GhidraMCP
by HK47196
Overview
GhidraMCP is a Model Context Protocol server that allows LLMs to autonomously reverse engineer applications by exposing numerous core Ghidra functionalities to MCP clients.
Installation
No command providedSecurity Notes
CRITICAL: The server starts an embedded HTTP server (default port 8080) without any visible authentication or authorization mechanisms. This exposes powerful Ghidra functionalities (modifying binaries, setting comments, manipulating structures, querying BSim databases, and arbitrary file imports) to any entity that can reach its IP:PORT. An attacker or compromised LLM client could load and analyze malicious binaries, modify loaded programs, or exfiltrate sensitive program data without user consent. The `importBinary` endpoint allows loading arbitrary files from the filesystem. The `bsim/select_database` endpoint allows connecting to arbitrary BSim databases. While no direct `eval` is present, the exposed APIs have significant side effects and should be heavily protected.
Similar Servers
ida-pro-mcp
This project provides an MCP (Model Context Protocol) server that integrates with IDA Pro, enabling AI assistants to perform reverse engineering tasks like binary analysis, decompilation, memory manipulation, and debugging within the IDA Pro environment.
reverse-engineering-assistant
Provides an MCP (Model Context Protocol) server to expose Ghidra's reverse engineering capabilities for AI models and automated binary analysis in a headless environment.
GhidrAssistMCP
This Ghidra extension provides an MCP server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API, supporting program analysis, modification, and navigation.
jadx-mcp-server
Facilitates live, LLM-driven reverse engineering and vulnerability analysis of Android APKs by integrating JADX with the Model Context Protocol.