a2a mcpa2a mcp
A2A MCP News
Ghidra MCP Server logo
mcp-server3

Ghidra MCP Server

Production-ready MCP server that connects AI assistants like Claude to Ghidra, exposing nearly 200 tools for autonomous reverse engineering, decompilation, analysis, renaming, annotation, and batch operations on binaries.

XFacebookLinkedInRedditHacker News

Overview

Ghidra MCP Server is a comprehensive Model Context Protocol (MCP) server that bridges the powerful open-source reverse engineering framework Ghidra (developed by the NSA) with modern AI assistants. It enables LLMs like Claude to autonomously perform complex binary analysis tasks directly through natural language.

The most feature-rich implementation available, it exposes nearly 200 MCP tools (193+ in recent versions) covering decompilation, disassembly, symbol management, annotation, cross-referencing, batch operations, and more. It supports both interactive GUI workflows and headless/Docker deployments.

Key Features

  • Extensive Toolset: 194 MCP tools including decompile functions, rename symbols, analyze binaries, find cross-references, create structs/enums, patch code, and advanced batch processing.
  • Dual Architecture: Java GUI plugin (embedded in Ghidra) + Python/Headless bridge for maximum flexibility.
  • Lazy Loading & Optimization: Efficient tool loading with convention enforcement for better performance.
  • Ghidra Server Integration: Works with Ghidra Server for collaborative or multi-binary analysis.
  • Headless & Docker Support: Ideal for automation, CI/CD, and large-scale reverse engineering pipelines.
  • Battle-Tested Workflows: Designed for real-world malware analysis, vulnerability research, and software RE.
  • Security-Focused: Localhost binding by default and production-ready design.

Installation & Setup

  1. Install Ghidra (latest version recommended, supports Ghidra 11.3+).
  2. Clone the repository: 
    git clone https://github.com/bethington/ghidra-mcp.git
cd ghidra-mcp
  3. Run the setup script (handles Maven build, dependencies, and deployment).
  4. Install the Ghidra extension/plugin.
  5. Configure your MCP client (e.g., Claude Desktop) by adding the server entry in claude_desktop_config.json or equivalent.

For headless mode or Docker, follow the dedicated guides in the repository. Detailed setup instructions, tool references, and configuration examples are provided in the README.

Use Cases

  • Malware Analysis: Let AI autonomously decompile, rename functions, and identify malicious patterns in suspicious binaries.
  • Vulnerability Research: Quickly locate and annotate potential security issues using natural language queries.
  • Legacy Software RE: Understand and document old or undocumented binaries with AI assistance.
  • Automated Batch Analysis: Process multiple binaries or large projects with scripted AI workflows.
  • Education & Collaboration: Teach reverse engineering or collaborate with AI on complex analysis tasks.
  • Integration with Other Tools: Combine with other MCP servers for full-spectrum security research pipelines.

Technical Details

  • Protocol: Full Model Context Protocol (MCP) compliance.
  • Core Technologies: Java Ghidra plugin (large codebase) + Python MCP bridge.
  • Compatibility: Works with Claude Desktop, Claude Code, Cursor, and any MCP-compliant client.
  • Status: Actively maintained production-ready version with frequent updates and community contributions.

Ghidra MCP Server transforms Ghidra from a manual RE powerhouse into an AI-augmented platform, dramatically accelerating reverse engineering workflows while preserving full control and editability.

For the latest features, setup guides, and tool documentation, visit the official GitHub repository. Other notable forks and alternatives include LaurieWired/GhidraMCP and pyghidra-mcp for headless use cases.

Tags

mcpmcp-serverghidrareverse-engineeringbinary-analysismalware-analysisdecompilationclaudeai-resecurity-research