Analysis updated 2026-05-18
Let an AI assistant decompile a binary and rename functions and variables for clarity.
Automatically trace which functions call which inside a compiled program.
Compare two versions of a binary to find what changed.
Search a binary for specific strings or byte patterns from the command line.
| cellebrite-labs/ghidra-rpc | resonancegnatassess/lossless-scaling | affaan-m/jarvis | |
|---|---|---|---|
| Stars | 162 | 163 | 158 |
| Language | Python | Python | Python |
| Setup difficulty | hard | easy | hard |
| Complexity | 4/5 | 2/5 | 5/5 |
| Audience | developer | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Ghidra 11+, Python 3.11+, and Java 17+ installed and configured together.
Ghidra is a free reverse engineering tool released by the US National Security Agency. Reverse engineering means examining compiled software binaries to understand what they do, often because you do not have access to the original source code. It is commonly used in security research, vulnerability analysis, and malware investigation. Ghidra-rpc, built by Cellebrite Labs, is a Python project that connects Ghidra to AI coding assistants so those assistants can perform reverse engineering work on their own. The way it works is that ghidra-rpc runs Ghidra as a persistent background process on your machine and exposes everything Ghidra can do through a command-line tool that speaks structured data. An AI assistant that can run shell commands, such as Claude Code or Cursor, can then issue commands and reason over the results without a human guiding each step. Because Ghidra stays running between commands rather than restarting each time, the session is fast and retains context. The AI can do a wide range of tasks through this setup: decompile functions into readable pseudo-code, trace which functions call which, search for specific strings or byte patterns inside a binary, rename functions and variables to make them easier to understand, define data structures, and compare two versions of a binary to find what changed. Any annotations, renames, or comments the AI adds are saved back to the Ghidra project file, so they show up if you later open that project in the regular Ghidra graphical interface. You can also use the command-line tool manually for debugging or to inspect binaries yourself without involving an AI. The README includes a short example showing how to load a binary, decompile a function, look up cross-references, and rename a function, all from the terminal. The project requires Ghidra 11 or later, Python 3.11 or later, and Java 17 or later. It is licensed under the MIT license and was developed at Cellebrite Labs. Documentation covers installation, a quickstart guide, and workflow guides for tasks like binary auditing, vulnerability research, and patch analysis.
A Python bridge that lets AI coding assistants like Claude Code drive Ghidra to reverse engineer software binaries on their own.
Mainly Python. The stack also includes Python, Ghidra, Java.
MIT license: use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.