Built for IDA Pro and Binary Ninja

Rikugan for reverse engineering.

Advanced reverse engineering assistance directly inside IDA Pro and Binary Ninja. No external consoles, no context switching — just seamless support where you work.

IDA Pro IDA Pro
Binary Ninja Binary Ninja
Generator-based Loop 4-Phase Exploration 63+ Tools 12 Skills 6 LLM Providers
curl -fsSL https://raw.githubusercontent.com/buzzer-re/Rikugan/main/install.sh | bash
View all installation options →
Get Started Read the Docs Architecture Reference
Binary Ninja

Embedded workflow inside Binary Ninja

Context, chat, and tool access stay attached to the analyst environment instead of shifting to a separate external console.

Rikugan running in Binary Ninja
IDA Pro

Same plugin model inside IDA Pro

The operating model stays consistent: direct access to host actions, reversible edits, and an agent loop that lives where the work happens.

Rikugan running in IDA Pro
Philosophy

Not another MCP client.

Rikugan is a full agent — its own agentic loop, context management, role prompt, and in-process tool orchestration. It doesn't talk to your disassembler through a server — it lives inside it.

User Message
LLM Stream
Tool Execution
Yield Events
Next Turn
Capabilities

Built for professional reverse engineers.

Rikugan brings AI assistance directly into your workflow with native tool integration, structured analysis, and complete operator control.

63+ Native Tools

Navigation, decompiler, disassembly, xrefs, strings, annotations, type engineering, microcode/IL read+write, and scripting — all callable by the agent.

navigation . decompiler . IL read/write

12 Built-in Skills

Malware analysis, deobfuscation, vulnerability audit, driver analysis, CTF solving, and more. Create your own custom skills too.

12 built-in workflows

Exploration with synthesis

Subagents split investigation across isolated contexts and return a consolidated report instead of mixing partial thoughts into one long thread.

orient . delegate . analyze . synthesize

Controlled execution

Approval gates and reversible mutations keep the operator in control. execute_python always asks permission with syntax-highlighted preview.

approval preview . rollback support

Analysis Profiles

Control what the LLM sees. Deny tools, redact IOCs (IPs, hashes, domains, URLs, wallets), hide binary metadata, and add custom redaction rules — so sensitive research never leaves your machine.

IOC redaction . tool denial . metadata hiding

6 LLM Providers

Anthropic (Claude), OpenAI, Google Gemini, MiniMax, Ollama for local inference, and any OpenAI-compatible endpoint. Switch anytime.

Anthropic . OpenAI . Gemini . Ollama

Persistent session memory

RIKUGAN.md stores facts per binary. Findings persist across sessions and restarts. The agent remembers what it learned before.

RIKUGAN.md project memory
Skills

Specialized analysis workflows.

Type / to see available skills with autocomplete. Create custom skills in your user directory.

/malware-analysisWindows PE malware triage, IOCs, ATT&CK
/linux-malwareELF malware analysis & persistence
/deobfuscationString decryption, CFF, opaque predicates
/vuln-auditBuffer overflows, fmt strings, memory safety
/driver-analysisWindows kernel driver analysis
/ctfCapture-the-flag challenge solving
/generic-reGeneral reverse engineering
/ida-scriptingIDAPython API reference
/binja-scriptingBinary Ninja Python API
/modifyAutonomous binary modification
/smart-patch-idaIDA-specific binary patching
/smart-patch-binjaBN-specific binary patching
Workflow

From exploration to modification, every step is transparent.

Context-aware discovery The plugin maps imports, exports, strings, and execution hotspots before making analysis decisions.
Parallel investigation paths Multiple chat tabs and isolated subagents let you pursue hypotheses without contaminating the main analysis.
Reviewable modifications Patching flows through explicit explore, plan, patch, and save stages with full operator approval.
01

Explore

Read structures, trace references, inspect IL, and build a map of the binary before proposing action.

02

Plan

Turn findings into a concrete sequence of actions with approval points and expected outcomes.

03

Patch

Apply writes at the IL or byte level with the same tooling used to inspect the target in the first place.

04

Save

Persist only when the operator approves the final state. Reversibility remains part of the workflow.

Exploration Mode

Deep binary analysis with subagents.

Type /explore — the agent maps the binary, then spawns isolated subagents to analyze different areas in parallel.

1
ORIENT
Reads imports, exports, strings, key functions — builds a map of the binary
2
DELEGATE
Spawns subagents with focused tasks: "analyze this function", "trace this struct"
3
ANALYZE
Subagents run in complete isolation — independent instances with zero prior context
4
SYNTHESIZE
Orchestrator collects findings, renames functions, delivers a full analysis report
Natural Language Patching

Modify binaries with natural language.

A binary is code, code is text, and LLMs are good at text. /modify does what agentic coding does for source — on compiled binaries.

You type
/modify make this maze game easy, let me walk through walls
1
EXPLORE
Investigate the binary, understand its structure and logic
2
PLAN
Synthesize findings into a concrete patch plan for your review
3
PATCH
Apply IL-level writes and byte patches in-memory
4
SAVE
User approval gate before persisting changes to file
Deobfuscation

Deobfuscate binaries smartly.

/deobfuscation reads the IL, identifies the technique, and uses IL write primitives to undo it — with your review before every patch.

CFF Removal
Dispatcher loops with state variables
Opaque Predicates
Always-true/false conditions, algebraic & call-based
MBA Simplification
Complex expressions that reduce to trivial ops
Junk Code
Dead stores and instructions with no effect
IL Read
get_ilget_cfgtrack_variable_ssa
IL Write
il_replace_expril_set_conditionil_nop_expril_remove_blockpatch_branchwrite_bytesinstall_il_workflow
CFF Removal Demo
Privacy & Control

Analyze sensitive targets without leaking data.

Profiles let researchers control exactly what the LLM provider sees. Redact IOCs, deny tools, hide metadata — so classified samples and private research stay private.

Profiles UI
IOC Redaction Automatically strip IPs, hashes, domains, URLs, registry keys, file paths, emails, crypto wallets, and mutexes from every tool result — before the LLM sees them. Hexdump bytes are zeroed too, so the model can't reconstruct filtered values from raw hex.
Tool & Data Denial Block specific tools (e.g., execute_python, read_bytes) and hide binary metadata entirely. The agent never sees what you don't want it to see.
Custom Redaction Rules Define your own patterns (regex or exact match) to redact organization-specific identifiers, internal domains, or proprietary strings.
Built-in "Private" Profile One click to enable full lockdown: all IOC categories filtered, binary metadata hidden, single-binary scope enforced. Ready for classified or client work.
Ecosystem

Choose your LLM.

Switch providers anytime from the settings panel. Supports prompt caching, retry logic, and streaming.

AnthropicClaude • Prompt caching
OpenAIGPT-4o, o1, o3
GoogleGemini Pro
MiniMaxM2.5 / Highspeed
OllamaLocal inference
MCPExternal tool servers

Ready to get started?

Clone the repo, run the installer, and start reversing with AI.

Installation Guide View on GitHub