Ghidra MCP server that extracts decompiled binary context and exposes it to LLMs via Model Context Protocol.
Overview
What is Ghidra MCP Server?
Ghidra MCP Server is a tool that allows users to utilize Ghidra in headless mode to extract detailed binary analysis data and expose it to large language models (LLMs) via the Model Context Protocol (MCP).
How to use Ghidra MCP Server?
To use Ghidra MCP Server, install the required software, set up the project, and run the server using the MCP CLI. You can then interact with the server to analyze binaries and retrieve information.
Key features of Ghidra MCP Server?
- Decompiles binaries using Ghidra in headless mode.
- Extracts function pseudocode, data structures, and function definitions.
- Outputs analysis results to a JSON file.
- Provides various tools for interacting with the extracted data via MCP.
Use cases of Ghidra MCP Server?
- Analyzing malware by extracting and understanding its binary structure.
- Assisting in reverse engineering software for security assessments.
- Enabling automated analysis of binaries for research purposes.
FAQ from Ghidra MCP Server?
- What are the system requirements for Ghidra MCP Server?
Requires macOS, Python 3.10+, Ghidra 11.3.1+, and Java 21.
- Can I use Ghidra MCP Server on Windows?
Currently, it is tested on macOS only.
- How do I install the MCP client?
You can install it via pip with the command
pip install mcp.