# Cariddi – MCP Client and Server Complete MCP (Model Context Protocol) stack for CTF and reverse engineering workflows: --- ## Cariddi Server FastMCP server exposing filesystem and execution tools, with correct handling of escape characters when writing Python files. ### Setup ```bash cd Cariddi python3 -m venv venv source venv/bin/activate # Windows: venv\Scripts\activate pip install -r requirements.txt ``` ### Run ```bash source venv/bin/activate python main.py ``` Server listens on `http://0.0.0.0:8000/mcp` (streamable HTTP). ### Environment - `FASTMCP_HOST` / `MCP_HOST`: host (default `0.0.0.0`) - `FASTMCP_PORT` / `MCP_PORT`: port (default `8000`) ### MCP Inspector With the server running: ```bash npx @modelcontextprotocol/inspector --url http://localhost:8000/mcp ``` Use transport **Streamable HTTP** and URL `http://localhost:8000/mcp`. Or run inspector and server together: ```bash npx @modelcontextprotocol/inspector python main.py ``` With Compose: ```bash docker-compose up -d ``` ## Cariddi Client Python MCP client that talks to Ollama and connects to MCP servers. Configured as a **Crypto Solver Agent** for CTF crypto challenges. ### Requirements - Python 3.7+ - [Ollama](https://ollama.ai/) installed and running ### Install ```bash cd CariddiClient pip install -r requirements.txt ollama serve ollama pull ministral-3 # or llama3.2 ``` ### Usage ```bash # List models python mcpClient.py --list-models # Single prompt python mcpClient.py --prompt "What is the capital of France?" # Interactive python mcpClient.py --interactive # Custom Ollama and model python mcpClient.py --base-url http://localhost:11434 --model ministral-3 --prompt "Hello!" # Connect to MCP server (streamable HTTP) python mcpClient.py --mcp-server "http://localhost:8000/mcp" --prompt "Use tools to help me" python mcpClient.py --mcp-server "http://localhost:8000/mcp" --interactive # With auth headers python mcpClient.py --mcp-server "http://localhost:8000/mcp" --mcp-headers '{"Authorization": "Bearer token"}' --interactive ``` ### Defaults - Ollama: `http://localhost:11434` - Model: `ministral-3` - MCP Server: `http://localhost:8000/mcp` ### Crypto Solver Agent The client is tuned to: 1. **Explore**: List files (e.g. in `/tmp`) to find challenge files. 2. **Analyze**: Recognize crypto (RSA, AES, DES, XOR, encodings) and typical weaknesses. 3. **Execute**: Write and run Python scripts to recover keys or plaintext. 4. **Validate**: Look for flags in the form `flag{...}`. Covered areas: RSA (small modulus, low exponent, Wiener, Hastad, common modulus), symmetric (AES/DES, ECB/CBC, IV/key reuse), classical ciphers, Base64/Hex/endianness. ## CTF Challenges - **cryptoEasy**: Diffie–Hellman + AES encryption challenge (in `challs/cryptoEasy/`). --- ## Candidate MCP Servers Other MCP servers you can combine with Cariddi or use in similar workflows (reverse engineering, binary analysis, malware analysis, shell execution): | Project | Description | |--------|-------------| | [radare2-mcp](https://github.com/radareorg/radare2-mcp) | MCP stdio server for radare2 – binary analysis with r2, r2pipe, optional raw r2 commands. | | [headless-ida-mcp-server](https://github.com/cnitlrt/headless-ida-mcp-server) | Headless IDA Pro MCP server – analyze binaries via IDA’s headless mode (idat). | | [MalwareAnalyzerMCP](https://github.com/abdessamad-elamrani/malwareanalyzermcp) | MCP server for malware analysis – `file`, `strings`, `hexdump`, `objdump`, `xxd`, shell commands with timeouts. | | [GhidrAssistMCP](https://github.com/jtang613/ghidrassistmcp) | Ghidra MCP extension – 34 tools, resources, prompts for reverse engineering (decompile, xrefs, structs, etc.). | | [shell-exec-mcp](https://github.com/domdomegg/shell-exec-mcp) | MCP server for shell command execution – run bash commands with optional timeout and background jobs. | | [ida-pro-mcp](https://github.com/mrexodia/ida-pro-mcp) | IDA Pro MCP bridge – AI-assisted reversing in IDA (decompile, disasm, xrefs, types, debugger extension). | ---