ghidraMCP
MCP server enabling LLMs to autonomously reverse engineer binaries via Ghidra.
Key Features
Use Cases
README
ghidraMCP
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/user-attachments/assets/36080514-f227-44bd-af84-78e29ee1d7f9
Features
MCP Server + Ghidra Plugin
- Decompile and analyze binaries in Ghidra
- Automatically rename methods and data
- List methods, classes, imports, and exports
Installation
Prerequisites
Ghidra
First, download the latest release from this repository. This contains the Ghidra plugin and Python MCP client. Then, you can directly import the plugin into Ghidra.
- Run Ghidra
- Select
File->Install Extensions - Click the
+button - Select the
GhidraMCP-1-2.zip(or your chosen version) from the downloaded release - Restart Ghidra
- Make sure the GhidraMCPPlugin is enabled in
File->Configure->Developer - Optional: Configure the port in Ghidra with
Edit->Tool Options->GhidraMCP HTTP Server
Video Installation Guide:
https://github.com/user-attachments/assets/75f0c176-6da1-48dc-ad96-c182eb4648c3
MCP Clients
Theoretically, any MCP client should work with ghidraMCP. Three examples are given below.
Example 1: Claude Desktop
To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:
{
"mcpServers": {
"ghidra": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
"--ghidra-server",
"http://127.0.0.1:8080/"
]
}
}
}
Alternatively, edit this file directly:
/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json
The server IP and port are configurable and should be set to point to the target Ghidra instance. If not set, both will default to localhost:8080.
Example 2: Cline
To use GhidraMCP with Cline, this requires manually running the MCP server as well. First run the following command:
python bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081 --ghidra-server http://127.0.0.1:8080/
The only required argument is the transport. If all other arguments are unspecified, they will default to the above. Once the MCP server is running, open up Cline and select MCP Servers at the top.
Then select Remote Servers and add the following, ensuring that the url matches the MCP host and port:
- Server Name: GhidraMCP
- Server URL:
http://127.0.0.1:8081/sse
Example 3: 5ire
Another MCP client that supports multiple models on the backend is 5ire. To set up GhidraMCP, open 5ire and go to Tools -> New and set the following configurations:
- Tool Key: ghidra
- Name: GhidraMCP
- Command:
python /ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py
Building from Source
- Copy the following files from your Ghidra directory to this project's
lib/directory:
Ghidra/Features/Base/lib/Base.jarGhidra/Features/Decompiler/lib/Decompiler.jarGhidra/Framework/Docking/lib/Docking.jarGhidra/Framework/Generic/lib/Generic.jarGhidra/Framework/Project/lib/Project.jarGhidra/Framework/SoftwareModeling/lib/SoftwareModeling.jarGhidra/Framework/Utility/lib/Utility.jarGhidra/Framework/Gui/lib/Gui.jar
- Build with Maven by running:
mvn clean package assembly:single
The generated zip file includes the built Ghidra plugin and its resources. These files are required for Ghidra to recognize the new extension.
- lib/GhidraMCP.jar
- extensions.properties
- Module.manifest
Star History
Repository Owner
User
Repository Details
Programming Languages
Tags
Join Our Newsletter
Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.
Related MCPs
Discover similar Model Context Protocol servers
IDA Pro MCP
Enabling Model Context Protocol server integration with IDA Pro for collaborative reverse engineering.
IDA Pro MCP provides a Model Context Protocol (MCP) server that connects the IDA Pro reverse engineering platform to clients supporting the MCP standard. It exposes a wide array of program analysis and manipulation functionalities such as querying metadata, accessing functions, globals, imports, and strings, decompiling code, disassembling, renaming variables, and more, in a standardized way. This enables seamless integration of AI-powered or remote tools with IDA Pro to enhance the reverse engineering workflow.
- ⭐ 4,214
- MCP
- mrexodia/ida-pro-mcp
JADX-AI-MCP
Automated AI-powered APK analysis via Model Context Protocol.
JADX-AI-MCP is a fully automated server and plugin for integrating Model Context Protocol (MCP) with JADX for the purpose of analyzing Android APKs using large language models such as Claude. It streamlines vulnerability discovery, reverse engineering, and static analysis by leveraging LLMs in conjunction with established tools. The project facilitates real-time code review and efficient collaboration between AI and human analysts.
- ⭐ 637
- MCP
- zinja-coder/jadx-ai-mcp
FastMCP
The fast, Pythonic way to build MCP servers and clients.
FastMCP is a production-ready framework for building Model Context Protocol (MCP) applications in Python. It streamlines the creation of MCP servers and clients, providing advanced features such as enterprise authentication, composable tools, OpenAPI/FastAPI generation, server proxying, deployment tools, and comprehensive client libraries. Designed for ease of use, it offers both standard protocol support and robust utilities for production deployments.
- ⭐ 20,201
- MCP
- jlowin/fastmcp
CipherTrust Manager MCP Server
Enables AI assistants to access CipherTrust Manager securely via the Model Context Protocol.
CipherTrust Manager MCP Server provides an implementation of the Model Context Protocol (MCP), offering AI assistants such as Claude and Cursor a unified interface to interact with CipherTrust Manager resources. Communication is facilitated through JSON-RPC over stdin/stdout, enabling key management, CTE client management, user management, and connection management functionalities. The tool is configurable via environment variables and integrates with existing CipherTrust Manager instances using the ksctl CLI for secure resource access.
- ⭐ 7
- MCP
- sanyambassi/ciphertrust-manager-mcp-server
solvitor-mcp
A Rust-based MCP server for extracting Solana smart contract IDL via the Solvitor API.
solvitor-mcp is a Model Context Protocol (MCP) server built in Rust for seamless interaction with the Solvitor API. It allows users to extract Interface Definition Language (IDL) files from closed-source Solana smart contracts using reverse engineering techniques. By exposing a 'decode' tool, it simplifies access to program metadata and supports both 'anchor' and 'native' Solana programs. Integration is straightforward and can be customized with user API keys for secure access.
- ⭐ 2
- MCP
- Adeptus-Innovatio/solvitor-mcp
CyberChef API MCP Server
MCP server enabling LLMs to access CyberChef's powerful data analysis and processing tools.
CyberChef API MCP Server implements the Model Context Protocol (MCP), interfacing with the CyberChef Server API to provide structured tools and resources for LLM/MCP clients. It exposes key CyberChef operations such as executing recipes, batch processing, retrieving operation categories, and utilizing the magic operation for automated data decoding. The server can be configured and managed via standard MCP client workflows and supports context-driven tool invocation for large language models.
- ⭐ 29
- MCP
- slouchd/cyberchef-api-mcp-server
Didn't find tool you were looking for?