VERIFIED

Ghidramcp

Safety: 45/100

0.0(0)

ghidraMCP is a Model Context Protocol server that exposes Ghidra's reverse engineering tools to LLMs for autonomous binary analysis and modification.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

ghidraMCP is a Model Context Protocol server that exposes Ghidra's reverse engineering tools to LLMs for autonomous binary analysis and modification.

ghidraMCP's safety depends heavily on the configuration of both Ghidra and the MCP client. It is relatively safe when used in a controlled environment with limited network access and well-defined permissions. Risks increase when exposed to untrusted networks or when the MCP client has broad permissions within Ghidra.

Performance is limited by Ghidra's processing speed and the network latency between the MCP client and the Ghidra instance. Large binaries may take a significant amount of time to analyze.

Cost considerations include the computational resources required to run Ghidra and the potential cost of using a commercial LLM service as the MCP client.

CloudJava7,562 starsApache-2.0Released 6/23/2025CI/CD

Connections & Capabilities

Connects To

GitHub

Capabilities

ReadWriteExec

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Claude Desktop Config

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Tools (3)

safe

Decompile and analyze binaries in Ghidra

Decompiles and analyzes binary files using Ghidra's capabilities.

Primarily a read operation, though analysis can trigger further actions.

moderate

Automatically rename methods and data

Automatically renames methods and data within Ghidra's project based on LLM suggestions.

Modifies the Ghidra project, but changes are typically reversible.

safe

List methods, classes, imports, and exports

Lists methods, classes, imports, and exports from the analyzed binary.

Read-only operation that retrieves information about the binary.

Security

Auth Method

None

Data Locality

cloud

Known Risks

!Potential for unauthorized code modification if the LLM is compromised.
!Exposure of sensitive information within binaries to external LLMs.
!Reliance on the security of the Ghidra platform itself.
!Denial-of-service attacks by overloading the Ghidra instance.
!Vulnerabilities in the bridge_mcp_ghidra.py script could be exploited.

Safety Score

moderate risk

Positive

+Requires explicit user configuration to enable the Ghidra plugin.
+Ghidra's access controls can limit the scope of operations.
+MCP provides a layer of abstraction, potentially limiting direct system access.
+Optional configuration of the port in Ghidra allows for network access control.

Risks

-Exposes Ghidra's functionality, including decompilation and code modification, to LLMs.
-Improperly configured MCP clients could potentially execute unintended actions.
-The server can perform write operations, including renaming methods and data.
-Reliance on Ghidra's security posture, which may have vulnerabilities.
-Potential for information leakage if sensitive data is exposed through the MCP interface.

Use Cases

Reverse Engineering Automation

-Automated identification of vulnerabilities in software.
-Accelerated analysis of malware samples.
-Assisted reverse engineering of proprietary protocols.

Code Understanding

-Automated summarization of complex code functions.
-Generation of human-readable documentation from binaries.
-Identification of code dependencies and relationships.

Security Auditing

-Automated detection of security flaws in compiled applications.
-Verification of security patches.
-Compliance checking against security standards.

Who Is This For?

Best For

Reverse engineers seeking to automate repetitive tasks.
Security researchers analyzing malware samples.
Software developers trying to understand legacy code.
Organizations performing security audits of compiled applications.

Not Ideal For

Environments with strict security requirements that prohibit exposing binaries to external systems.
Real-time analysis where low latency is critical.
Users without experience in reverse engineering or Ghidra.

Autonomy & Execution

Default ModeRead and Write enabled

Autonomy is controlled by the capabilities of the connected LLM and the permissions granted within Ghidra. There is no built-in sandboxing or rollback mechanism.

StatelessNo

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Monitor Ghidra's resource usage and performance to prevent denial-of-service issues when using ghidraMCP in a production environment.

FAQ

What is the default port for the Ghidra HTTP server?

The default port is 8080, but it can be configured in Ghidra's tool options.

Can I use ghidraMCP with any MCP client?

Theoretically, yes. However, compatibility may vary, and some clients may require specific configuration.

Is ghidraMCP safe to use in a production environment?

It depends on your security requirements and configuration. Exercise caution and monitor resource usage.

What Ghidra versions are supported?

The plugin is designed for recent Ghidra versions. Check the release notes for specific compatibility information.

How do I troubleshoot connection issues between the MCP client and the Ghidra server?

Verify that the Ghidra HTTP server is running, the port is correctly configured, and there are no firewall restrictions.

Does ghidraMCP support authentication?

No, ghidraMCP does not implement authentication. Access control relies on Ghidra's internal mechanisms and network security.

Can I use ghidraMCP to modify the original binary file?

No, ghidraMCP operates on the Ghidra project and does not directly modify the original binary file.

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Ghidramcp - AI Tool Review & Alternatives | Flaex AI