GhidraMCP
by 13bm
GhidraMCP is a Ghidra plugin that implements the Model Context Protocol (MCP) for AI-assisted binary analysis. It bridges the gap between Ghidra's reverse engineering capabilities and AI assistants, making reverse engineering more efficient and accessible.
Last updated: N/A
What is GhidraMCP?
GhidraMCP is a Ghidra plugin that enables AI models to connect to Ghidra and assist with binary analysis tasks through the Model Context Protocol (MCP). It allows users to leverage AI assistants to gain deeper insights into binaries.
How to use GhidraMCP?
To use GhidraMCP, install the plugin in Ghidra, start the MCP server, and connect an AI assistant using the provided bridge script and configuration. You can then ask natural language questions about the binary and utilize various tools exposed through the MCP interface.
Key features of GhidraMCP
AI-Powered Binary Analysis
Natural Language Interface
Deep Code Insights
Binary Structure Analysis
Automated Security Analysis
Socket-Based Architecture
Cross-Platform Compatibility
Use cases of GhidraMCP
Analyzing malware to understand its functionality
Identifying vulnerabilities in software
Reverse engineering proprietary software
Automating repetitive analysis tasks
FAQ from GhidraMCP
How do I install GhidraMCP?
How do I install GhidraMCP?
Download the latest release ZIP file, open Ghidra, navigate to File > Install Extensions, click the + button and select the downloaded ZIP file, restart Ghidra, and enable the extension.
What are the prerequisites for using GhidraMCP?
What are the prerequisites for using GhidraMCP?
Ghidra 11.2.1+, Java 17 or newer, and Python 3.8+ (for the bridge script).
How do I connect Claude to GhidraMCP?
How do I connect Claude to GhidraMCP?
Install the MCP bridge script using pip install FastMCP and configure your Claude MCP setup with the provided JSON configuration.
What port does the MCP server run on by default?
What port does the MCP server run on by default?
The MCP server runs on port 8765 by default.
What kind of questions can I ask through the MCP interface?
What kind of questions can I ask through the MCP interface?
You can ask questions about encryption algorithms, decompiled code, suspicious API calls, the purpose of the binary, authentication mechanisms, potential vulnerabilities, network connections, and more.