home / mcp / ghidra mcp server

Ghidra MCP Server

Ghidra MCP server that extracts decompiled binary context and exposes it to LLMs via Model Context Protocol.

Installation

Add the following to your MCP client configuration file.

Configuration

{
  "mcpServers": {
    "bamimore-tomi-ghidra_mcp": {
      "command": "mcp",
      "args": [
        "dev",
        "main.py"
      ]
    }
  }
}

You can run Ghidra in headless mode and expose rich binary analysis data through MCP, turning it into an interactive reverse-engineering backend. This server lets you list functions, view decompiled pseudocode, examine structures and enums, and retrieve function definitions for integration with LLMs and other MCP clients.

How to use

Start by connecting your MCP client to the Ghidra MCP Server. You will access a set of tools that expose binary analysis results: list all functions, fetch pseudocode for a function, list and inspect structures, enums, and function definitions. Use these tools to build prompts for an LLM, verify analyses, or feed context into your analytics workflows. The server operates as a local or remote MCP endpoint that you interact with through the MCP client, without needing to manage Ghidra state manually.

How to install

# Prerequisites
# 1) Ensure you have Python installed (see below)
# 2) Install Java 21 (required by Ghidra 11.3.1+)
# 3) Install Ghidra (11.3.1+)
# 4) Install the MCP CLI
# 5) Prepare a directory for the MCP server project (e.g., ghidra_mcp)

# Step 1: Install Java 21 (required by Ghidra)
brew install --cask temurin@21
export JAVA_HOME=$(/usr/libexec/java_home -v 21)
echo 'export JAVA_HOME=$(/usr/libexec/java_home -v 21)' >> ~/.zshrc
source ~/.zshrc
java -version

# Step 2: Install Ghidra
# Download and extract Ghidra 11.3.1 (follow official distribution steps)

# Step 3: Install the MCP CLI
# Requires Python and pip
pip install mcp

# Step 4: Install the MCP server script into your project
# (Assuming the main server script is main.py and located in ghidra_mcp)
cd ghidra_mcp

# Step 5: Install the server via MCP CLI
mcp install main.py

# Step 6: Run in development mode for testing
mcp dev main.py

Additional setup notes

The server provides a set of tools for reverse-engineering data exposed through Ghidra. You do not need to directly interact with Ghidra’s GUI for normal MCP usage; the server handles headless analysis and outputs a JSON structure that your MCP client can query.

Configuration and troubleshooting

If you encounter issues, ensure Java 21 is correctly installed and JAVA_HOME is set. If your MCP client cannot locate the UV runtime or other binaries, verify your environment paths and update your MCP client configuration with the correct command and arguments.

Notes on usage patterns

Use the available tools to explore the binary analysis results incrementally. For example, list all functions to locate entry points, then fetch pseudocode for specific functions to understand program behavior. Inspect structures and enums to interpret data representations, and retrieve function definitions to confirm prototypes and argument types.

Available tools

list_functions

Return a list of all functions detected in the analyzed binary.

get_pseudocode

Return the decompiled pseudocode for a specified function by name.

list_structures

Return a list of all data structures (structs) found in the binary.

get_structure

Return detailed information about a specific struct by name.

list_enums

Return a list of all enums identified in the binary.

get_enum

Return the values and usage of a specific enum by name.

list_function_definitions

Return all function prototypes including return types and parameters.

get_function_definition

Return the function definition details (return type and parameters) for a given function name.