Ghidramcp
What is Ghidramcp
GhidraMCP is a Ghidra extension that integrates with the Model Context Protocol (MCP), allowing users to access Ghidra program data and functionalities through an embedded MCP server.
Use cases
Use cases for GhidraMCP include automating analysis tasks, integrating Ghidra with other tools or workflows, and enhancing collaboration among security researchers by sharing Ghidra data through MCP.
How to use
To use GhidraMCP, install the extension in Ghidra, then run the embedded MCP server. Clients can connect to the server and utilize the exposed functionalities through various tools, including grouped tools for efficient operations.
Key features
Key features of GhidraMCP include the exposure of Ghidra functionalities to MCP clients, the availability of grouped tools for related operations, and support for the latest tested Ghidra version (11.3.2).
Where to use
GhidraMCP can be used in software reverse engineering, malware analysis, and any domain where Ghidra’s capabilities need to be accessed programmatically via MCP.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Ghidramcp
GhidraMCP is a Ghidra extension that integrates with the Model Context Protocol (MCP), allowing users to access Ghidra program data and functionalities through an embedded MCP server.
Use cases
Use cases for GhidraMCP include automating analysis tasks, integrating Ghidra with other tools or workflows, and enhancing collaboration among security researchers by sharing Ghidra data through MCP.
How to use
To use GhidraMCP, install the extension in Ghidra, then run the embedded MCP server. Clients can connect to the server and utilize the exposed functionalities through various tools, including grouped tools for efficient operations.
Key features
Key features of GhidraMCP include the exposure of Ghidra functionalities to MCP clients, the availability of grouped tools for related operations, and support for the latest tested Ghidra version (11.3.2).
Where to use
GhidraMCP can be used in software reverse engineering, malware analysis, and any domain where Ghidra’s capabilities need to be accessed programmatically via MCP.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
GhidraMCP
Ghidra integration for the Model Context Protocol (MCP)
A Ghidra extension that runs an embedded MCP server to expose Ghidra program data and functionalities via tools.
✨ Features
This extension exposes various Ghidra functionalities to MCP clients through categorized tool groups. Each category provides both individual tools and grouped operations for batch processing.
Provides tools for managing Ghidra project context, including listing open files, getting current program information, handling bookmarks, and interacting with Ghidra scripts.
Offers a comprehensive suite of tools for inspecting, creating, deleting, and modifying functions within a program. This includes managing function names, prototypes, comments, and symbols within functions.
Enables interaction with various symbols and labels in Ghidra. Tools cover listing defined strings, managing namespaces, setting/getting comments at addresses, renaming data, and handling labels.
Allows for detailed management of data types within Ghidra’s data type manager. This includes listing, creating, modifying, and deleting categories, structures, enums, unions, typedefs, and function definitions, as well as applying types to specific addresses.
Facilitates direct interaction with program memory. Tools include listing memory segments, reading/writing bytes (patching), searching memory, and retrieving cross-references (XRefs) to and from addresses, as well as listing imports.
Provides access to Ghidra’s decompiler capabilities, primarily for decompiling functions to view their C-like representation and P-code.
Includes tools for analyzing program control flow, such as retrieving information about basic blocks and their predecessors/successors.
🚀 Installation
- Download the latest release
zipfile from the Releases page. - In Ghidra, go to
File->Install Extensions.... - Click the
+button (Add extension) in the top right corner. - Navigate to the downloaded
zipfile and select it. - Ensure the
GhidraMCPextension is checked in the list and clickOK. - Restart Ghidra.
▶️ Usage
- Ensure Ghidra is running with the GhidraMCP extension active.
- Ensure your MCP Client is configured to connect to the GhidraMCP server (see ‘Configuring an MCP Client’ below).
[!WARNING] > Script Error Dialogs: Some tools that execute Ghidra scripts may trigger GUI error dialogs via
Msg.showError. These dialogs must be manually closed, or the server will hang and become unresponsive.
[!TIP] > Missing fileName Parameter: When tools request a
fileNameparameter, use thelist_open_filestool to see available programs. Most tools provide this context automatically on failed calls.
🛠️ Building from Source
- Clone the repository:
git clone https://github.com/themixednuts/GhidraMCP.git - Navigate to the project directory:
cd GhidraMCP - Ensure you have Apache Maven and a JDK (compatible version, e.g., JDK 21 or later recommended for modern Ghidra development) installed.
- Copy the following required JAR files from your Ghidra installation directory into the
lib/directory of this project. Create thelib/directory if it doesn’t exist:Ghidra/Features/Base/lib/Base.jarGhidra/Features/Decompiler/lib/Decompiler.jarGhidra/Framework/Docking/lib/Docking.jarGhidra/Framework/Generic/lib/Generic.jarGhidra/Framework/Project/lib/Project.jarGhidra/Framework/SoftwareModeling/lib/SoftwareModeling.jarGhidra/Framework/Utility/lib/Utility.jarGhidra/Framework/Gui/lib/Gui.jar[!NOTE]
Paths are relative to your Ghidra installation folder. Exact paths might vary slightly based on Ghidra version and OS.
- Build the project using Maven:
mvn clean package assembly:single - The installable
zipfile will be located in thetarget/directory (e.g.,target/GhidraMCP-*-SNAPSHOT-ghidra.zip). Follow the Installation steps above using this file.
🔌 Configuring an MCP Client
To allow an MCP client (like Claude Desktop or a custom client) to interact with Ghidra via this extension, you need to configure the client to connect to the server endpoint provided by GhidraMCP.
The GhidraMCP server runs within Ghidra itself when the extension is active. It typically exposes an HTTP SSE (Server-Sent Events) endpoint.
Add the following configuration to your MCP client’s settings (e.g., claude_desktop_config.json for Claude Desktop). Adjust the key ("ghidra" in this example) as needed:
[!IMPORTANT]
Port: The default port is8080. This is configurable within Ghidra under the Tool Options for the GhidraMCP extension. If you change the port in Ghidra, you must update theurlin your client configuration accordingly.
[!IMPORTANT]
Server Status: Ghidra must be running with the GhidraMCP extension enabled for the client to connect successfully.
[!NOTE]
Timeout Issues: If you encounter timeout problems, refer to the Ghidra timeout configuration guide.
🤝 Contributing
Contributions are welcome! Please feel free to submit pull requests or open issues.
AI agents are also welcome to contribute; please ensure agents refer to the project’s contribution guidelines and development conventions (often found in .cursor/rules/ or a CONTRIBUTING.md file if present).
Acknowledgements
This project is heavily inspired by and based on the work of LaurieWired. Instead of using a bridge, this plugin directly embeds the server in the plugin.
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
