/ Directorio / Playground / GhidrAssistMCP
← Todos los servidores ↗ GitHub
● Comunidad symgraph ⚡ Instantáneo

GhidrAssistMCP

por symgraph · symgraph/GhidrAssistMCP

35 MCP tools bridging Ghidra's reverse engineering platform with AI — decompile, analyze functions, trace xrefs, and rename symbols.

GhidrAssistMCP is a Ghidra extension that implements a full MCP server with 35 built-in tools, 6 resources, and 7 prompts for reverse engineering tasks. It supports dual HTTP transports (SSE and Streamable), multi-program analysis, result caching, and asynchronous task management. Requires Ghidra 11.4+ and works with any MCP client.

▶ Ver demo 📦 Instalar 💡 Casos de uso

Por qué usarlo

Características clave

Demo en vivo

Cómo se ve en la práctica

ghidrassistmcp.replay ▶ listo
0/0

Instalar

Elige tu cliente

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Abre Claude Desktop → Settings → Developer → Edit Config. Reinicia después de guardar.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Cursor usa el mismo esquema mcpServers que Claude Desktop. La configuración del proyecto prevalece sobre la global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Haz clic en el icono MCP Servers de la barra lateral de Cline y luego en "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Mismo formato que Claude Desktop. Reinicia Windsurf para aplicar.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ghidrassistmcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  ]
}

Continue usa un array de objetos de servidor en lugar de un mapa.

~/.config/zed/settings.json
{
  "context_servers": {
    "ghidrassistmcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/symgraph/GhidrAssistMCP"
        ]
      }
    }
  }
}

Añádelo a context_servers. Zed recarga en caliente al guardar.

claude mcp add ghidrassistmcp -- TODO 'See README: https://github.com/symgraph/GhidrAssistMCP'

Un solo comando. Verifica con claude mcp list. Quita con claude mcp remove.

Casos de uso

Usos del mundo real: GhidrAssistMCP

How to analyze an unknown binary with AI assistance in Ghidra

👤 Security researchers and malware analysts working in sandboxed environments ⏱ ~60 min advanced

Cuándo usarlo: You have a binary to analyze and want AI to help understand its functionality.

Requisitos previos
  • Ghidra 11.4+ with GhidrAssistMCP installed — Download release ZIP, install via File → Install Extensions
  • MCP client (e.g., Claude Desktop) — Configure to connect to GhidrAssistMCP's HTTP endpoint
Flujo
  1. Get binary overview
    Get the binary info and list all imports. What libraries does this binary depend on and what do the imports suggest about its functionality?✓ Copiado
    → Binary metadata with categorized import analysis
  2. Analyze key functions
    Find functions that reference network-related strings. Decompile the most interesting one and explain what it does.✓ Copiado
    → Decompiled C code with annotated explanation
  3. Rename and annotate
    Based on our analysis, rename the functions we've identified with descriptive names and add comments explaining their purpose.✓ Copiado
    → Confirmation of renamed symbols

Resultado: A partially annotated binary with key functions identified, named, and documented.

Errores comunes
  • Large binaries with thousands of functions overwhelm the analysis — Start with imports and strings to identify interesting functions, then focus on those
Combinar con: filesystem

Solve a CTF binary reverse engineering challenge with Ghidra and AI

👤 CTF participants tackling reverse engineering challenges ⏱ ~45 min intermediate

Cuándo usarlo: You have a CTF binary that needs to be reversed to find a flag.

Requisitos previos
  • Ghidra with GhidrAssistMCP — Install the extension and load the challenge binary
Flujo
  1. Find the main logic
    Search for functions that reference 'flag', 'correct', 'wrong', or 'password'. Decompile the most relevant one.✓ Copiado
    → Decompiled function with validation logic
  2. Trace the check
    Follow the xrefs from the validation function. What data does it compare against and what transformation is applied to the input?✓ Copiado
    → Detailed analysis of the check algorithm with data references

Resultado: Understanding of the validation logic sufficient to derive the flag.

Errores comunes
  • Obfuscated binaries resist straightforward decompilation — Use get_basic_blocks to understand control flow, then analyze blocks individually

Combinaciones

Combínalo con otros MCPs para multiplicar por 10

ghidrassistmcp + filesystem

Export analysis results and annotated code to files for reporting

Export the decompiled code and our annotations for the network functions to a report file.✓ Copiado

Herramientas

Lo que expone este MCP

HerramientaEntradasCuándo llamarCoste
get_binary_info none Get metadata about the loaded binary 0
get_functions offset?: int, limit?: int List functions in the binary 0
analyze_function address: str Decompile and analyze a specific function 0
search_strings pattern: str Search for strings in the binary 0
xrefs address: str, action: str Find cross-references to/from an address 0
rename_symbol old_name: str, new_name: str Rename a function or variable 0
get_imports none List all imported functions 0
get_basic_blocks function_address: str Get control flow blocks for a function 0

Coste y límites

Lo que cuesta ejecutarlo

Cuota de API
N/A — fully local
Tokens por llamada
200–2000 tokens (decompilation results can be large)
Monetario
Free — both Ghidra and GhidrAssistMCP are free
Consejo
Use search_functions_by_name and search_strings to narrow targets before decompiling.

Seguridad

Permisos, secretos, alcance

Almacenamiento de credenciales: N/A
Salida de datos: Local only — Ghidra analysis stays on your machine

Resolución de problemas

Errores comunes y soluciones

Plugin not showing in Ghidra

Ensure you installed the extension ZIP via File → Install Extensions, then restarted Ghidra. Enable via File → Configure → Configure Plugins.

Verificar: Search for 'GhidrAssistMCP' in the plugin configuration dialog
MCP client can't connect

Check the GhidrAssistMCP port in the plugin settings. Ensure no firewall blocks the connection.

Verificar: Check the Ghidra console for MCP server startup messages
Decompilation fails for a function

Some functions (especially obfuscated ones) may fail to decompile. Try disassembly instead, or fix the function boundaries with define_func.

Verificar: Use get_code as a fallback

Alternativas

GhidrAssistMCP vs otros

AlternativaCuándo usarlaContrapartida
reverse-engineering-assistantYou want a tool-driven approach optimized for LLM interaction with focus on context managementFewer tools but designed to reduce LLM hallucinations
ida-pro-mcpYou prefer IDA Pro over Ghidra for binary analysisIDA Pro is commercial ($) but has broader format support and faster analysis

Más

Recursos

📖 Lee el README oficial en GitHub

🐙 Ver issues abiertas

🔍 Ver todos los 400+ servidores MCP y Skills