dnSpy-MCP-Plugin

# dnSpy MCP Plugin A plugin for dnSpy that provides an MCP (Model Context Protocol) interface, supporting AI-assisted code analysis and security auditing.   ## ✨ Features ### 🔍 Code Analysis - **Decompile View** - Get the content of the currently viewed code - **Type List** - List all loaded types - **Cross-References** - Find callers and callees of methods - **Type Hierarchy** - View class inheritance relationships - **Interface Implementations** - Find all implementing classes of an interface ### 🛡️ Security Scan - **Vulnerability Scan** - Automatically identify dangerous function calls - SQL Injection (ExecuteNonQuery, SqlCommand...) - Command Execution (Process.Start, cmd.exe...) - Deserialization (BinaryFormatter, XmlSerializer...) - File Operation/Path Traversal - XSS/SSRF/XXE - Weak Encryption Algorithms - **Call Chain Tracing** - Trace the call path upwards from dangerous functions - **Entry Point Identification** - Automatically mark user-controllable entry points such as Controller, Handler, etc. - **Hardcoded Secret Scan** - Discover sensitive information in the code ### 📊 Auxiliary Tools - **Resource List** - View embedded resources - **String Extraction** - List all string constants - **File Information** - Get assembly metadata and hashes ## 📦 Installation 1. Download the latest `AICodeAnnotator.x.dll` 2. Copy the DLL to the `bin` directory of dnSpy 3. Restart dnSpy ## 🚀 Usage ### Web Interface After starting dnSpy, visit http://127.0.0.1:13338/ - `/` - Status page - `/dangerous.html` - Vulnerability scan page - `/types.html` - Type browser ### MCP Interface Send JSON-RPC requests to `http://127.0.0.1:13338/mcp` ```json { "jsonrpc": "2.0", "method": "scan_vulnerabilities", "params": {}, "id": 1 } ``` ### Available Tools | Tool Name | Description | |--------|------| | `get_metadata` | Get assembly metadata | | `list_types` | List all types | | `get_current_code` | Get the currently viewed code | | `xrefs_to` | Find who called the specified method | | `xrefs_from` | Find who the specified method called | | `scan_vulnerabilities` | Scan for security vulnerabilities | | `trace_call_chain` | Trace the call chain | | `analyze_taint` | Analyze parameter controllability | | `get_type_hierarchy` | Get type inheritance relationships | | `find_implementations` | Find interface implementations | | `list_resources` | List embedded resources | | `list_strings` | List string constants | | `find_hardcoded_secrets` | Scan for hardcoded secrets | ### 🤖 MCP Client Configuration To use this plugin in AI tools, you need to configure a wrapper script: 1. Create a wrapper script `dnspy_mcp_wrapper.py`: ```python import sys, json, urllib.request URL = "http://127.0.0.1:13338/mcp" for line in sys.stdin: if not line.strip(): continue req = json.loads(line) data = json.dumps(req).encode() r = urllib.request.Request(URL, data, {'Content-Type': 'application/json'}) res = urllib.request.urlopen(r, timeout=30) print(json.dumps(json.loads(res.read())), flush=True) ``` 2. Configure `mcp_config.json`: ```json { "dnspy": { "command": "python", "args": ["path/to/dnspy_mcp_wrapper.py"], "description": "dnSpy MCP - .NET reverse analysis and vulnerability scanning (dnSpy needs to be started first)" } } ``` > ⚠️ **Note**: You must start dnSpy and load the assembly to be analyzed before use ## 🔧 Development ### Build ```powershell dotnet build AICodeAnnotator.csproj ``` ### Project Structure ``` dnSpy_Plugin_Demo/ ├── MCP/ │ ├── McpHandler.cs # MCP Request Handling │ ├── McpServer.cs # HTTP Server │ ├── McpCommands.cs # dnSpy Menu Commands │ └── WebPages.cs # Web Interface ├── Plugin.cs # Plugin Entry └── AICodeAnnotator.csproj ``` ## 📄 License MIT License ## 🙏 Acknowledgements - [dnSpy](https://github.com/dnSpy/dnSpy) - .NET decompiler - [dnlib](https://github.com/0xd4d/dnlib) - .NET metadata reading and writing library