/ الدليل / الملعب / GhidrAssistMCP
← كل الخوادم ↗ GitHub
● مجتمع symgraph ⚡ فوري

GhidrAssistMCP

بواسطة symgraph · symgraph/GhidrAssistMCP

35 MCP tools bridging Ghidra's reverse engineering platform with AI — decompile, analyze functions, trace xrefs, and rename symbols.

GhidrAssistMCP is a Ghidra extension that implements a full MCP server with 35 built-in tools, 6 resources, and 7 prompts for reverse engineering tasks. It supports dual HTTP transports (SSE and Streamable), multi-program analysis, result caching, and asynchronous task management. Requires Ghidra 11.4+ and works with any MCP client.

▶ شاهد العرض 📦 التثبيت 💡 حالات الاستخدام

لماذا تستخدمه

الميزات الأساسية

عرض مباشر

كيف يبدو في الممارسة

ghidrassistmcp.replay ▶ جاهز
0/0

التثبيت

اختر العميل

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

افتح Claude Desktop → Settings → Developer → Edit Config. أعد التشغيل بعد الحفظ.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

يستخدم Cursor نفس مخطط mcpServers مثل Claude Desktop. إعدادات المشروع أولى من الإعدادات العامة.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

انقر على أيقونة MCP Servers في شريط Cline الجانبي، ثم "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

نفس الصيغة مثل Claude Desktop. أعد تشغيل Windsurf لتطبيق التغييرات.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ghidrassistmcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  ]
}

يستخدم Continue مصفوفة من كائنات الخادم بدلاً من خريطة.

~/.config/zed/settings.json
{
  "context_servers": {
    "ghidrassistmcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/symgraph/GhidrAssistMCP"
        ]
      }
    }
  }
}

أضف إلى context_servers. يعيد Zed التحميل تلقائيًا عند الحفظ.

claude mcp add ghidrassistmcp -- TODO 'See README: https://github.com/symgraph/GhidrAssistMCP'

أمر من سطر واحد. تحقق باستخدام claude mcp list. احذف باستخدام claude mcp remove.

حالات الاستخدام

استخدامات عملية: GhidrAssistMCP

How to analyze an unknown binary with AI assistance in Ghidra

👤 Security researchers and malware analysts working in sandboxed environments ⏱ ~60 min advanced

متى تستخدمه: You have a binary to analyze and want AI to help understand its functionality.

المتطلبات الأساسية
  • Ghidra 11.4+ with GhidrAssistMCP installed — Download release ZIP, install via File → Install Extensions
  • MCP client (e.g., Claude Desktop) — Configure to connect to GhidrAssistMCP's HTTP endpoint
الخطوات
  1. Get binary overview
    Get the binary info and list all imports. What libraries does this binary depend on and what do the imports suggest about its functionality?✓ تم النسخ
    → Binary metadata with categorized import analysis
  2. Analyze key functions
    Find functions that reference network-related strings. Decompile the most interesting one and explain what it does.✓ تم النسخ
    → Decompiled C code with annotated explanation
  3. Rename and annotate
    Based on our analysis, rename the functions we've identified with descriptive names and add comments explaining their purpose.✓ تم النسخ
    → Confirmation of renamed symbols

النتيجة: A partially annotated binary with key functions identified, named, and documented.

المزالق
  • Large binaries with thousands of functions overwhelm the analysis — Start with imports and strings to identify interesting functions, then focus on those
اجمعها مع: filesystem

Solve a CTF binary reverse engineering challenge with Ghidra and AI

👤 CTF participants tackling reverse engineering challenges ⏱ ~45 min intermediate

متى تستخدمه: You have a CTF binary that needs to be reversed to find a flag.

المتطلبات الأساسية
  • Ghidra with GhidrAssistMCP — Install the extension and load the challenge binary
الخطوات
  1. Find the main logic
    Search for functions that reference 'flag', 'correct', 'wrong', or 'password'. Decompile the most relevant one.✓ تم النسخ
    → Decompiled function with validation logic
  2. Trace the check
    Follow the xrefs from the validation function. What data does it compare against and what transformation is applied to the input?✓ تم النسخ
    → Detailed analysis of the check algorithm with data references

النتيجة: Understanding of the validation logic sufficient to derive the flag.

المزالق
  • Obfuscated binaries resist straightforward decompilation — Use get_basic_blocks to understand control flow, then analyze blocks individually

التركيبات

اجمعها مع خوادم MCP أخرى لتحقيق نتائج x10

ghidrassistmcp + filesystem

Export analysis results and annotated code to files for reporting

Export the decompiled code and our annotations for the network functions to a report file.✓ تم النسخ

الأدوات

ما يوفره هذا الـ MCP

الأداةالمدخلاتمتى تستدعيهاالتكلفة
get_binary_info none Get metadata about the loaded binary 0
get_functions offset?: int, limit?: int List functions in the binary 0
analyze_function address: str Decompile and analyze a specific function 0
search_strings pattern: str Search for strings in the binary 0
xrefs address: str, action: str Find cross-references to/from an address 0
rename_symbol old_name: str, new_name: str Rename a function or variable 0
get_imports none List all imported functions 0
get_basic_blocks function_address: str Get control flow blocks for a function 0

التكلفة والحدود

تكلفة التشغيل

حصة API
N/A — fully local
الرموز لكل استدعاء
200–2000 tokens (decompilation results can be large)
التكلفة المالية
Free — both Ghidra and GhidrAssistMCP are free
نصيحة
Use search_functions_by_name and search_strings to narrow targets before decompiling.

الأمان

الصلاحيات والأسرار ونطاق الأثر

تخزين بيانات الاعتماد: N/A
نقل البيانات الخارجي: Local only — Ghidra analysis stays on your machine

استكشاف الأخطاء

الأخطاء الشائعة وحلولها

Plugin not showing in Ghidra

Ensure you installed the extension ZIP via File → Install Extensions, then restarted Ghidra. Enable via File → Configure → Configure Plugins.

تحقق: Search for 'GhidrAssistMCP' in the plugin configuration dialog
MCP client can't connect

Check the GhidrAssistMCP port in the plugin settings. Ensure no firewall blocks the connection.

تحقق: Check the Ghidra console for MCP server startup messages
Decompilation fails for a function

Some functions (especially obfuscated ones) may fail to decompile. Try disassembly instead, or fix the function boundaries with define_func.

تحقق: Use get_code as a fallback

البدائل

GhidrAssistMCP مقابل البدائل

البديلمتى تستخدمهاالمقايضة
reverse-engineering-assistantYou want a tool-driven approach optimized for LLM interaction with focus on context managementFewer tools but designed to reduce LLM hallucinations
ida-pro-mcpYou prefer IDA Pro over Ghidra for binary analysisIDA Pro is commercial ($) but has broader format support and faster analysis

المزيد

الموارد

📖 اقرأ ملف README الرسمي على GitHub

🐙 تصفح القضايا المفتوحة

🔍 تصفح أكثر من 400 خادم MCP و Skills