MCP Directory

How to add GhidraMCP to Claude Desktop

Lets LLMs reverse engineer binaries in Ghidra: decompile functions, rename symbols, trace imports, exports and xrefs. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.

Last updated June 14, 2026 ยท 9.4kโ˜… ยท stdio ยท no auth

Claude Desktop config for GhidraMCP

python bridge_mcp_ghidra.py --ghidra-server http://127.0.0.1:8080/
{
  "mcpServers": {
    "ghidramcp": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Setup steps

  1. 1Open Claude Desktop โ†’ Settings โ†’ Developer โ†’ Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
  2. 2Paste the GhidraMCP config below under the top-level "mcpServers" key.
  3. 3Fill in any placeholder secrets (API keys, paths) in the snippet.
  4. 4Save the file, then fully quit and reopen Claude Desktop.
  5. 5Open a chat and confirm GhidraMCP's tools appear under the ๐Ÿ”Œ tools menu.

Before you start

  • Ghidra installed (ghidra-sre.org)
  • Python 3 with the MCP Python SDK installed
  • GhidraMCP release zip matching your Ghidra version

What GhidraMCP can do in Claude Desktop

list_methods

List all function names in the program, paginated

list_classes

List all namespace/class names, paginated

decompile_function

Decompile a function by name and return the C-like source

decompile_function_by_address

Decompile the function at a given address

disassemble_function

Get assembly listing for the function at an address

rename_function

Rename a function by its current name

rename_function_by_address

Rename the function at a given address

rename_data

Rename a data label at an address

Security

The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) โ€” any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.

GhidraMCP + Claude Desktop FAQ

Where is the Claude Desktop config file?

Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the GhidraMCP config there under the "mcpServers" key and restart the client.

Is GhidraMCP safe to use with Claude Desktop?

The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) โ€” any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.

Is GhidraMCP an official NSA/Ghidra project?

No โ€” it's a community project by researcher LaurieWired. Ghidra itself is the NSA's open-source reverse-engineering suite; GhidraMCP is a third-party plugin plus bridge that exposes it over MCP. Both are Apache-2.0.

Is it safe to use on sensitive binaries?

Everything runs locally, but two caveats: the plugin's HTTP server has no auth (keep it on 127.0.0.1), and any decompiled code the agent reads is sent to your model provider. For classified or NDA-bound binaries, that second point is usually the blocker.

Do I need to keep Ghidra open while using it?

Yes. The server runs inside Ghidra with your project loaded โ€” the Python bridge only proxies MCP calls to that live session. Close Ghidra and the tools stop responding.

View repo Full GhidraMCP page