Labsco
Bamimore-Tomi logo

Ghidra MCP Server

β˜… 4

from Bamimore-Tomi

Exposes binary analysis data from Ghidra, including functions and pseudocode, to LLMs.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup

πŸ” Ghidra MCP Server

This project lets you use Ghidra in headless mode to extract rich binary analysis data (functions, pseudocode, structs, enums, etc.) into a JSON file, and expose it to LLMs like Claude via Model Context Protocol (MCP).

It turns Ghidra into an interactive reverse-engineering backend.


πŸš€ Features

  • Decompiles a binary using Ghidra headless mode
  • Extracts:
    • Function pseudocode, names, parameters, variables, strings, comments
    • Data structures (structs), enums, and function definitions
  • Outputs to ghidra_context.json
  • MCP server exposes tools like:
    • list_functions(), get_pseudocode(name)
    • list_structures(), get_structure(name)
    • list_enums(), get_enum(name)
    • list_function_definitions(), get_function_definition(name)

πŸ›°οΈ Tools Available

ToolDescription
setup_context(...)Run Ghidra on a binary
list_functions()All functions
get_pseudocode(name)Decompiled pseudocode
list_structures()All structs
get_structure(name)Details of a struct
list_enums()All enums
get_enum(name)Enum values
list_function_definitions()All function prototypes
get_function_definition()Return type & args

Sample Promot

Analyze the binary file located at <BINARY_PATH> using Ghidra installed at <GHIDRA_PATH>. First, set up the analysis context using both paths, then list all functions in the binary. Examine the main entry point function and provide a high-level overview of what the program does.

πŸ“‚ Project Structure

FilePurpose
main.pyMCP server with tools
export_context.pyGhidra script that extracts JSON
crackme.cSample C binary
crackmeCompiled binary to test

πŸ‘¨β€πŸ’» Author

Tomi Bamimore
Ghidra by the NSA
MCP by Anthropic