{"id":"mrphrazer-binary-ninja-headless-mcp","name":"binary-ninja-headless-mcp","homepage":null,"repo_url":"https://github.com/mrphrazer/binary-ninja-headless-mcp","category":"devtools","subcategories":[],"tags":["mcp","binary-ninja","reverse-engineering","headless","tooling","patching","scripting","stdio","tcp"],"what_it_does":"Provides a headless MCP server for Binary Ninja, exposing a large tool surface (analysis, disassembly/IL, patching, types/metadata, undo/redo, memory operations, scripting, and more) over stdio and TCP transports, including a fake backend mode for CI/dev without a Binary Ninja license.","use_cases":["Automating reverse-engineering workflows with an MCP-capable agent","Programmatic disassembly/IL inspection and analysis progress management","Iterative patching and metadata/type/symbol refinement with transaction/undo/redo patterns","Running custom Binary Ninja scripting via an eval/call tool bridge","CI testing and tool-surface fuzzing using a fake backend mode"],"not_for":["Untrusted or internet-facing deployments (server is unauthenticated by default)","Scenarios requiring enterprise APIs or debugger integration (explicitly not covered)","Environments where arbitrary scripting execution is disallowed"],"best_when":"Used in a trusted, containerized/sandboxed environment with co-location of the agent and this MCP server.","avoid_when":"Avoid exposing it to untrusted users/networks without additional isolation and transport-level protections.","alternatives":["A generic MCP host speaking to another reverse-engineering automation interface","Other Binary Ninja automation scripts/tools accessed directly (non-MCP) from the agent runtime","Different RE platforms offering agent-friendly APIs (where available)"],"af_score":48.8,"security_score":21.0,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:39:33.340689+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"MCP communication (stdio/TCP) is unauthenticated by default per README security model; no API keys/OAuth described."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing described; requires a Binary Ninja headless-capable license for real operation, with a fake backend mode for development/CI."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":48.8,"security_score":21.0,"reliability_score":35.0,"mcp_server_quality":85.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":5.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":0.0,"scope_granularity":0.0,"dependency_hygiene":40.0,"secret_handling":55.0,"security_notes":"MCP is unauthenticated by default and exposes powerful mutation/scripting capabilities (binja.eval/binja.call, memory read/write, patching). README advises not to expose directly to untrusted users or networks; strong isolation is required. TLS/transport security for TCP is not described.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":50.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"README mentions read-only by default and safe mutation workflows (undo/redo, transactions) but does not state idempotency guarantees for each method/tool.","pagination_style":"offset/limit with metadata (offset, limit, total, has_more, next_offset) and prefix/query filtering for tools/list; some tools explicitly paginated and others have caps (e.g., memory.read length <= 65536).","retry_guidance_documented":false,"known_agent_gotchas":["TCP/stdio transports are unauthenticated by default; ensure isolation when using TCP.","Some operations mutate analysis state; rely on undo/redo/transactions and session safety modes to avoid unintended changes.","Scripting tools (binja.eval/binja.call) can execute arbitrary code paths within the Binary Ninja context; agents should restrict usage to trusted workflows.","tools/list defaults to returning the full catalog when pagination params are not provided, which may be large."]}}