Ghidra MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
git clone https://github.com/bethington/ghidra-mcp.git
cd ghidra-mcp
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add -e "GHIDRA_PATH=${GHIDRA_PATH}" -e "JAVA_HOME=${JAVA_HOME}" ghidra-mcp -- python "<FULL_PATH_TO_MCP4GHIDRA>/dist/index.js"

Replace <FULL_PATH_TO_MCP4GHIDRA>/dist/index.js with the actual folder you prepared in step 1.

Required:GHIDRA_PATHJAVA_HOME
README.md

Bridges Ghidra's reverse engineering capabilities with AI tools.

Ghidra MCP Server

If you find this useful, please ⭐ star the repo — it helps others discover it!

A production-ready Model Context Protocol (MCP) server that bridges Ghidra's powerful reverse engineering capabilities with modern AI tools and automation frameworks. 193 MCP tools, battle-tested AI workflows, and the most comprehensive Ghidra-MCP integration available.

Why Ghidra MCP?

Most Ghidra MCP implementations give you a handful of read-only tools and call it a day. This project is different — it was built by a reverse engineer who uses it daily on real binaries, not as a demo.

  • 193 MCP tools — 3x more than any competing implementation. Not just read operations — full write access for renaming, typing, commenting, structure creation, and script execution.
  • Battle-tested AI workflows — Proven documentation workflows (V5) refined across hundreds of functions. Includes step-by-step prompts, Hungarian notation reference, batch processing guides, and orphaned code discovery.
  • Production-grade reliability — Atomic transactions, batch operations (93% API call reduction), configurable timeouts, and graceful error handling. No silent failures.
  • Cross-binary documentation transfer — SHA-256 function hash matching propagates documentation across binary versions automatically. Document once, apply everywhere.
  • Full Ghidra Server integration — Connect to shared Ghidra servers, manage repositories, version control, checkout/checkin workflows, and multi-user collaboration.
  • Headless and GUI modes — Run with or without the Ghidra GUI. Docker-ready for CI/CD pipelines and automated analysis at scale.

🌟 Features

Core MCP Integration

  • Full MCP Compatibility — Complete implementation of Model Context Protocol
  • 193 MCP Tools — Comprehensive API surface covering every aspect of binary analysis
  • Production-Ready Reliability — Atomic transactions, batch operations, configurable timeouts
  • Real-time Analysis — Live integration with Ghidra's analysis engine

Binary Analysis Capabilities

  • Function Analysis — Decompilation, call graphs, cross-references, completeness scoring
  • Data Structure Discovery — Struct/union/enum creation with field analysis and naming suggestions
  • String Extraction — Regex search, quality filtering, and string-anchored function discovery
  • Import/Export Analysis — Symbol tables, external locations, ordinal import resolution
  • Memory & Data Inspection — Raw memory reads, byte pattern search, array boundary detection
  • Cross-Binary Documentation — Function hash matching and documentation propagation across versions

AI-Powered Reverse Engineering Workflows

  • Function Documentation Workflow V5 — 7-step process for complete function documentation with Hungarian notation, type auditing, and automated verification scoring
  • Batch Documentation — Parallel subagent dispatch for documenting multiple functions simultaneously
  • Orphaned Code Discovery — Automated scanner finds undiscovered functions in gaps between known code
  • Data Type Investigation — Systematic workflows for structure discovery and field analysis
  • Cross-Version Matching — Hash-based function matching across different binary versions

Development & Automation

  • Ghidra Script Management — Create, run, update, and delete Ghidra scripts entirely via MCP
  • Multi-Program Support — Switch between and compare multiple open programs
  • Batch Operations — Bulk renaming, commenting, typing, and label management (93% fewer API calls)
  • Headless Server — Full analysis without Ghidra GUI — Docker and CI/CD ready
  • Project & Version Control — Create projects, manage files, Ghidra Server integration
  • Analysis Control — List, configure, and trigger Ghidra analyzers programmatically

🚀 Quick Start

Prerequisites

  • Java 21 LTS (OpenJDK recommended)
  • Apache Maven 3.9+
  • Ghidra 12.0.3 (or compatible version)
  • Python 3.8+ with pip

Installation

Recommended for Windows: use mcp4ghidra-setup.ps1 as the primary entry point. It handles prerequisite setup + build + deployment in one command.

Important: -SetupDeps installs Maven/Ghidra JAR dependencies only. -Deploy is the end-user command and (by default) also ensures Python requirements before build/deploy.

  1. Clone the repository:

    git clone https://github.com/bethington/ghidra-mcp.git
cd ghidra-mcp

  2. Recommended: run environment preflight first:

    .\mcp

Tools (4)

analyze_functionPerforms deep analysis on a specific function including decompilation and cross-reference mapping.
rename_functionRenames a function within the Ghidra project.
create_structureDefines a new data structure in the Ghidra project.
run_scriptExecutes a specified Ghidra script file.

Environment Variables

GHIDRA_PATHrequiredPath to the local Ghidra installation directory.
JAVA_HOMErequiredPath to the Java 21 JDK installation.

Configuration

claude_desktop_config.json
{"mcpServers": {"ghidra": {"command": "python", "args": ["path/to/ghidra-mcp/main.py"]}}}

Try it

Analyze the function at 0x00401000 and suggest a descriptive name based on its logic.
Find all orphaned code blocks in the current binary and list their entry points.
Create a new structure definition for the network packet header found at 0x00405000.
Run the standard function documentation workflow on the current program.
Compare the function at 0x00401000 with the same function in the previous binary version.

Frequently Asked Questions

What are the key features of Ghidra MCP Server?

193 specialized MCP tools for binary analysis and manipulation. Full read/write access for renaming, commenting, and structure creation. Cross-binary documentation transfer using SHA-256 function hash matching. Support for both GUI and headless Ghidra operation modes. Atomic batch operations to reduce API call overhead by 93%.

What can I use Ghidra MCP Server for?

Automating the documentation of large, complex binaries using AI-driven workflows. Propagating function names and comments across different versions of the same binary. Integrating Ghidra analysis into CI/CD pipelines for automated security auditing. Collaborative reverse engineering via Ghidra Server project management.

How do I install Ghidra MCP Server?

Install Ghidra MCP Server by running: git clone https://github.com/bethington/ghidra-mcp.git && cd ghidra-mcp

What MCP clients work with Ghidra MCP Server?

Ghidra MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Ghidra MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all other servers →

Related MCP Servers

Nuclear
Free, open-source music player without ads or tracking.
other17.1K stars
Domain Check
Fast domain availability checker with RDAP/WHOIS lookup and batch checking.
other253 stars
Ableton MCP Extended
Control Ableton Live using natural language via AI assistants
other142 stars
US Government Open Data MCP
MCP Server + TypeScript SDK for 40+ U.S. Government APIs
other90 stars
Garmin Connect
Access your fitness, health, and training data from MCP clients.
other71 stars
BinjaLattice MCP
Secure communication protocol for Binary Ninja and MCP servers
other61 stars