Security Java ★ 9,126

LaurieWired/GhidraMCP

A Model Context Protocol server for Ghidra that enables LLMs to autonomously reverse engineer applications. Provides tools for decompiling binaries, renaming methods and data, and listing methods, classes, imports, and exports.

Claude Desktop config.json'a ekle

{
  "mcpServers": {
    "lauriewired-ghidramcp": {
      "command": "node",
      "args": [
        "~/.mcp/GhidraMCP/index.js"
      ]
    }
  }
}

Bu MCP sunucusu hakkında

License GitHub release (latest by date) GitHub stars GitHub forks GitHub contributors Follow @lauriewired

ghidra_MCP_logo

ghidraMCP

ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.

https://github.com/user-attachments/assets/36080514-f227-44bd-af84-78e29ee1d7f9

Features

MCP Server + Ghidra Plugin

  • Decompile and analyze binaries in Ghidra
  • Automatically rename methods and data
  • List methods, classes, imports, and exports

Installation

Prerequisites

Ghidra

First, download the latest release from this repository. This contains the Ghidra plugin and Python MCP client. Then, you can directly import the plugin into Ghidra.

  1. Run Ghidra
  2. Select File -> Install Extensions
  3. Click the + button
  4. Select the GhidraMCP-1-2.zip (or your chosen version) from the downloaded release
  5. Restart Ghidra
  6. Make sure the GhidraMCPPlugin is enabled in File -> Configure -> Developer
  7. Optional: Configure the port in Ghidra with Edit -> Tool Options -> GhidraMCP HTTP Server

Video Installation Guide:

https://github.com/user-attachments/assets/75f0c176-6da1-48dc-ad96-c182eb4648c3

MCP Clients

Theoretically, any MCP client should work with ghidraMCP. Three examples are given below.

Example 1: Claude Desktop

To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Alternatively, edit this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json

The server IP and port are configurable and should be set to point to the target Ghidra instance. If not set, both will default to localhost:8080.

Example 2: Cline

To use GhidraMCP with Cline, this requires manually running the MCP server as well. First run the following command:

python bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081 --ghidra-server http://127.0.0.1:8080/

The only required argument is the transport. If all other arguments are unspecified, they will default to the above. Once the MCP server is running, open up Cline and select MCP Servers at the top.

Cline select

Then select Remote Servers and add the following, ensuring that the url matches the MCP host and port:

  1. Server Name: GhidraMCP
  2. Server URL: http://127.0.0.1:8081/sse

Example 3: 5ire

Another MCP client that supports multiple models on the backend is 5ire. To set up GhidraMCP, open 5ire and go to Tools -> New and set the following configurations:

  1. Tool Key: ghidra
  2. Name: GhidraMCP
  3. Command: python /ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py

Building from Source

  1. Copy the following files from your Ghidra directory to this project’s lib/ directory:
  • Ghidra/Features/Base/lib/Base.jar
  • Ghidra/Features/Decompiler/lib/Decompiler.jar
  • Ghidra/Framework/Docking/lib/Docking.jar
  • Ghidra/Framework/Generic/lib/Generic.jar
  • Ghidra/Framework/Project/lib/Project.jar
  • Ghidra/Framework/SoftwareModeling/lib/SoftwareModeling.jar
  • Ghidra/Framework/Utility/lib/Utility.jar
  • Ghidra/Framework/Gui/lib/Gui.jar
  1. Build with Maven by running:

mvn clean package assembly:single

The generated zip file includes the built Ghidra plugin and its resources. These files are required for Ghidra to recognize the new extension.

  • lib/GhidraMCP.jar
  • extensions.properties
  • Module.manifest

Benzer MCP sunucuları

mrexodia/ida-pro-mcp Security

MCP server for IDA Pro, allowing you to perform binary analysis with AI assistants. This plugin implement decompilation, disassembly and allows you to generate malware analysis reports automatically.

mrexodia/ida-pro-mcp ★ 9,115
zinja-coder/jadx-ai-mcp Security

JADX-AI-MCP is a plugin and MCP Server for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.

zinja-coder/jadx-ai-mcp ★ 2,251
beelzebub-labs/beelzebub Security

Beelzebub is a honeypot framework that lets you build honeypot tools using MCP. Its purpose is to detect prompt injection or malicious agent behavior. The underlying idea is to provide the agent with tools it would never use in its normal work.

beelzebub-labs/beelzebub ★ 2,033
safedep/vet Security

vet-mcp checks open source packages—like those suggested by AI coding tools—for vulnerabilities and malicious code. It supports npm and PyPI, and runs locally via Docker or as a standalone binary for fast, automated vetting.

safedep/vet ★ 1,066
semgrep/mcp Security

Allow AI agents to scan code for security vulnerabilites using Semgrep.

semgrep/mcp ★ 668
symgraph/GhidrAssistMCP Security

A native Model Context Protocol server for Ghidra. Includes GUI configuration and logging, 31 powerful tools and no external dependencies.

symgraph/GhidrAssistMCP ★ 635
Daha fazla: Security →