EMBA-MCP MCP Server

How to use

You interact with EMBA-MCP through an MCP client by loading the EMBA MCP server as a local tool. The server presents EMBA analysis results as structured tools that you can query to get parsed data, run correlations, explain attack paths, and reason about security findings across multiple signals. Use it to drive automated analyses, build reasoning chains, and connect EMBA output to broader security workflows.

How to install

Prerequisites you need before installation: a Linux system (Ubuntu or Kali recommended), Python 3.10 or newer, and EMBA installed on your machine.

Clone the repository, set up a virtual environment, and install the EMBA-MCP package in editable mode.

git clone https://github.com/0xbuz3R/EMBA-MCP.git
cd EMBA-MCP

# Set Up a Virtual Environment (Recommended)
python -m venv venv
# On Windows:
.\venv\Scripts\activate
# On macOS:
source venv/bin/activate

# Install Dependencies
pip install -e .

Ensure EMBA is installed on your system. You can find EMBA at the EMBA project page and install it according to its instructions.

Additional sections

Claude Desktop MCP configuration is required to use EMBA-MCP inside Claude Desktop. You need to register the EMBA-MCP server in Claude’s MCP configuration so Claude can load the server on startup.

Configuration steps you will follow: locate or create the Claude Desktop configuration file, add the EMBA-MCP server entry under the mcpServers section, provide the Python path and EMBA_HOME directory, restart Claude Desktop, and verify that you can list EMBA scans or run an EMBA scan from Claude.

{
  "mcpServers": {
    "emba": {
      "command": "<PATH_TO_PYTHON>",
      "args": ["-m", "emba_mcp.mcp_server"],
      "env": {
        "EMBA_HOME": "<PATH_TO_EMBA_DIRECTORY>"
      }
    }
  }
}

How to fill the paths correctly: - PATH_TO_PYTHON: use the Python interpreter where EMBA-MCP is installed. Typical values include /usr/bin/python3, /home/you/.venv/bin/python, or /home/you/.local/bin/python. - PATH_TO_EMBA_DIRECTORY: the root EMBA directory that contains the emba executable, for example /home/you/tools/emba.

Steps to finalize setup: 1. Save the configuration 2. Fully close Claude Desktop and reopen it 3. Claude will auto-load the EMBA MCP server 4. Verify MCP is loaded by listing EMBA scans or running an EMBA scan on firmware

Notes about configuration and usage

The EMBA-MCP server runs as a local MCP service that you start via a Python module. The environment variable EMBA_HOME is used to locate the EMBA installation. You must supply valid paths on your system for both the Python interpreter and the EMBA directory for Claude Desktop to communicate with the server.

Tools and capabilities

EMBA-MCP provides a set of MCP-native tools to analyze and reason about EMBA results. Core capabilities include parsing multiple EMBA output domains, filesystem-aware analysis, a high-risk correlation engine, an attack-path explanation engine, and seamless integration with MCP clients. These tools enable automated reasoning about firmware findings and help you connect disparate signals into coherent security narratives.

Security and troubleshooting

Keep your EMBA installation up to date and ensure the EMBA_HOME path is correctly configured in the MCP server entry. If Claude Desktop fails to load the EMBA MCP server, verify that the Python path is correct, the EMBA_HOME directory exists, and that you can manually invoke the module with the same arguments.

parse_results

Parse and normalize EMBA output into structured data that MCP clients can consume.

filesystem_analysis

Perform filesystem-aware checks such as SUID, secrets, and weak crypto analysis across EMBA results.

correlation_engine

High-risk correlation engine that combines multiple signals to surface critical security findings.

attack_path_explainer

Explain potential attack paths based on EMBA findings to support threat reasoning.

mcp_tools

Provide MCP-native tooling endpoints that integrate with MCP clients for querying EMBA data.