/ Annuaire / Playground / GhidrAssistMCP
← Tous les serveurs ↗ GitHub
● Communauté symgraph ⚡ Instantané

GhidrAssistMCP

par symgraph · symgraph/GhidrAssistMCP

35 MCP tools bridging Ghidra's reverse engineering platform with AI — decompile, analyze functions, trace xrefs, and rename symbols.

GhidrAssistMCP is a Ghidra extension that implements a full MCP server with 35 built-in tools, 6 resources, and 7 prompts for reverse engineering tasks. It supports dual HTTP transports (SSE and Streamable), multi-program analysis, result caching, and asynchronous task management. Requires Ghidra 11.4+ and works with any MCP client.

▶ Voir la démo 📦 Installer 💡 Cas d'usage

Pourquoi l'utiliser

Fonctionnalités clés

Démo en direct

Aperçu en pratique

ghidrassistmcp.replay ▶ prêt
0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ghidrassistmcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json
{
  "context_servers": {
    "ghidrassistmcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/symgraph/GhidrAssistMCP"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add ghidrassistmcp -- TODO 'See README: https://github.com/symgraph/GhidrAssistMCP'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : GhidrAssistMCP

How to analyze an unknown binary with AI assistance in Ghidra

👤 Security researchers and malware analysts working in sandboxed environments ⏱ ~60 min advanced

Quand l'utiliser : You have a binary to analyze and want AI to help understand its functionality.

Prérequis
  • Ghidra 11.4+ with GhidrAssistMCP installed — Download release ZIP, install via File → Install Extensions
  • MCP client (e.g., Claude Desktop) — Configure to connect to GhidrAssistMCP's HTTP endpoint
Déroulement
  1. Get binary overview
    Get the binary info and list all imports. What libraries does this binary depend on and what do the imports suggest about its functionality?✓ Copié
    → Binary metadata with categorized import analysis
  2. Analyze key functions
    Find functions that reference network-related strings. Decompile the most interesting one and explain what it does.✓ Copié
    → Decompiled C code with annotated explanation
  3. Rename and annotate
    Based on our analysis, rename the functions we've identified with descriptive names and add comments explaining their purpose.✓ Copié
    → Confirmation of renamed symbols

Résultat : A partially annotated binary with key functions identified, named, and documented.

Pièges
  • Large binaries with thousands of functions overwhelm the analysis — Start with imports and strings to identify interesting functions, then focus on those
Combiner avec : filesystem

Solve a CTF binary reverse engineering challenge with Ghidra and AI

👤 CTF participants tackling reverse engineering challenges ⏱ ~45 min intermediate

Quand l'utiliser : You have a CTF binary that needs to be reversed to find a flag.

Prérequis
  • Ghidra with GhidrAssistMCP — Install the extension and load the challenge binary
Déroulement
  1. Find the main logic
    Search for functions that reference 'flag', 'correct', 'wrong', or 'password'. Decompile the most relevant one.✓ Copié
    → Decompiled function with validation logic
  2. Trace the check
    Follow the xrefs from the validation function. What data does it compare against and what transformation is applied to the input?✓ Copié
    → Detailed analysis of the check algorithm with data references

Résultat : Understanding of the validation logic sufficient to derive the flag.

Pièges
  • Obfuscated binaries resist straightforward decompilation — Use get_basic_blocks to understand control flow, then analyze blocks individually

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

ghidrassistmcp + filesystem

Export analysis results and annotated code to files for reporting

Export the decompiled code and our annotations for the network functions to a report file.✓ Copié

Outils

Ce que ce MCP expose

OutilEntréesQuand appelerCoût
get_binary_info none Get metadata about the loaded binary 0
get_functions offset?: int, limit?: int List functions in the binary 0
analyze_function address: str Decompile and analyze a specific function 0
search_strings pattern: str Search for strings in the binary 0
xrefs address: str, action: str Find cross-references to/from an address 0
rename_symbol old_name: str, new_name: str Rename a function or variable 0
get_imports none List all imported functions 0
get_basic_blocks function_address: str Get control flow blocks for a function 0

Coût et limites

Coût d'exécution

Quota d'API
N/A — fully local
Tokens par appel
200–2000 tokens (decompilation results can be large)
Monétaire
Free — both Ghidra and GhidrAssistMCP are free
Astuce
Use search_functions_by_name and search_strings to narrow targets before decompiling.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : N/A
Sortie de données : Local only — Ghidra analysis stays on your machine

Dépannage

Erreurs courantes et correctifs

Plugin not showing in Ghidra

Ensure you installed the extension ZIP via File → Install Extensions, then restarted Ghidra. Enable via File → Configure → Configure Plugins.

Vérifier : Search for 'GhidrAssistMCP' in the plugin configuration dialog
MCP client can't connect

Check the GhidrAssistMCP port in the plugin settings. Ensure no firewall blocks the connection.

Vérifier : Check the Ghidra console for MCP server startup messages
Decompilation fails for a function

Some functions (especially obfuscated ones) may fail to decompile. Try disassembly instead, or fix the function boundaries with define_func.

Vérifier : Use get_code as a fallback

Alternatives

GhidrAssistMCP vs autres

AlternativeQuand l'utiliserCompromis
reverse-engineering-assistantYou want a tool-driven approach optimized for LLM interaction with focus on context managementFewer tools but designed to reduce LLM hallucinations
ida-pro-mcpYou prefer IDA Pro over Ghidra for binary analysisIDA Pro is commercial ($) but has broader format support and faster analysis

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills