╭─────────────────────────────────╮ │ ,______ .______ .______ ,___ │ ╭──╮ │ : __ \ \____ |: \ : __| │ │ _│_ │ | \____|/ ____|| _,_ || : | │ │ O O < | : \ \ . || : || | │ │ │╷ │ | |___\ \__:__||___| || | │ │ ││ │ |___| : |___||___| │ │ ─╯│ ╰─────────────────────────────────╯ ╰───╯
This repository contains two plugins for radare2:
- r2ai - native AI plugin for radare2
- decai - r2js plugin with special focus on decompilation
If you are looking to use radare2 with other agents via MCP:
- r2mcp - the official radare2 mcp
- r2copilot - the mcp with focus on CTF r2copilot
- Configure different roles and customize prompts
- Scriptable via r2pipe via the r2ai command
- Live with repl and batch mode from cli or r2 prompt
- Support Automatic (ReAct) mode to solve tasks using function calling
- Use local and remote language models (ollama, openai, grok, anthropic, ..)
- RAG markdown, code or textfiles using its native vector database
- Embed the output of an r2 command and resolve questions on the given data
[0x00000000]> r2ai -q explain: Explain the current function - devices: Find and explain devices used - libs: Group imports by Libraries - varnames: Better variable names - autoname: Automatically suggest a better name for this function - vulns: Find vulnerabilities or bugs in the current function - signature: Suggest an improved function signature - dlopen: List libraries loaded with dlopen - Some libraries are loaded decompile: Augmented decompilation based on LLM - [0x00000000]>The recommended way to install any of the r2ai components is via r2pm:
$ r2pm -Uci r2ai $ r2pm -Uci decai- Adds the r2ai command to the radare2 shell:
r2 -qc r2ai - You can also run the wrapper in $PATH:
r2pm -r r2ai
Drop your API keys in environment variables or use the configuration file:
$ export ANTHROPIC_API_KEY=sk-ant-api03-CENSORED $ export OPENAI_API_KEY=sk-proj-6rlSPS-zN1v...Or edit the api keys file ~/.config/r2ai/apikeys.txt run:
$ r2ai -KYou may customize and save your configuration settings using your OS's default settings file (e.g ~/.radare2rc on Linux). For example, the following configuration sets Claude 3.7 by default, with max output tokens to 64000.
$ r2ai -Ethen you can type the commands you want to run when the r2ai plugin is loaded:
r2ai -e api=anthropic r2ai -e model=claude-3-7-sonnet-20250219 r2ai -e max_tokens=64000- There's a chapter in the official r2book
- Cryptax on lmstudio+gptoss blog post
- Malware analysis with r2ai by Cryptax and Daniel Nakov
- Analysis of Linux/Trigona ransomware, Linux/Prometei botnet and W32/SkyAI with r2ai
