GhidraMCP

Overview

Features

• AI-Powered Binary Analysis: Connect AI assistants to Ghidra via the Model Context Protocol

• Natural Language Interface: Ask questions about binaries in plain English

• Deep Code Insights: Retrieve detailed function information and decompiled code

• Binary Structure Analysis: Explore imports, exports, and memory layouts

• Automated Security Analysis: Get AI-assisted insights about potential security vulnerabilities

• Socket-Based Architecture: High-performance communication between Ghidra and AI assistants

• Cross-Platform Compatibility: Works on all platforms supported by Ghidra

Installation

Prerequisites

• Ghidra 11.2.1+

• Java 17 or newer

• Python 3.8+ (for the bridge script)

Steps

1. Download the latest release ZIP file from the Releases page

2. Open Ghidra

3. Navigate to File > Install Extensions

4. Click the "+" button and select the downloaded ZIP file

5. Restart Ghidra to complete the installation

6. Enable the extension by going to File > Configure > Miscellaneous and checking the box next to "MCPServerPlugin"

Usage

Starting the MCP Server

• Host: localhost

• Port: 8765

Connecting with AI Assistants

Connecting with Claude

1. Install the MCP bridge script:

2. Add the following configuration to your Claude MCP setup:

Available Tools

Example Queries

• "What encryption algorithms are used in this binary?"

• "Can you show me the decompiled code for the function at 0x401000?"

• "What suspicious API calls does this malware make?"

• "Explain the purpose of this binary based on its imports and exports."

• "How does the authentication mechanism in this program work?"

• "Are there any potential buffer overflow vulnerabilities in this code?"

• "What network connections does this binary establish?"

• "Can you rename this function to something more descriptive?"

• "Show me all potential user input sources that could be exploited."

• "Generate a call graph for the main function."

Advanced Usage

Security Analysis Capabilities

API Call Sequence Analysis

User Input Sources

Call Graph Generation

Cryptographic Pattern Detection

Obfuscated String Detection

Custom Configurations

Integration with Analysis Workflows

1. Use Ghidra's standard analysis features to identify areas of interest

2. Leverage AI assistance through GhidraMCP for deeper understanding

3. Combine the AI insights with your manual analysis

4. Rename functions and data based on AI insights for better readability

Building from Source

1. Clone this repository

2. Set up a Ghidra development environment as described in the Ghidra Developer Guide

3. Set the GHIDRA_INSTALL_DIR environment variable:

4. Build with Gradle:

5. The extension ZIP will be created in the dist directory

Troubleshooting

Common Issues

• Connection Issues: Make sure the Ghidra instance is running and the plugin is enabled

• Port Conflicts: If port 8765 is already in use, modify the port in the plugin configuration

• Bridge Script Errors: Check if all required Python packages are installed with pip install FastMCP

• Null Results for Analysis Functions: Some security analysis functions may return null results if the binary doesn't contain relevant patterns

Logs

• Ghidra console for server-side messages

• ghidra_mcp_bridge.log for bridge script issues

Contributing

1. Fork the repository

2. Create your feature branch: git checkout -b feature/amazing-feature

3. Commit your changes: git commit -m 'Add some amazing feature'

4. Push to the branch: git push origin feature/amazing-feature

5. Open a Pull Request

Acknowledgments

• National Security Agency (NSA) for developing Ghidra

• Model Context Protocol community

• All contributors to this project

GhidraMCP

Overview

Features

• AI-Powered Binary Analysis: Connect AI assistants to Ghidra via the Model Context Protocol

• Natural Language Interface: Ask questions about binaries in plain English

• Deep Code Insights: Retrieve detailed function information and decompiled code

• Binary Structure Analysis: Explore imports, exports, and memory layouts

• Automated Security Analysis: Get AI-assisted insights about potential security vulnerabilities

• Socket-Based Architecture: High-performance communication between Ghidra and AI assistants

• Cross-Platform Compatibility: Works on all platforms supported by Ghidra

Installation

Prerequisites

• Ghidra 11.2.1+

• Java 17 or newer

• Python 3.8+ (for the bridge script)

Steps

1. Download the latest release ZIP file from the Releases page

2. Open Ghidra

3. Navigate to File > Install Extensions

4. Click the "+" button and select the downloaded ZIP file

5. Restart Ghidra to complete the installation

6. Enable the extension by going to File > Configure > Miscellaneous and checking the box next to "MCPServerPlugin"

Usage

Starting the MCP Server

• Host: localhost

• Port: 8765

Connecting with AI Assistants

Connecting with Claude

1. Install the MCP bridge script:

2. Add the following configuration to your Claude MCP setup:

Available Tools

Example Queries

• "What encryption algorithms are used in this binary?"

• "Can you show me the decompiled code for the function at 0x401000?"

• "What suspicious API calls does this malware make?"

• "Explain the purpose of this binary based on its imports and exports."

• "How does the authentication mechanism in this program work?"

• "Are there any potential buffer overflow vulnerabilities in this code?"

• "What network connections does this binary establish?"

• "Can you rename this function to something more descriptive?"

• "Show me all potential user input sources that could be exploited."

• "Generate a call graph for the main function."

Advanced Usage

Security Analysis Capabilities

API Call Sequence Analysis

User Input Sources

Call Graph Generation

Cryptographic Pattern Detection

Obfuscated String Detection

Custom Configurations

Integration with Analysis Workflows

1. Use Ghidra's standard analysis features to identify areas of interest

2. Leverage AI assistance through GhidraMCP for deeper understanding

3. Combine the AI insights with your manual analysis

4. Rename functions and data based on AI insights for better readability

Building from Source

1. Clone this repository

2. Set up a Ghidra development environment as described in the Ghidra Developer Guide

3. Set the GHIDRA_INSTALL_DIR environment variable:

4. Build with Gradle:

5. The extension ZIP will be created in the dist directory

Troubleshooting

Common Issues

• Connection Issues: Make sure the Ghidra instance is running and the plugin is enabled

• Port Conflicts: If port 8765 is already in use, modify the port in the plugin configuration

• Bridge Script Errors: Check if all required Python packages are installed with pip install FastMCP

• Null Results for Analysis Functions: Some security analysis functions may return null results if the binary doesn't contain relevant patterns

Logs

• Ghidra console for server-side messages

• ghidra_mcp_bridge.log for bridge script issues

Contributing

1. Fork the repository

2. Create your feature branch: git checkout -b feature/amazing-feature

3. Commit your changes: git commit -m 'Add some amazing feature'

4. Push to the branch: git push origin feature/amazing-feature

5. Open a Pull Request

Acknowledgments

• National Security Agency (NSA) for developing Ghidra

• Model Context Protocol community

• All contributors to this project