
How to add GhidraMCP to Cursor
Lets LLMs reverse engineer binaries in Ghidra: decompile functions, rename symbols, trace imports, exports and xrefs. Paste the config into ~/.cursor/mcp.json and restart Cursor.
Last updated June 14, 2026 · 9.4k★ · stdio · no auth
Cursor config for GhidraMCP
python bridge_mcp_ghidra.py --ghidra-server http://127.0.0.1:8080/{
"mcpServers": {
"ghidramcp": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
"--ghidra-server",
"http://127.0.0.1:8080/"
]
}
}
}Setup steps
- 1Open Cursor → Settings → MCP → Add new MCP server (or edit ~/.cursor/mcp.json directly).
- 2Paste the GhidraMCP config below into the "mcpServers" object.
- 3Fill in placeholder secrets, then save.
- 4Cursor reloads MCP servers automatically — check Settings → MCP for a green status dot.
- 5Ask Cursor to use one of GhidraMCP's tools to confirm it's connected.
Before you start
- Ghidra installed (ghidra-sre.org)
- Python 3 with the MCP Python SDK installed
- GhidraMCP release zip matching your Ghidra version
What GhidraMCP can do in Cursor
list_methodsList all function names in the program, paginated
list_classesList all namespace/class names, paginated
decompile_functionDecompile a function by name and return the C-like source
decompile_function_by_addressDecompile the function at a given address
disassemble_functionGet assembly listing for the function at an address
rename_functionRename a function by its current name
rename_function_by_addressRename the function at a given address
rename_dataRename a data label at an address
Security
The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) — any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.
GhidraMCP + Cursor FAQ
Where is the Cursor config file?
Cursor reads MCP servers from ~/.cursor/mcp.json. Paste the GhidraMCP config there under the "mcpServers" key and restart the client.
Is GhidraMCP safe to use with Cursor?
The Ghidra plugin opens an unauthenticated HTTP server (default 127.0.0.1:8080) — any local process can drive your Ghidra session, so keep it bound to localhost. Analysis itself stays on your machine, but decompiled code goes to your model provider whenever the agent reads it, which matters for proprietary or sensitive binaries.
Is GhidraMCP an official NSA/Ghidra project?
No — it's a community project by researcher LaurieWired. Ghidra itself is the NSA's open-source reverse-engineering suite; GhidraMCP is a third-party plugin plus bridge that exposes it over MCP. Both are Apache-2.0.
Is it safe to use on sensitive binaries?
Everything runs locally, but two caveats: the plugin's HTTP server has no auth (keep it on 127.0.0.1), and any decompiled code the agent reads is sent to your model provider. For classified or NDA-bound binaries, that second point is usually the blocker.
Do I need to keep Ghidra open while using it?
Yes. The server runs inside Ghidra with your project loaded — the Python bridge only proxies MCP calls to that live session. Close Ghidra and the tools stop responding.