ghidraMCP
An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
What is ghidraMCP?
ghidraMCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to model context protocol server that enables llms to autonomously reverse engineer applications by exposing ghidra's decompilation and analysis tools. it allows ai agents to list code structures, rename...
An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- An Model Context Protocol server that enables LLMs to autono
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx ghidramcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use ghidraMCP
GhidraMCP is an MCP server that connects AI assistants directly to Ghidra, the NSA's open-source binary analysis framework, enabling LLMs to autonomously reverse engineer applications. Through a Ghidra plugin that runs an HTTP server and a Python bridge script that speaks MCP, AI agents can decompile binaries, list functions, classes, imports, and exports, and automatically rename methods and variables based on their analysis — all without a human manually navigating the Ghidra UI. Security researchers and malware analysts use it to accelerate reverse engineering workflows by letting AI perform the tedious initial analysis pass.
Prerequisites
- Ghidra installed (download from https://ghidra-sre.org/)
- Python 3 with the MCP SDK installed (pip install mcp)
- The GhidraMCP plugin zip from the GitHub releases page
- An MCP client such as Claude Desktop, Cline, or 5ire
- A binary or application to analyze loaded in Ghidra
Download the GhidraMCP release
Download the latest GhidraMCP release zip (e.g. GhidraMCP-1-2.zip) and the bridge_mcp_ghidra.py script from the GitHub releases page at https://github.com/LaurieWired/GhidraMCP/releases.
Install the Ghidra plugin
Open Ghidra, go to File > Install Extensions, click the + button, select the GhidraMCP zip file, then restart Ghidra to activate the extension.
Enable the plugin in Ghidra
After restarting Ghidra, go to File > Configure > Developer and enable the GhidraMCP plugin. The plugin will start an HTTP server on localhost:8080 by default. To change the port, go to Edit > Tool Options > GhidraMCP HTTP Server.
Install the Python MCP bridge dependencies
Install the Python MCP SDK which is required to run the bridge script that connects Ghidra's HTTP API to your MCP client.
pip install mcpConfigure Claude Desktop
Add GhidraMCP to your Claude Desktop configuration file. Replace /ABSOLUTE_PATH_TO/ with the actual path where you saved bridge_mcp_ghidra.py.
{
"mcpServers": {
"ghidra": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
"--ghidra-server",
"http://127.0.0.1:8080/"
]
}
}
}Open a binary in Ghidra and start analyzing
Load a binary into a Ghidra project and open the CodeBrowser tool. The GhidraMCP HTTP server will be active while Ghidra is running. You can now ask your AI client to analyze the binary.
ghidraMCP Examples
Client configuration
Claude Desktop configuration for GhidraMCP. Update the path to match where you stored the bridge script.
{
"mcpServers": {
"ghidra": {
"command": "python",
"args": [
"/home/user/tools/GhidraMCP/bridge_mcp_ghidra.py",
"--ghidra-server",
"http://127.0.0.1:8080/"
]
}
}
}Prompts to try
Example prompts for reverse engineering binaries using Ghidra's decompilation capabilities via the MCP tools.
- "List all functions in the loaded binary and identify any that look like network communication handlers"
- "Decompile the function at address 0x401000 and explain what it does"
- "List all imported library functions and tell me if any are commonly used in malware"
- "Rename the function at 0x401234 to 'parse_http_header' based on its decompiled logic"
- "Identify all string constants in the binary and flag any that look like C2 server addresses"Troubleshooting ghidraMCP
Bridge script cannot connect to Ghidra HTTP server
Ensure Ghidra is running with a binary open in the CodeBrowser tool and the GhidraMCP plugin is enabled under File > Configure > Developer. The HTTP server only runs while the CodeBrowser is active. Verify with 'curl http://127.0.0.1:8080/' in your terminal.
Plugin does not appear in Ghidra after installation
Make sure you restarted Ghidra completely after installing the extension. Then navigate to File > Configure, click on the 'Developer' category (not the default view), and check the box next to GhidraMCPPlugin.
Python bridge fails with 'ModuleNotFoundError: No module named mcp'
Install the MCP Python SDK with 'pip install mcp'. If you have multiple Python versions, ensure you run the same python that was used to install mcp. You can verify with 'python -c "import mcp; print(mcp.__version__)"'.
Frequently Asked Questions about ghidraMCP
What is ghidraMCP?
ghidraMCP is a Model Context Protocol (MCP) server that model context protocol server that enables llms to autonomously reverse engineer applications by exposing ghidra's decompilation and analysis tools. it allows ai agents to list code structures, rename methods, and analyze binaries directly through It connects AI assistants to external tools and data sources through a standardized interface.
How do I install ghidraMCP?
Follow the installation instructions on the ghidraMCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with ghidraMCP?
ghidraMCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is ghidraMCP free to use?
Yes, ghidraMCP is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.
ghidraMCP Alternatives — Similar Security Servers
Looking for alternatives to ghidraMCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Viper
★ 5.0kAdversary simulation and Red teaming platform with AI
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up ghidraMCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use ghidraMCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.