ghidraMCP
by LaurieWired
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
Last updated: N/A
What is ghidraMCP?
ghidraMCP is an MCP server and Ghidra plugin that enables LLMs to interact with and leverage Ghidra's reverse engineering capabilities.
How to use ghidraMCP?
First, install Ghidra and the GhidraMCP plugin. Then, configure an MCP client (like Claude Desktop, Cline, or 5ire) to connect to the ghidraMCP server. The README provides detailed instructions for installing the Ghidra plugin and configuring various MCP clients.
Key features of ghidraMCP
Decompile and analyze binaries in Ghidra
Automatically rename methods and data
List methods, classes, imports, and exports
MCP Server + Ghidra Plugin
Use cases of ghidraMCP
Automated reverse engineering tasks
Assisting LLMs in understanding binary code
Enhancing LLM-driven security analysis
Facilitating autonomous code analysis
FAQ from ghidraMCP
What is Ghidra?
What is Ghidra?
Ghidra is a software reverse engineering (SRE) framework developed by the National Security Agency (NSA).
What is MCP?
What is MCP?
MCP stands for Model Context Protocol, a protocol that allows LLMs to interact with external tools.
Which MCP clients are supported?
Which MCP clients are supported?
Theoretically, any MCP client should work. Examples are provided for Claude Desktop, Cline, and 5ire.
How do I install the Ghidra plugin?
How do I install the Ghidra plugin?
Download the latest release, then in Ghidra, select File -> Install Extensions, click the + button, select the zip file, restart Ghidra, and enable the plugin in File -> Configure -> Developer.
How do I configure the server port?
How do I configure the server port?
Configure the port in Ghidra with Edit -> Tool Options -> GhidraMCP HTTP Server.