Bridges Ghidra's reverse engineering capabilities with AI tools.
Ghidra MCP Server
If you find this useful, please ⭐ star the repo — it helps others discover it!
A production-ready Model Context Protocol (MCP) server that bridges Ghidra's powerful reverse engineering capabilities with modern AI tools and automation frameworks. 193 MCP tools, battle-tested AI workflows, and the most comprehensive Ghidra-MCP integration available.
Why Ghidra MCP?
Most Ghidra MCP implementations give you a handful of read-only tools and call it a day. This project is different — it was built by a reverse engineer who uses it daily on real binaries, not as a demo.
- 193 MCP tools — 3x more than any competing implementation. Not just read operations — full write access for renaming, typing, commenting, structure creation, and script execution.
- Battle-tested AI workflows — Proven documentation workflows (V5) refined across hundreds of functions. Includes step-by-step prompts, Hungarian notation reference, batch processing guides, and orphaned code discovery.
- Production-grade reliability — Atomic transactions, batch operations (93% API call reduction), configurable timeouts, and graceful error handling. No silent failures.
- Cross-binary documentation transfer — SHA-256 function hash matching propagates documentation across binary versions automatically. Document once, apply everywhere.
- Full Ghidra Server integration — Connect to shared Ghidra servers, manage repositories, version control, checkout/checkin workflows, and multi-user collaboration.
- Headless and GUI modes — Run with or without the Ghidra GUI. Docker-ready for CI/CD pipelines and automated analysis at scale.
🌟 Features
Core MCP Integration
- Full MCP Compatibility — Complete implementation of Model Context Protocol
- 193 MCP Tools — Comprehensive API surface covering every aspect of binary analysis
- Production-Ready Reliability — Atomic transactions, batch operations, configurable timeouts
- Real-time Analysis — Live integration with Ghidra's analysis engine
Binary Analysis Capabilities
- Function Analysis — Decompilation, call graphs, cross-references, completeness scoring
- Data Structure Discovery — Struct/union/enum creation with field analysis and naming suggestions
- String Extraction — Regex search, quality filtering, and string-anchored function discovery
- Import/Export Analysis — Symbol tables, external locations, ordinal import resolution
- Memory & Data Inspection — Raw memory reads, byte pattern search, array boundary detection
- Cross-Binary Documentation — Function hash matching and documentation propagation across versions
AI-Powered Reverse Engineering Workflows
- Function Documentation Workflow V5 — 7-step process for complete function documentation with Hungarian notation, type auditing, and automated verification scoring
- Batch Documentation — Parallel subagent dispatch for documenting multiple functions simultaneously
- Orphaned Code Discovery — Automated scanner finds undiscovered functions in gaps between known code
- Data Type Investigation — Systematic workflows for structure discovery and field analysis
- Cross-Version Matching — Hash-based function matching across different binary versions
Development & Automation
- Ghidra Script Management — Create, run, update, and delete Ghidra scripts entirely via MCP
- Multi-Program Support — Switch between and compare multiple open programs
- Batch Operations — Bulk renaming, commenting, typing, and label management (93% fewer API calls)
- Headless Server — Full analysis without Ghidra GUI — Docker and CI/CD ready
- Project & Version Control — Create projects, manage files, Ghidra Server integration
- Analysis Control — List, configure, and trigger Ghidra analyzers programmatically
🚀 Quick Start
Prerequisites
- Java 21 LTS (OpenJDK recommended)
- Apache Maven 3.9+
- Ghidra 12.0.3 (or compatible version)
- Python 3.8+ with pip
Installation
Recommended for Windows: use
mcp4ghidra-setup.ps1as the primary entry point. It handles prerequisite setup + build + deployment in one command.Important:
-SetupDepsinstalls Maven/Ghidra JAR dependencies only.-Deployis the end-user command and (by default) also ensures Python requirements before build/deploy.
Clone the repository:
git clone https://github.com/bethington/ghidra-mcp.git cd ghidra-mcpRecommended: run environment preflight first:
.\mcp
Tools (4)
analyze_functionPerforms deep analysis on a specific function including decompilation and cross-reference mapping.rename_functionRenames a function within the Ghidra project.create_structureDefines a new data structure in the Ghidra project.run_scriptExecutes a specified Ghidra script file.Environment Variables
GHIDRA_PATHrequiredPath to the local Ghidra installation directory.JAVA_HOMErequiredPath to the Java 21 JDK installation.Configuration
{"mcpServers": {"ghidra": {"command": "python", "args": ["path/to/ghidra-mcp/main.py"]}}}