Back in October, I introduced a couple of tools I’d been building — ProcmonMCP and the PeMCP Toolkit. If you read that post, you’ll know the whole thing started from a simple frustration: spending far too many hours manually sifting through binary analysis data, knowing the answer was right there if only I could get to it faster.

Well, a lot has happened since then. What started as a focused PE analysis helper has grown into something I genuinely didn’t expect. It’s evolved so much, in fact, that calling it “PeMCP” didn’t really make sense anymore. It needed a proper name.

So, I’m chuffed to introduce Arkana.

From PeMCP to Arkana: What Changed?

Honestly? Nearly everything. The original PeMCP was a single-file PE parser with a handful of useful tricks. Arkana is now a full-blown binary intelligence platform with 289 specialised analysis tools, all exposed behind a single MCP interface. It handles PE, ELF, Mach-O, .NET, Go, Rust, VB6, and even raw shellcode — with dedicated parsers for each format and automatic detection so you don’t have to faff about specifying anything.

The core idea hasn’t changed, though. You describe what you want to know about a binary in plain English, and the AI orchestrates the right tools. No more jumping between five different windows to build a picture. The intelligence comes to you.

The Bits I’m Most Proud Of

There’s a few things in particular that I think really set Arkana apart.

Auto-Enrichment. The moment you open a file, Arkana gets to work in the background — classifying the binary, scoring its risk, mapping MITRE ATT&CK techniques, collecting IOCs, identifying library functions, scanning for crypto constants, and even running a full decompilation sweep with function scoring. By the time you ask your first question, it’s already got the groundwork done.

The Interactive Debugger. This one was a proper challenge to build. Twenty-nine tools powered by a persistent Qiling subprocess, giving you step-through debugging, breakpoints, watchpoints, snapshots, and full memory inspection — all driven through natural language. You can set a breakpoint, hit it, inspect the stack, poke around in memory, and resume, without ever touching a command line.

Binary Refinery Integration. Over 200 composable data transforms baked right in — decoding, decryption, decompression, XOR brute-forcing, IOC extraction, and script deobfuscation. If you’ve ever spent an afternoon manually decoding a multi-layered packer, you’ll appreciate having all of that at your fingertips in one place.

Function Similarity with BSim. This is genuinely exciting. Architecture-independent function matching that lets you compare functions across completely different binaries. It auto-indexes every file you analyse, so over time you’re building up a proper signature database. Brilliant for spotting code reuse across malware families.

A Live Web Dashboard

One thing I really wanted was a visual interface alongside the AI-driven workflow. Arkana now ships with a 14-page web dashboard — a live, interactive view of everything going on with your analysis. You get a functions explorer with triage flags and enrichment scores, an interactive call graph, a hex viewer, string analysis with ML-powered ranking, MITRE ATT&CK mapping, a type editor for custom structs, and a full timeline of your analysis session.

It’s got a CRT terminal aesthetic too — green monochrome with scanlines — because, well, why not? If you’re going to stare at malware all day, it might as well look cool.

Battle-Tested

I haven’t just been building Arkana — I’ve been using it. There are now 14 published analysis reports on the GitHub, covering everything from AsyncRAT and LockBit to StealC, Brute Ratel, and a few CTF challenges. Each one was done entirely through Arkana, and they’re a good way to see what the platform can actually do in practice.

The toolkit is backed by over 1,700 unit tests and 289 integration tests running in CI, so it’s not just a prototype anymore. It’s something I rely on for real work.

Getting Started

If you want to have a go, it’s five commands to get up and running:

git clone https://github.com/JameZUK/Arkana.git
cd Arkana && ./run.sh --build
claude mcp add --scope project arkana -- ./run.sh --stdio
claude
/arkana-analyse

It runs in Docker, so there’s nothing to pollute your host system. Point it at a binary, and off you go.

Have a Go

Arkana is open-source under the MIT licence and completely free. It started from the same frustration I talked about in that first post — wanting to spend less time fighting tools and more time actually investigating. I think it’s got to a point now where it can genuinely help people do that.

Get stuck in, try it out, and let me know what you think.

GitHub: https://github.com/JameZUK/Arkana

Website: https://arkana.re/

Feedback, ideas, and bug reports are always welcome. I’d love to hear what you find.