MCP Directory

How to add GhidraMCP to Cursor

Lets LLMs reverse engineer binaries in Ghidra: decompile functions, rename symbols, trace imports, exports and xrefs. Paste the config into ~/.cursor/mcp.json and restart Cursor.

Last updated June 14, 2026 · 9.4k · stdio · no auth

Cursor config for GhidraMCP

python bridge_mcp_ghidra.py --ghidra-server http://127.0.0.1:8080/
{
  "mcpServers": {
    "ghidramcp": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Setup steps

  1. 1Open Cursor → Settings → MCP → Add new MCP server (or edit ~/.cursor/mcp.json directly).
  2. 2Paste the GhidraMCP config below into the "mcpServers" object.
  3. 3Fill in placeholder secrets, then save.
  4. 4Cursor reloads MCP servers automatically — check Settings → MCP for a green status dot.
  5. 5Ask Cursor to use one of GhidraMCP's tools to confirm it's connected.

Before you start

  • Ghidra installed (ghidra-sre.org)
  • Python 3 with the MCP Python SDK installed
  • GhidraMCP release zip matching your Ghidra version

What GhidraMCP can do in Cursor

list_methods

List all function names in the program, paginated

list_classes

List all namespace/class names, paginated

decompile_function

Decompile a function by name and return the C-like source

decompile_function_by_address

Decompile the function at a given address

disassemble_function

Get assembly listing for the function at an address

rename_function

Rename a function by its current name

rename_function_by_address

Rename the function at a given address

rename_data

Rename a data label at an address

Security

The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) — any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.

GhidraMCP + Cursor FAQ

Where is the Cursor config file?

Cursor reads MCP servers from ~/.cursor/mcp.json. Paste the GhidraMCP config there under the "mcpServers" key and restart the client.

Is GhidraMCP safe to use with Cursor?

The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) — any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.

Is GhidraMCP an official NSA/Ghidra project?

No — it's a community project by researcher LaurieWired. Ghidra itself is the NSA's open-source reverse-engineering suite; GhidraMCP is a third-party plugin plus bridge that exposes it over MCP. Both are Apache-2.0.

Is it safe to use on sensitive binaries?

Everything runs locally, but two caveats: the plugin's HTTP server has no auth (keep it on 127.0.0.1), and any decompiled code the agent reads is sent to your model provider. For classified or NDA-bound binaries, that second point is usually the blocker.

Do I need to keep Ghidra open while using it?

Yes. The server runs inside Ghidra with your project loaded — the Python bridge only proxies MCP calls to that live session. Close Ghidra and the tools stop responding.

View repo Full GhidraMCP page