Ghidra MCP: Your Reverse Engineering Copilot
Reverse engineering is a deep, complex craft. You're often juggling disassemblers, decompilers, and memory dumps, trying to piece together a story from raw bytes. It's a workflow that can feel fragmented, hopping between tools and contexts. What if your analysis environment could talk back, helping you navigate the process?
Enter Ghidra MCP. It's a minimalist Model Context Protocol (MCP) server that brings the powerful Ghidra reverse engineering framework directly into your AI-assisted workflow. Think of it as giving your coding assistant—like Claude Code or a similar tool using MCP—the keys to your Ghidra project. You can ask questions about a binary and get answers based on the actual disassembly, not just guesswork.
What It Does
In simple terms, this tool bridges Ghidra and AI agents that support the MCP standard. Once the server is running, your AI assistant can interact with your open Ghidra projects. It can list functions, retrieve disassembly for specific routines, pull out cross-references, and even get decompiled C code. Instead of you manually searching through the GUI for a function's purpose, you can just ask your AI, "What does the function FUN_00123456 do?" and it can read the decompiled output to give you an informed answer.
Why It's Cool
The clever part is the focus and simplicity. It doesn't try to rebuild Ghidra or create a massive AI plugin. It uses MCP as a lightweight, standardized pipe. This means any MCP-compatible AI tool can immediately become a reverse engineering sidekick without special integration.
The use cases are pretty neat. Imagine you're exploring a large, unfamiliar binary. You can have a conversation: "List all functions that call socket," then "Show me the disassembly for the third one," and finally "Explain the logic of this function based on its decompilation." It turns a solitary investigation into a collaborative session, accelerating the initial analysis and discovery phase.
How to Try It
Getting started is straightforward. You'll need Python, Ghidra, and an MCP-compatible AI client (like Claude Desktop configured for local MCP servers).
- Clone the repo:
git clone https://github.com/bethington/ghidra-mcp.git cd ghidra-mcp - Install it:
pip install -e . - Run the server: Make sure Ghidra is running with a project open, then execute:
ghidra-mcp - Configure your AI client to point to this local MCP server (typically via a
claude_desktop_config.jsonfile or similar).
The repository README has the detailed steps and configuration examples.
Final Thoughts
As a developer, tools that seamlessly glue together specialized workflows are incredibly valuable. Ghidra MCP isn't about automating the deep, human insight needed for reverse engineering. It's about removing the friction of gathering the raw data—the disassembly, the decompilation, the references—so you can focus on the higher-level analysis and understanding. It makes asking quick, iterative questions of a codebase as natural in a binary as it is in your own source code. If you live in Ghidra and are curious about AI-assisted workflows, this is a minimal, practical way to start.
Follow for more projects: @githubprojects
Repository: https://github.com/bethington/ghidra-mcp