AgentConn

Ghidra MCP

MCP Advanced Security Open Source

GhidraMCP connects the NSA-developed Ghidra reverse engineering framework to AI agents via MCP. Agents can decompile binaries, analyze code flow, identify vulnerabilities, and navigate complex binary code through natural language commands.

Input / Output

Accepts

binary-file function-address

Produces

decompiled-code analysis-report call-graph

Overview

GhidraMCP brings NSA’s Ghidra reverse engineering tool to AI agents. Security researchers can ask their AI to decompile functions, trace call graphs, identify vulnerabilities, and annotate code — dramatically accelerating binary analysis.

How It Works

  1. Install Ghidra plugin — Add the MCP bridge
  2. Load binary — Open target in Ghidra
  3. Connect agent — Configure MCP server
  4. Analyze — “What does the function at 0x401000 do?”

Use Cases

  • Malware analysis — AI-assisted reverse engineering
  • Vulnerability research — Find bugs in compiled code
  • CTF competitions — Rapid binary challenge solving
  • Firmware analysis — Analyze IoT device firmware

Getting Started

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": ["-m", "ghidra_mcp_server"]
    }
  }
}

Example

User: "Decompile main and explain what it does"
Agent: "Main reads config, opens socket on port 4444,
⚠️ uses strcpy (buffer overflow risk at 0x40123C)"

Alternatives

  • HexStrike AI — 150+ security tools via MCP
  • Binary Ninja — Alternative disassembler
  • IDA Pro — Industry standard (commercial)

Tags

#reverse-engineering #ghidra #binary-analysis #security #mcp
View on GitHub

Compatible Agents

AI agents that work well with Ghidra MCP.

C

Claude Code

Coding
C

Cursor

Coding

Similar Skills

🔥 Hot
🔒

HexStrike AI

7.9k

150+ cybersecurity tools accessible via MCP — pentesting, vulnerability scanning, OSINT, and more.

MCP Advanced
Security Open Source
81/100 Updated today