A Model Context Protocol (MCP) Server for C/C++ Static Code Auditing & Compiled PE/ELF Binary Security Parsing.
Equip your AI Coding Agents (Claude Code, Cursor, Cline) with safe, low-level binary analysis and secure static code scanning tools.
AI Coding Assistants and Agentic loops are incredible at writing code, but they lack local system capabilities to check low-level binary compilation properties or perform deep static secure auditing.
SecureAudit-MCP solves this by standardizing tools under the Model Context Protocol (MCP). By registering this server, your AI agent gains native, sandboxed commands to inspect C/C++ source code files for severe logic and library errors (like buffer overflows, format vulnerabilities, and command injections), parse local executables (Windows PE / Linux ELF) for binary hardening features (ASLR, DEP/NX, PIE), and extract printable ASCII strings securely.
- Purpose: Performs lightweight static analysis scans on C/C++ source files.
- Checks:
- Unsafe standard library functions (
strcpy,gets,sprintf,scanf). - Heap overflow risks (like signed multiplications inside
malloc). - Format string vulnerabilities (
printf(variable)instead ofprintf("%s", variable)). - System-level command injection entry points (
system()). - Basic memory leaks (unmatched
mallocvsfreestatement loops).
- Unsafe standard library functions (
- Purpose: Safely reads raw binary headers (first 1024 bytes) to check for defensive security compile flags.
- Capabilities:
- Identifies formatting magic signatures (PE for Windows executables, ELF for Linux).
- Evaluates architecture sizes (32-bit vs 64-bit).
- In PE optional headers, parses
DllCharacteristicsto check for ASLR (Dynamic Base), DEP/NX (Data Execution Prevention), and SafeSEH. - In ELF headers, parses ELF type to identify PIE (Position Independent Executable) compiling.
- Purpose: Securely parses ASCII string constants from compiled binaries (acting as a safe, local implementation of the standard Linux
stringsCLI utility) to identify indicator hashes, embedded secrets, or hardcoded URLs.
- Purpose: Supplies pre-compiled secure remediation blocks and structured replacement code templates for all identified vulnerabilities.
┌─────────────────┐ ┌─────────────────┐ ┌────────────────┐
│ AI Agent Client│ ──────────> │ SecureAudit-MCP │ ──────────> │ Target Code / │
│ (Claude/Cline) │ <────────── │ (TypeScript SDK)│ <────────── │ Binary File │
└─────────────────┘ JSON-RPC └─────────────────┘ File Read └────────────────┘
Since this is a standard Model Context Protocol (MCP) server, it connects seamlessly with all major supporting IDEs and CLI agents.
Add this configuration snippet to your Claude Desktop configuration file (typically located at %APPDATA%\Claude\claude_desktop_config.json on Windows or ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"secureaudit-mcp": {
"command": "node",
"args": [
"/path/to/secureaudit-mcp/build/index.js"
]
}
}
}In your Cline settings, select the MCP Servers panel:
- Click Create/Add MCP Server.
- Configure:
- Name:
secureaudit-mcp - Command:
node - Args:
/path/to/secureaudit-mcp/build/index.js
- Name:
In Cursor Settings -> Beta Features -> MCP:
- Click + Add New MCP Server.
- Configure:
- Name:
secureaudit-mcp - Type:
stdio - Command:
node /path/to/secureaudit-mcp/build/index.js
- Name:
Run the following commands inside the repository root to compile TypeScript files:
npm install
npm run buildThis repository includes a pre-packaged vulnerable C file inside /demo/vulnerable.c containing various security vulnerabilities for testing purposes.
Your MCP agent will be able to scan this file automatically. To inspect the tool definitions manually using the MCP developer command-line inspector (optional):
npx @modelcontextprotocol/inspector node build/index.jsMIT License. Free to use and distribute under open-source terms.