AI Personal Learning
and practical guidance
Current Position:Chief AI Sharing Circle AI tools main body (of a book)
讯飞绘镜

GhidraMCP: A Reverse Engineering Tool to Connect AI with Ghidra

2025-03-29 Source:GhidraMCP Classification:AI tools

General Introduction

GhidraMCP is an open source tool with the core goal of combining Artificial Intelligence (AI) with Ghidra, a powerful reverse engineering software. It automates the task of analyzing binary files by enabling large language models (LLMs) to operate directly on Ghidra through the Model Context Protocol (MCP) protocol. This tool was developed by LaurieWired on GitHub and released in March 2025 . It is suitable for security researchers, programmers, or users interested in reverse engineering.GhidraMCP is here to make otherwise complex manual analysis more efficient, especially for scenarios such as malware analysis and vulnerability discovery.

GhidraMCP:连接AI与Ghidra的逆向工程工具-1


 

Function List

  • Automated reverse engineering: control Ghidra through AI to automatically analyze binaries.
  • Method and Data Renaming: Identify methods and data in your code and automatically generate more readable names.
  • Binary file parsing: lists the file's functions, classes, import and export information.
  • Malware Analysis Support: Helps discover potential security vulnerabilities and malicious behavior.
  • Supports multiple MCP Client: Compatible Claude Desktop, 5ire and other clients.
  • Open source and customizable: users can modify the code or extend the functionality as needed.

 

Using Help

Installation process

GhidraMCP is required to work with Ghidra and MCP clients. The following are the detailed installation steps:

  1. Preparing the environment
    • Ensure that you have installed Ghidra, an open source reverse engineering tool developed by the National Security Agency (NSA) that can be downloaded from the Ghidra website.
    • Install the Python environment; Python 3.8 or higher is recommended because some of the scripts depend on Python.
    • Download GhidraMCP. from the GitHub repository Click "Releases" for the latest version of the ZIP file.
  2. Installation of the Ghidra plug-in
    • Unzip the downloaded GhidraMCP ZIP file and locate the plugin file (usually the .zip (Format).
    • Open Ghidra and go to the menu File -> Install ExtensionsThe
    • Click the "+" button to select the unzipped plugin file, confirm and restart Ghidra.
    • After the plugin installation is complete, GhidraMCP functionality is automatically integrated into Ghidra.
  3. Configuring the MCP Client
    GhidraMCP requires an MCP client to connect to the AI. the following is an example of Claude Desktop and 5ire:

    • Claude Desktop Configuration
      • Open Claude Desktop and go to Settings -> Developer -> Edit ConfigThe
      • Edit Configuration File claude_desktop_config.json, add the following: 
        {
"mcpServers": {
"ghidra": {
"command": "python",
"args": ["/你的绝对路径/bridge_mcp_ghidra.py"]
}
}
}
      • assure bridge_mcp_ghidra.py The file path is correct, this file is in the GhidraMCP download package.
    • 5ire Configuration
      • Turn on 5ire and go to Tools -> NewThe
      • Enter the path and parameters for GhidraMCP in the settings to save the configuration.
    • Once the configuration is complete, start the client and the AI will be able to communicate with Ghidra via the MCP protocol.
  4. Verify Installation
    • Open Ghidra and load a binary file (e.g. .exe maybe .bin).
    • Enter a command into the MCP client, such as "Analyze all functions of this file". If the return result is normal, the installation was successful.

Main Functions

  • Automated analysis of binary files
    • After opening the target file in Ghidra, switch to the MCP client.
    • Enter a natural language command, such as "list all functions and rename them". The AI automatically calls Ghidra's functions, analyzes the file, and returns the results.
    • The results are displayed in the client interface and usually include a list of functions and automatically generated new names.
  • Renaming methods and data
    • On the client side, type "rename all unnamed functions". The AI will guess what the function is used for based on the context and give you a more intuitive name.
    • If manual adjustments are required, the renamed results are synchronized to Ghidra's code view.
  • Malware Analysis
    • After loading the malware sample, enter "Check for Potential Vulnerabilities" or "Find Malicious Behavior".
    • The AI scans the file's import tables, strings, and call relationships, returning possible security issues such as suspicious network requests or file operations.

workflow

  1. Start the Ghidra and MCP clients.
  2. Import the binary file in Ghidra and click "Analyze" to start the initial parsing.
  3. Switch to the MCP client and enter an analyze command, such as "extract all strings" or "analyze function calls".
  4. View the returned results, adjust the instructions as needed or manually check the details.
  5. Save the analysis results and Ghidra supports exporting to a project file for subsequent use.

caveat

  • Ensure that the network is open, some AI models need to be called online.
  • If you encounter an error, check the bridge_mcp_ghidra.py or check the Issues page on GitHub for help.
  • For large files, analysis may take more time and it is recommended to test small samples first.

 

application scenario

  1. Malware research
    Security researchers can use GhidraMCP to quickly analyze a virus or Trojan horse to find the execution logic and hidden functions of malicious code.
  2. Software Vulnerability Mining
    Developers can use it to inspect binaries for potential security vulnerabilities such as buffer overflows or unauthorized access.
  3. Learn Reverse Engineering
    Beginners can quickly understand the structure and function of binary files with AI assistance, lowering the learning threshold.

 

QA

  1. Which operating systems does GhidraMCP support?
    It is compatible with all systems supported by Ghidra, including Windows, Mac and Linux.
  2. Programming experience required?
    Not required. Installation and basic use is a step-by-step process. However, if you want to customize the functionality, knowledge of Java or Python is a plus.
  3. Can it be used offline?
    Yes, but some of the AI models need to be networked. If you use local models, you can run them completely offline.
AD:MarsCode × TraeJoin the Beanbag MarsCode Partner Program and earn $1,000 Jingdong cards!
May not be reproduced without permission:Chief AI Sharing Circle " GhidraMCP: A Reverse Engineering Tool to Connect AI with Ghidra

Recommended

Can't find AI tools? Try here!

Just type in the keyword Accessibility Bing SearchYou can quickly find all the AI tools on this site.

讯飞文书 阿里绘蛙

FLUX.1 image generator (supports Chinese input)

Recent AI Hotspots

AI Tools Recommendations

AI Tools Classification

AI open source project(901)AI Open Services(113)AI programming(90)AI educational tools(89)AI writing(83)Prompt Jailbreak(82)Knowledge Retrieval and the RAG Framework(76)Claude(73)AI Localized Chat App(70)AI online image generation(70)AI Text-to-Speech(69)AI Life Efficiency Assistant(66)coding(64)AI marketing(63)Document Extraction and Cleaning(62)AI digital person(62)AI Integrated Multi-Model Dialog Platform(60)AI translation(60)AI search tools(59)Intelligent Body Development Framework(58)AI text and audio/video summarization tool(57)AI Text to Video(55)AI image style control(55)AI audio and video editing(53)AI image generation aids(46)AI Speech to Text(45)AI Image to Video(45)AI Side Hustle Money Making Program(44)AI image enlargement and restoration(41)AI data analysis(41)
en_USEnglish
zh_CN简体中文 ja日本語 de_DEDeutsch pt_BRPortuguês do Brasil en_USEnglish