{"slug":"president-xd/revula","name":"Reverse Engineering MCP","description":"Production grade MCP for Reverse Engineering (includes almost all necessary tools)","category":"other","tags":[],"official":false,"stars":47,"transport":"stdio","install":[{"cmd":"pip install -e","imports":[]}],"tools":[{"name":"Binary Parsing","description":"PE/ELF/Mach-O parsing via LIEF with hash computation and suspicious indicator detection"},{"name":"Disassembly","description":"Multi-backend disassembly supporting Capstone, radare2, and objdump for x86/x64/ARM/MIPS/RISC-V"},{"name":"String Extraction","description":"FLOSS integration with regex fallback and 17 classifier patterns (URLs, IPs, crypto, registry keys)"},{"name":"Entropy Analysis","description":"Shannon entropy with sliding window, per-section analysis, and packing detection"},{"name":"Symbol Extraction","description":"DWARF, PDB, LIEF universal symbol extraction with function prologue scanning for stripped binaries"},{"name":"YARA Scanning","description":"Inline rules, file/directory rules, and community rules support for pattern matching"},{"name":"Capa Integration","description":"ATT&CK mapping, MBC behaviors, and capability enumeration for binary analysis"},{"name":"Decompilation","description":"Ghidra (headless), RetDec, and Binary Ninja decompilation with caching"},{"name":"GDB Adapter","description":"Full GDB/MI protocol with breakpoints, stepping, registers, memory, backtrace, and heap inspection"},{"name":"LLDB Adapter","description":"Native SB API integration for macOS/Linux debugging"},{"name":"Frida Adapter","description":"Spawn/attach, script injection, function interception, memory scan/dump, and RPC exports"},{"name":"Code Coverage","description":"DynamoRIO drcov, Frida Stalker block tracing, and coverage analysis"},{"name":"APK Parsing","description":"Manifest extraction, permission analysis, component enumeration, and resource inspection"},{"name":"DEX Analysis","description":"Class/method listing, bytecode stats, and string extraction from DEX files"},{"name":"Android Decompilation","description":"jadx/apktool integration, smali disassembly/assembly/patching"},{"name":"Native Binary Analysis","description":"ARM/AArch64 .so analysis with JNI detection"},{"name":"Device Interaction","description":"ADB bridge with 12 actions (logcat, install, shell, dumpsys, screenshot)"},{"name":"Frida for Android","description":"Root bypass, crypto hooking, SSL pinning bypass, API tracing, and memory dump"},{"name":"Traffic Interception","description":"tcpdump/mitmproxy integration with SSL key extraction"},{"name":"Repack and Sign","description":"APK rebuild with smali patches, zipalign + apksigner"},{"name":"Security Scanners","description":"MobSF, Quark-Engine, Semgrep, and manifest vulnerability detection"},{"name":"Rizin/r2","description":"Automated analysis with 13 actions and binary diffing"},{"name":"GDB Enhanced","description":"Heap analysis, ROP gadget finding, exploit helpers (pattern create/find, checksec)"},{"name":"QEMU","description":"User-mode emulation (4 actions) and full system emulation (5 actions)"},{"name":"ROP Chain Builder","description":"Multi-architecture gadget finding with semantic classification, automatic chain generation, bad-char avoidance, and pwntools script generation"},{"name":"Heap Exploitation","description":"Malloc chunk analysis, bin classification, fake chunk generation, safe-linking encode/decode, and technique templates"},{"name":"Libc Database","description":"Symbol/offset extraction, libc identification from leaked addresses, ASLR defeat helpers, and one-gadget RCE finder"},{"name":"Shellcode","description":"Generation, encoding, bad-char analysis, extraction, and emulation testing"},{"name":"Format String","description":"Offset calculation, write payload generation, GOT overwrite, and address leaking"},{"name":"Anti-Analysis Detection","description":"Scan for anti-debug, anti-VM, anti-tamper, and packing indicators"},{"name":"Bypass Generation","description":"Frida/GDB/patch/LD_PRELOAD scripts for ptrace, IsDebuggerPresent, timing, and VM checks"},{"name":"Malware Triage","description":"Multi-hash, IoC extraction, suspicious import scoring, and risk assessment"},{"name":"Sandbox Queries","description":"VirusTotal, Hybrid Analysis, and MalwareBazaar API integration"},{"name":"YARA Generation","description":"Auto-generate YARA rules from binary artifacts"},{"name":"Config Extraction","description":"C2 URLs, IPs, domains, encryption keys, and mutexes extraction"},{"name":"Firmware Extraction","description":"binwalk scan/extract, entropy analysis, and filesystem identification"},{"name":"Firmware Vulnerability Scanning","description":"Hardcoded credentials, known CVEs, unsafe functions, and weak crypto detection"},{"name":"Base Address Detection","description":"String reference analysis for firmware base address recovery"},{"name":"PCAP Analysis","description":"tshark-based with 8 actions (summary, flows, DNS, HTTP, TLS, filter, export, IoC)"},{"name":"Protocol Dissection","description":"Binary structure inference, field boundary detection, and pattern analysis"},{"name":"Protocol Fuzzing","description":"Mutation-based, boundary testing, field-specific, and template fuzzing"},{"name":"Packer Detection","description":"UPX, Themida, VMProtect, ASPack, PECompact, MPRESS, and more packer detection"},{"name":"UPX Unpacking","description":"Static unpacking with automatic backup"},{"name":"Dynamic Unpacking","description":"Frida-based memory dump with OEP detection"}],"env_vars":[],"auth_type":"none","github":"https://github.com/president-xd/revula","homepage":"","server_url":"","status":"active","source":"mcpservers.org","updated_at":"Thu May 28"}