explaingit

lauriewired/ghidramcp

8,863JavaAudience · developerComplexity · 4/5Setup · hard

TLDR

A plugin that connects the NSA's free reverse engineering tool Ghidra to AI assistants so the AI can automatically decompile binaries, list functions, and suggest names without manual clicking.

Mindmap

mindmap
  root((GhidraMCP))
    What it does
      AI reverse engineering
      Binary analysis
      Function renaming
    Components
      Ghidra plugin
      Python bridge
      MCP protocol
    AI Clients
      Claude Desktop
      Cline
      5ire
    Use Cases
      Malware analysis
      Security research
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Let an AI assistant walk through a compiled binary in Ghidra, propose descriptive function names, and summarize what each section does.

USE CASE 2

Automate malware analysis by asking an AI client to query Ghidra's decompiler via the MCP bridge and explain suspicious code sections.

USE CASE 3

Speed up reverse engineering by having an AI list all imports and exports in a binary and explain their likely purpose.

Tech stack

JavaPythonMavenMCP

Getting it running

Difficulty · hard Time to first run · 1h+

Requires a local Ghidra installation, Maven to build from source, and a compatible AI client with MCP support configured.

License not mentioned in the explanation.

In plain English

GhidraMCP connects Ghidra, a software analysis tool, to AI assistants so that the AI can help examine compiled programs. Ghidra is an open-source reverse engineering tool originally released by the NSA, it lets analysts open a compiled application and look inside it to understand what it does, even without access to the original source code. GhidraMCP adds a bridge so that AI assistants can use Ghidra's features automatically. The bridge works through something called the Model Context Protocol, or MCP. MCP is a standard for letting AI chat tools call out to external software in a structured way. Once GhidraMCP is installed, an AI assistant can ask Ghidra to decompile a binary, list the functions it contains, rename things to more descriptive labels, and pull out imports and exports, all without the user having to click through Ghidra's interface manually. Installation involves two pieces. First, you install a plugin into Ghidra using its built-in extension manager. Second, you run a small Python script that acts as the bridge between the AI client and Ghidra's local server. The project includes configuration examples for three AI clients: Claude Desktop, Cline, and 5ire. Each example shows what settings to change so the AI client knows where to find the running Ghidra instance. The primary use case is security research and malware analysis. Instead of manually tracing through disassembled code, a researcher can ask an AI to walk through the binary, propose names for unnamed functions, and summarize what different sections of code appear to do. The AI still works within Ghidra's analysis environment, it is calling Ghidra's own decompiler and database rather than interpreting raw bytes itself. Building from source requires Maven and a local Ghidra installation to copy library files from. Pre-built releases are available on the GitHub releases page for those who do not want to compile it themselves.

Copy-paste prompts

Prompt 1
Walk me through installing GhidraMCP: what do I install inside Ghidra, how do I start the Python bridge server, and how do I configure Claude Desktop to connect to it?
Prompt 2
I have GhidraMCP running with a binary loaded in Ghidra. Ask the AI to list all functions with auto-generated names like FUN_ and rename each one to something descriptive based on what it does.
Prompt 3
Using GhidraMCP, have the AI decompile the main entry point function of my loaded binary and explain step by step what it does.
Prompt 4
How do I configure Cline to use GhidraMCP? Show me the exact JSON settings format I need to add.
Prompt 5
What does GhidraMCP expose through MCP? List the specific operations an AI client can call on the running Ghidra instance.
Open on GitHub → Explain another repo

← lauriewired on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.