MCP HubMCP Hub
LaurieWired

GhidraMCP

by: LaurieWired

MCP Server for Ghidra

4137created 23/03/2025
Visit
Ghidra

📌Overview

Purpose: To enable large language models (LLMs) to autonomously reverse engineer applications using a Model Context Protocol (MCP) server integrated with Ghidra.

Overview: ghidraMCP serves as a bridge between Ghidra, a powerful open-source software reverse engineering tool, and MCP clients, providing access to core Ghidra functionalities for binary analysis through an intuitive server-client model.

Key Features:

  • Decompilation and Analysis: Facilitates the decompilation and detailed analysis of binaries within Ghidra, enhancing the reverse engineering process.

  • Automatic Renaming: Automatically renames methods and data, improving code readability and organization for easier comprehension when analyzing.

  • Data Listing: Offers capabilities to list methods, classes, imports, and exports, allowing users to efficiently navigate through the codebase.

ghidraMCP

ghidraMCP is a Model Context Protocol server that enables LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.

Features

MCP Server + Ghidra Plugin

  • Decompile and analyze binaries in Ghidra
  • Automatically rename methods and data
  • List methods, classes, imports, and exports

Installation

Prerequisites

Ghidra Setup

Download the latest release from the repository. This contains the Ghidra plugin and Python MCP client. Import the plugin into Ghidra:

  1. Run Ghidra
  2. Select File -> Install Extensions
  3. Click the + button
  4. Select the downloaded GhidraMCP-1-2.zip (or your chosen version)
  5. Restart Ghidra
  6. Ensure the GhidraMCPPlugin is enabled via File -> Configure -> Developer
  7. (Optional) Configure the port in Ghidra via Edit -> Tool Options -> GhidraMCP HTTP Server

MCP Clients

Any MCP client should work with ghidraMCP. Below are three examples.

Example 1: Claude Desktop

To set up Claude Desktop as a Ghidra MCP client:

Go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add:

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Alternatively, edit this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json

The server IP and port are configurable and should point to the target Ghidra instance. Defaults: localhost:8080.

Example 2: Cline

To use GhidraMCP with Cline, manually run the MCP server:

python bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081 --ghidra-server http://127.0.0.1:8080/

Only the transport argument is required; others default as above.

Then in Cline:

  1. Select MCP Servers
  2. Select Remote Servers
  3. Add a server with:
    • Server Name: GhidraMCP
    • Server URL: http://127.0.0.1:8081/sse

Example 3: 5ire

5ire supports multiple models on the backend. To set up GhidraMCP:

  1. Open 5ire
  2. Go to Tools -> New
  3. Configure as follows:
    • Tool Key: ghidra
    • Name: GhidraMCP
    • Command: python /ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py

Building from Source

  1. Copy the following files from your Ghidra directory to the lib/ directory of this project:
  • Ghidra/Features/Base/lib/Base.jar
  • Ghidra/Features/Decompiler/lib/Decompiler.jar
  • Ghidra/Framework/Docking/lib/Docking.jar
  • Ghidra/Framework/Generic/lib/Generic.jar
  • Ghidra/Framework/Project/lib/Project.jar
  • Ghidra/Framework/SoftwareModeling/lib/SoftwareModeling.jar
  • Ghidra/Framework/Utility/lib/Utility.jar
  • Ghidra/Framework/Gui/lib/Gui.jar
  1. Build with Maven:
mvn clean package assembly:single

The generated zip file includes the built Ghidra plugin and its resources required for Ghidra to recognize the new extension:

  • lib/GhidraMCP.jar
  • extensions.properties
  • Module.manifest