, and host-artifact forensics
- Python and C/C++ source-code security analysis
- Structured evidence, session tracking, metrics, and report generation

## Security model

Reversecore MCP processes potentially hostile binaries. Use a dedicated workspace and prefer the hardened container configuration for untrusted samples. The project CI includes dependency auditing, CodeQL, secret scanning, container scanning, path-boundary tests, fuzzing, and network-isolation checks.

Detailed configuration, tool documentation, Docker Compose profiles, and client examples are available in the [GitHub repository](https://github.com/sjkim1127/Reversecore_MCP).

## Registry identity

- MCP Registry name: `io.github.sjkim1127/reversecore-mcp`
- PyPI package: `reversecore-mcp`
- OCI image: `ghcr.io/sjkim1127/reversecore_mcp`

## License

MIT
