What is Pwno?
Pwno is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp for pwn
MCP for Pwn
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP for Pwn
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx pwnoConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Pwno
Pwno MCP (pwno-mcp) is a stateful binary exploitation and reverse engineering environment that runs GDB with pwndbg inside an isolated Docker container and exposes debugger sessions, exploit I/O, and workspace automation over MCP. It provides deterministic execution control via GDB/MI, fast context snapshots covering registers, stack, disassembly, source, and backtrace, interactive exploit workflows with pwncli, and multi-session support for parallel analysis. Security researchers and CTF players use it to let AI agents autonomously debug and exploit binary targets through structured tool calls over HTTP or STDIO.
Prerequisites
- Docker installed and running (the server runs as a Docker container)
- A target binary to analyze, placed in a local workspace directory
- Linux capabilities SYS_PTRACE and SYS_ADMIN available on the Docker host
- Claude Desktop or another MCP-compatible client
- Basic familiarity with GDB and binary exploitation concepts
Create a workspace directory and place your binary
Create a local workspace directory and copy your target binary into it. The container mounts this directory at /workspace.
mkdir -p ./workspace
cp ./path/to/your/binary ./workspace/chal
chmod +x ./workspace/chalPull and run the pwno-mcp Docker container
Run the container with the required Linux capabilities for ptrace debugging. The MCP HTTP endpoint is exposed on port 5500.
docker run --rm -p 5500:5500 \
--cap-add=SYS_PTRACE \
--cap-add=SYS_ADMIN \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
-v "$PWD/workspace:/workspace" \
ghcr.io/pwno-io/pwno-mcp:latestVerify the MCP endpoint is available
The default MCP endpoint is http://127.0.0.1:5500/mcp. You can check server health before connecting your MCP client.
curl http://127.0.0.1:5500/mcpConfigure your MCP client to connect via HTTP
Add the pwno-mcp server to your MCP client configuration using the HTTP transport pointing to the running container.
Start a debugging session
Once connected, ask your AI client to load the binary and begin analysis. The server supports multi-session workflows so multiple binaries can be analyzed in parallel.
Pwno Examples
Client configuration
Connect to the pwno-mcp container running locally over HTTP transport. Adjust the URL if you changed the port.
{
"mcpServers": {
"pwno": {
"type": "http",
"url": "http://127.0.0.1:5500/mcp"
}
}
}Prompts to try
Example prompts for binary analysis and exploit development workflows.
- "Load /workspace/chal in GDB and show me the main function disassembly"
- "Take a context snapshot showing registers, stack, and backtrace at the current breakpoint"
- "Set a breakpoint at the vulnerable function and run the binary to trigger it"
- "Show me the memory layout and identify potential buffer overflow candidates"
- "Generate a pwncli exploit script that sends a cyclic pattern to identify the offset"Troubleshooting Pwno
Container exits immediately with ptrace permission error
Ensure you pass both --cap-add=SYS_PTRACE and --cap-add=SYS_ADMIN flags, and both --security-opt seccomp=unconfined and --security-opt apparmor=unconfined. Some Docker Desktop configurations on macOS may require additional settings.
MCP endpoint returns connection refused
Verify the container is running with 'docker ps' and that port 5500 is correctly mapped. The endpoint is http://127.0.0.1:5500/mcp — check you are not accidentally hitting a different port.
Binary not found inside the container
Confirm the workspace volume mount is correct: '-v $PWD/workspace:/workspace'. The binary must be inside the local workspace/ directory and marked executable with chmod +x.
Frequently Asked Questions about Pwno
What is Pwno?
Pwno is a Model Context Protocol (MCP) server that mcp for pwn It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Pwno?
Follow the installation instructions on the Pwno GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Pwno?
Pwno works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Pwno free to use?
Yes, Pwno is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.
Pwno Alternatives — Similar Security Servers
Looking for alternatives to Pwno? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Pwno in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Pwno?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.