ghidraMCP

v1.0.0Securitystable

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

ghidramcpmcpai-integration
Share:
8,973
Stars
0
Downloads
0
Weekly
0/5

What is ghidraMCP?

ghidraMCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to model context protocol server that enables llms to autonomously reverse engineer applications by exposing ghidra's decompilation and analysis tools. it allows ai agents to list code structures, rename...

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • An Model Context Protocol server that enables LLMs to autono

Use Cases

Reverse engineer applications using Ghidra decompilation tools.
Autonomously analyze binaries and rename code structures with AI.
LaurieWired

Maintainer

LicenseApache 2.0
Languagejava
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx ghidramcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use ghidraMCP

GhidraMCP is an MCP server that connects AI assistants directly to Ghidra, the NSA's open-source binary analysis framework, enabling LLMs to autonomously reverse engineer applications. Through a Ghidra plugin that runs an HTTP server and a Python bridge script that speaks MCP, AI agents can decompile binaries, list functions, classes, imports, and exports, and automatically rename methods and variables based on their analysis — all without a human manually navigating the Ghidra UI. Security researchers and malware analysts use it to accelerate reverse engineering workflows by letting AI perform the tedious initial analysis pass.

Prerequisites

  • Ghidra installed (download from https://ghidra-sre.org/)
  • Python 3 with the MCP SDK installed (pip install mcp)
  • The GhidraMCP plugin zip from the GitHub releases page
  • An MCP client such as Claude Desktop, Cline, or 5ire
  • A binary or application to analyze loaded in Ghidra
1

Download the GhidraMCP release

Download the latest GhidraMCP release zip (e.g. GhidraMCP-1-2.zip) and the bridge_mcp_ghidra.py script from the GitHub releases page at https://github.com/LaurieWired/GhidraMCP/releases.

2

Install the Ghidra plugin

Open Ghidra, go to File > Install Extensions, click the + button, select the GhidraMCP zip file, then restart Ghidra to activate the extension.

3

Enable the plugin in Ghidra

After restarting Ghidra, go to File > Configure > Developer and enable the GhidraMCP plugin. The plugin will start an HTTP server on localhost:8080 by default. To change the port, go to Edit > Tool Options > GhidraMCP HTTP Server.

4

Install the Python MCP bridge dependencies

Install the Python MCP SDK which is required to run the bridge script that connects Ghidra's HTTP API to your MCP client.

pip install mcp
5

Configure Claude Desktop

Add GhidraMCP to your Claude Desktop configuration file. Replace /ABSOLUTE_PATH_TO/ with the actual path where you saved bridge_mcp_ghidra.py.

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}
6

Open a binary in Ghidra and start analyzing

Load a binary into a Ghidra project and open the CodeBrowser tool. The GhidraMCP HTTP server will be active while Ghidra is running. You can now ask your AI client to analyze the binary.

ghidraMCP Examples

Client configuration

Claude Desktop configuration for GhidraMCP. Update the path to match where you stored the bridge script.

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/home/user/tools/GhidraMCP/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Prompts to try

Example prompts for reverse engineering binaries using Ghidra's decompilation capabilities via the MCP tools.

- "List all functions in the loaded binary and identify any that look like network communication handlers"
- "Decompile the function at address 0x401000 and explain what it does"
- "List all imported library functions and tell me if any are commonly used in malware"
- "Rename the function at 0x401234 to 'parse_http_header' based on its decompiled logic"
- "Identify all string constants in the binary and flag any that look like C2 server addresses"

Troubleshooting ghidraMCP

Bridge script cannot connect to Ghidra HTTP server

Ensure Ghidra is running with a binary open in the CodeBrowser tool and the GhidraMCP plugin is enabled under File > Configure > Developer. The HTTP server only runs while the CodeBrowser is active. Verify with 'curl http://127.0.0.1:8080/' in your terminal.

Plugin does not appear in Ghidra after installation

Make sure you restarted Ghidra completely after installing the extension. Then navigate to File > Configure, click on the 'Developer' category (not the default view), and check the box next to GhidraMCPPlugin.

Python bridge fails with 'ModuleNotFoundError: No module named mcp'

Install the MCP Python SDK with 'pip install mcp'. If you have multiple Python versions, ensure you run the same python that was used to install mcp. You can verify with 'python -c "import mcp; print(mcp.__version__)"'.

Frequently Asked Questions about ghidraMCP

What is ghidraMCP?

ghidraMCP is a Model Context Protocol (MCP) server that model context protocol server that enables llms to autonomously reverse engineer applications by exposing ghidra's decompilation and analysis tools. it allows ai agents to list code structures, rename methods, and analyze binaries directly through It connects AI assistants to external tools and data sources through a standardized interface.

How do I install ghidraMCP?

Follow the installation instructions on the ghidraMCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with ghidraMCP?

ghidraMCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is ghidraMCP free to use?

Yes, ghidraMCP is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.

ghidraMCP Alternatives — Similar Security Servers

Looking for alternatives to ghidraMCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "ghidramcp": { "command": "npx", "args": ["-y", "ghidramcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use ghidraMCP?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides