
GhidraMCP
Lets LLMs reverse engineer binaries in Ghidra: decompile functions, rename symbols, trace imports, exports and xrefs.
Add to your client
Copy the config for your MCP client and paste it into its config file.
python bridge_mcp_ghidra.py --ghidra-server http://127.0.0.1:8080/Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"ghidramcp": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
"--ghidra-server",
"http://127.0.0.1:8080/"
]
}
}
}Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- Ghidra installed (ghidra-sre.org)
- Python 3 with the MCP Python SDK installed
- GhidraMCP release zip matching your Ghidra version
About GhidraMCP
Architecturally it's a relay: the Java plugin embeds an HTTP server in Ghidra (port configurable under Edit → Tool Options → GhidraMCP HTTP Server), and the Python bridge translates MCP tool calls into requests against it. The bridge defaults to stdio but also runs as an SSE server (--transport sse --mcp-port 8081) for clients like Cline that prefer a remote-server URL.
What agents actually do with it: iterative reverse engineering. List and search functions, decompile the interesting ones, rename FUN_00401000-style symbols as understanding builds, fix prototypes and local-variable types so the decompilation gets cleaner, and leave decompiler/disassembly comments. Cross-reference tools (xrefs to/from, function xrefs, string lists) let a model chase data flow the way a human analyst would.
It became the best-known Ghidra/MCP integration (9k+ stars) because the write-back design makes LLM output durable — the renames and comments live in the Ghidra project file. Releases bundle the plugin zip and the bridge script together; building from source needs a handful of Ghidra jars copied into lib/ and Maven.
Trade-offs: Ghidra must be running with your binary open — this drives a live session rather than running headless. The local HTTP server has no authentication (a simplicity choice; localhost binding is the mitigation), and release zips track specific Ghidra versions, so a Ghidra upgrade can mean waiting for a release or rebuilding.
Tools & capabilities (27)
list_methodsList all function names in the program, paginated
list_classesList all namespace/class names, paginated
decompile_functionDecompile a function by name and return the C-like source
decompile_function_by_addressDecompile the function at a given address
disassemble_functionGet assembly listing for the function at an address
rename_functionRename a function by its current name
rename_function_by_addressRename the function at a given address
rename_dataRename a data label at an address
rename_variableRename a local variable within a function
set_function_prototypeSet a function's prototype/signature
set_local_variable_typeChange the type of a local variable
set_decompiler_commentAdd a comment visible in the decompiler view
set_disassembly_commentAdd a comment visible in the disassembly view
get_function_by_addressGet function info for an address
get_current_addressGet the address currently selected in Ghidra
get_current_functionGet the function currently open in Ghidra
list_functionsList all functions with signatures
list_segmentsList memory segments, paginated
list_importsList imported symbols, paginated
list_exportsList exported functions/symbols, paginated
list_namespacesList non-global namespaces, paginated
list_data_itemsList defined data labels and values, paginated
list_stringsList defined strings with optional filter
search_functions_by_nameSearch functions whose name matches a substring
get_xrefs_toCross-references to a given address
get_xrefs_fromCross-references made from a given address
get_function_xrefsCross-references to a function by name
When to use it
- Malware triage: decompile suspicious functions, rename them as behavior becomes clear, and leave analysis comments
- CTF reversing: find the flag-check function via string search and cross-references
- Map an unfamiliar binary: imports, exports, and the call graph around a target function
- Clean up a decompilation by bulk-renaming generic FUN_/DAT_ symbols with meaningful names
Quick setup
- 1Download the latest release zip from github.com/LaurieWired/GhidraMCP/releases
- 2In Ghidra: File → Install Extensions → + → select the zip → restart Ghidra
- 3Enable GhidraMCPPlugin under File → Configure → Developer (port configurable in Edit → Tool Options)
- 4Add the MCP config: `python /path/to/bridge_mcp_ghidra.py --ghidra-server http://127.0.0.1:8080/`
- 5Open a binary in Ghidra's CodeBrowser, then start prompting your client
Security notes
The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) — any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.
GhidraMCP FAQ
Is GhidraMCP an official NSA/Ghidra project?
No — it's a community project by researcher LaurieWired. Ghidra itself is the NSA's open-source reverse-engineering suite; GhidraMCP is a third-party plugin plus bridge that exposes it over MCP. Both are Apache-2.0.
Is it safe to use on sensitive binaries?
Everything runs locally, but two caveats: the plugin's HTTP server has no auth (keep it on 127.0.0.1), and any decompiled code the agent reads is sent to your model provider. For classified or NDA-bound binaries, that second point is usually the blocker.
Do I need to keep Ghidra open while using it?
Yes. The server runs inside Ghidra with your project loaded — the Python bridge only proxies MCP calls to that live session. Close Ghidra and the tools stop responding.
Alternatives to GhidraMCP
Compare all alternatives →Microsoft's official browser-automation MCP using Playwright's accessibility tree (no vision model).
Up-to-date, version-specific library documentation injected into your coding agent.
Pack any local or remote repository into one AI-ready file your agent can grep and read incrementally.
Compare GhidraMCP with: