playbooks

home / mcp / ida mcp server

IDA MCP Server

IDA MCP

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "captain-ai-hub-ida-mcp": {
      "url": "http://127.0.0.1:11338/mcp"
    }
  }
}

IDA-MCP provides a modular, multi-instance coordination system for IDA Pro, combining a FastMCP server with a central coordinator to manage multiple IDA instances and forward tools through a unified proxy. This enables you to run and orchestrate several IDA analyses in parallel, accessible from MCP clients via HTTP or local stdio transport.

How to use

You can connect your MCP client to IDA-MCP using either HTTP or stdio transport. HTTP is the recommended method and is auto-started by the coordinator when the IDA plugin loads. The proxy forwards tool requests to the appropriate IDA instance through a unified interface. If HTTP is unavailable, you can run the local stdio proxy as a subprocess and communicate over a direct command/argument channel. Use the HTTP mode for seamless integration and the stdio mode when you need to run the proxy locally without exposing a network endpoint.

How to install

Prerequisites: ensure you have Python installed in your environment and access to IDA with its Python support enabled.

1) Copy the main plugin file and the IDA-MCP package into IDA’s plugins directory.

2) Prepare a target binary in IDA and allow analysis to complete.

3) Load the IDA-MCP plugin from IDA. The first launch will automatically start an SSE HTTP proxy on a free port and attempt to start a coordinator on 127.0.0.1:11337 if that port is free. If 11337 is already in use, your instance will register with the existing coordinator.

4) Trigger the plugin again to stop and unregister the current instance.

Additional content

Configuration options can be adjusted in the configuration file to tailor how the MCP proxy and coordinator operate. The HTTP proxy is auto-started with the coordinator, while the stdio proxy can be used if you prefer launching the proxy as a separate subprocess.

Security and access considerations: when using HTTP mode, ensure the proxy URL is reachable by your MCP client and that access is restricted to trusted environments. If you enable remote access, consider applying network controls or authentication mechanisms as appropriate for your setup.

Examples show how to configure common MCP clients (e.g., Claude, LangChain, VSCode) to connect to the IDA-MCP HTTP proxy or to start the stdio proxy as a separate process. You will typically reference the local URL http://127.0.0.1:11338/mcp for HTTP mode or provide the Python interpreter path and the proxy script path for stdio mode.

Tools and endpoints overview

IDA-MCP exposes a rich set of tools organized by category, enabling you to query metadata, analyze code, read memory, modify types and sources, manage stacks, and interact with the debugger. A comprehensive set of endpoints supports batch operations and REST-like MCP resources such as ida://idb/metadata, ida://functions, ida://memory, and more.

Available tools

check_connection

Health check tool to verify connectivity to the MCP coordinator and count of registered instances.

list_instances

List all IDA instances registered with the coordinator.

get_metadata

Retrieve IDB metadata such as hash, architecture, bitness, and endianness.

list_functions

Paginated retrieval of functions with optional name or pattern filtering.

get_function

Find a function by name or address.

list_globals

List non-function global symbols.

list_strings

Extract strings from the analyzed binary.

list_local_types

List local type definitions used in the analysis.

get_entry_points

Get program entry points.

convert_number

Convert between number formats.

list_imports

List imported functions with their modules.

list_exports

List exported functions and symbols.

list_segments

List memory segments with access permissions.

get_cursor

Retrieve the current cursor position and context.

decompile

Batch decompile functions (Hex-Rays integration).

disasm

Batch disassemble functions.

linear_disassemble

Perform linear disassembly from an arbitrary address.

xrefs_to

Batch cross-references to addresses.

xrefs_from

Batch cross-references from addresses.

xrefs_to_field

Heuristic references to structure fields.

find_bytes

Search for byte patterns with optional wildcards.

get_basic_blocks

Retrieve basic blocks with control flow information.

get_bytes

Read raw bytes from memory.

get_u8

Read an 8-bit unsigned value from memory.

get_u16

Read a 16-bit unsigned value from memory.

get_u32

Read a 32-bit unsigned value from memory.

get_u64

Read a 64-bit unsigned value from memory.

get_string

Read a null-terminated string from memory.

declare_type

Create or update local type definitions.

set_function_prototype

Set a function's prototype.

set_local_variable_type

Set the type for a local variable (Hex-Rays).

set_global_variable_type

Set the type for a global variable.

list_structs

List all structures and unions.

get_struct_info

Get details of a structure, including its fields.

set_comment

Batch set comments in the IDA database.

rename_function

Rename a function symbol.

rename_local_variable

Rename a local variable (Hex-Rays).

rename_global_variable

Rename a global symbol.

patch_bytes

Patch bytes at specified addresses.

stack_frame

Get stack frame variables.

declare_stack

Create stack variables.

delete_stack

Delete stack variables.

dbg_start

Start the debugger.

dbg_continue

Continue execution in the debugger.

dbg_step_into

Step into the next instruction.

dbg_step_over

Step over the next instruction.

dbg_read_mem

Read memory from the debugger context.

dbg_write_mem

Write memory from the debugger context.

dbg_regs

Get all debugger registers.

dbg_callstack

Get the current call stack.

dbg_list_bps

List breakpoints.

dbg_add_bp

Add a breakpoint.

dbg_delete_bp

Delete a breakpoint.

dbg_enable_bp

Enable or disable a breakpoint.