Is Frida C2 Mcp safe to use?

Frida C2 Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Frida C2 Mcp?

Frida C2 Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Frida C2 Mcp?

Frida C2 Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Frida C2 Mcp actively maintained?

Frida C2 Mcp is recently maintained — last commit was 73 days ago. It has 52 GitHub stars.

Frida C2 Mcp

Name: Frida C2 Mcp
Author: s4dp4nd4

by s4dp4nd4

Agentic C2-style MCP server for Frida instrumentation on rooted Android and jailbroken iOS.

52 0 tools GitHub

No known CVEs

No license

Maintained

Last commit 73d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "frida-c2-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/frida-c2-mcp)](https://mcppedia.org/s/frida-c2-mcp)

Read me

What Frida C2 Mcp does

An MCP server with streamable HTTP transport that runs Frida's dynamic instrumentation entirely on-device — no client-side tooling required.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Frida C2 Mcp safe to use?: Frida C2 Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Frida C2 Mcp?: Frida C2 Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Frida C2 Mcp?: Frida C2 Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Frida C2 Mcp actively maintained?: Frida C2 Mcp is recently maintained — last commit was 73 days ago. It has 52 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Frida C2 Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "frida-c2-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/frida-c2-mcp)](https://mcppedia.org/s/frida-c2-mcp)

Read me

What Frida C2 Mcp does

An MCP server with streamable HTTP transport that runs Frida's dynamic instrumentation entirely on-device — no client-side tooling required.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

FridaC2MCP

An MCP server with streamable HTTP transport that runs Frida's dynamic instrumentation entirely on-device — no client-side tooling required.

This project runs directly on rooted Android and jailbroken iOS devices, exposing Frida as a set of tools callable over HTTP. Any MCP-compatible client can connect to a device on the network and perform dynamic instrumentation without installing any Frida tooling locally.

Going forward, development is targeting Gemini CLI and Claude Code as primary clients, since both are building native multi-agent orchestration and MCP support — which aligns with this project's direction of composing multiple MCP servers (e.g. FridaC2MCP + Jadx-MCP) into automated workflows. 5ire was used extensively during early development and remains a great GUI option for interacting with the server.

Gemini CLI — register the device MCP server (replace <DEVICE_IP> with your phone’s LAN address):

gemini mcp add --transport http frida-c2-mcp http://<DEVICE_IP>:6767/mcp

Android Demo

https://github.com/user-attachments/assets/7cee77c5-ed40-4797-b6b5-3edb5fdd03ce

iOS Demo

https://github.com/user-attachments/assets/1f0fa9c4-6fd0-4dfd-a640-78c9f8a95a6b

Core Functionality

Process & Application Management: List installed applications, enumerate running processes, and get information about the foreground application.
Application Control: Start and terminate applications by their identifier or PID.
Dynamic Instrumentation: Create interactive sessions by attaching to running processes.
Remote Script Execution: Execute custom Frida (JavaScript) scripts within an attached session. Scripts are compiled on-the-fly to ensure compatibility with Frida 17+. This supports both one-shot scripts and persistent hooks (keep_alive=True).

Intended Use Case

The goal is fully automated, agent-driven mobile security testing. By exposing Frida as an MCP server, a pentester or an AI agent can inspect and manipulate an application's behavior without a direct USB connection or local shell access after initial setup. The client needs zero Frida tooling — everything runs on the target device.

A typical workflow:

Point your AI agent (Claude Code, Gemini CLI, etc.) at the device's MCP endpoint.
The agent starts a target application, attaches a Frida session, and injects hooks.
Security controls (root/jailbreak detection, SSL pinning, etc.) are bypassed dynamically.
The agent observes results and iterates — all without human intervention.

This extends naturally to multi-device setups: run multiple phones on the same network, each with its own MCP server, and orchestrate them from a single agent.

Platform Support

Android (`cli.py`)

Runs in Termux on rooted Android. Uses esbuild for on-the-fly script bundling and frida-java-bridge for Java/Android runtime instrumentation. While frida-compile is technically available via frida-tools, it cannot be used on Termux because Android's untrusted_app SELinux domain blocks the W^X memory mappings required by V8's JIT compiler — causing a SIGSEGV on any non-trivial script. esbuild is a statically linked Go binary with no JIT, so it runs cleanly in any SELinux context.

iOS (`ios.py`)

Runs on rootless jailbroken iOS (tested on iPhone X, iOS 16.7.12 with palera1n). Uses frida-compile for script bundling and frida-objc-bridge for Objective-C runtime instrumentation. Node.js is not required on-device.

The iOS port required custom-compiling an entire Python 3.12 toolchain for arm64, since none of these packages were available for rootless jailbroken iOS:

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Frida C2 Mcp safe to use?: Frida C2 Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Frida C2 Mcp?: Frida C2 Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Frida C2 Mcp?: Frida C2 Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Frida C2 Mcp actively maintained?: Frida C2 Mcp is recently maintained — last commit was 73 days ago. It has 52 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Frida C2 Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Frida C2 Mcp

Install in your client

What Frida C2 Mcp does

Test This Server

Why this score

32/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

Frida C2 Mcp

Install in your client

What Frida C2 Mcp does

Test This Server

FridaC2MCP

Core Functionality

Intended Use Case

Platform Support

Android (cli.py)

iOS (ios.py)

Why this score

32/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

FridaC2MCP

Core Functionality

Intended Use Case

Platform Support

Android (cli.py)

iOS (ios.py)

Android (`cli.py`)

iOS (`ios.py`)

Android (`cli.py`)

iOS (`ios.py`)