/ 目錄 / 演練場 / GhidrAssistMCP
← 全部伺服器 ↗ GitHub
● 社群 symgraph ⚡ 即開即用

GhidrAssistMCP

作者 symgraph · symgraph/GhidrAssistMCP

35 MCP tools bridging Ghidra's reverse engineering platform with AI — decompile, analyze functions, trace xrefs, and rename symbols.

GhidrAssistMCP is a Ghidra extension that implements a full MCP server with 35 built-in tools, 6 resources, and 7 prompts for reverse engineering tasks. It supports dual HTTP transports (SSE and Streamable), multi-program analysis, result caching, and asynchronous task management. Requires Ghidra 11.4+ and works with any MCP client.

▶ 觀看演示 📦 安裝 💡 使用場景

為什麼要用

核心特性

即時演示

實際使用效果

ghidrassistmcp.replay ▶ 就緒
0/0

安裝

選擇你的客戶端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

開啟 Claude Desktop → Settings → Developer → Edit Config。儲存後重啟應用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

Cursor 使用與 Claude Desktop 相同的 mcpServers 格式。專案級設定優先於全域。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

點擊 Cline 側欄中的 MCP Servers 圖示,然後選 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ghidrassistmcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  }
}

格式與 Claude Desktop 相同。重啟 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ghidrassistmcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/symgraph/GhidrAssistMCP"
      ]
    }
  ]
}

Continue 使用伺服器物件陣列,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "ghidrassistmcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/symgraph/GhidrAssistMCP"
        ]
      }
    }
  }
}

加入 context_servers。Zed 儲存後熱重載。

claude mcp add ghidrassistmcp -- TODO 'See README: https://github.com/symgraph/GhidrAssistMCP'

一行命令搞定。用 claude mcp list 驗證,claude mcp remove 移除。

使用場景

實戰用法: GhidrAssistMCP

How to analyze an unknown binary with AI assistance in Ghidra

👤 Security researchers and malware analysts working in sandboxed environments ⏱ ~60 min advanced

何時使用: You have a binary to analyze and want AI to help understand its functionality.

前置條件
  • Ghidra 11.4+ with GhidrAssistMCP installed — Download release ZIP, install via File → Install Extensions
  • MCP client (e.g., Claude Desktop) — Configure to connect to GhidrAssistMCP's HTTP endpoint
步驟
  1. Get binary overview
    Get the binary info and list all imports. What libraries does this binary depend on and what do the imports suggest about its functionality?✓ 已複製
    → Binary metadata with categorized import analysis
  2. Analyze key functions
    Find functions that reference network-related strings. Decompile the most interesting one and explain what it does.✓ 已複製
    → Decompiled C code with annotated explanation
  3. Rename and annotate
    Based on our analysis, rename the functions we've identified with descriptive names and add comments explaining their purpose.✓ 已複製
    → Confirmation of renamed symbols

結果: A partially annotated binary with key functions identified, named, and documented.

注意事項
  • Large binaries with thousands of functions overwhelm the analysis — Start with imports and strings to identify interesting functions, then focus on those
搭配使用: filesystem

Solve a CTF binary reverse engineering challenge with Ghidra and AI

👤 CTF participants tackling reverse engineering challenges ⏱ ~45 min intermediate

何時使用: You have a CTF binary that needs to be reversed to find a flag.

前置條件
  • Ghidra with GhidrAssistMCP — Install the extension and load the challenge binary
步驟
  1. Find the main logic
    Search for functions that reference 'flag', 'correct', 'wrong', or 'password'. Decompile the most relevant one.✓ 已複製
    → Decompiled function with validation logic
  2. Trace the check
    Follow the xrefs from the validation function. What data does it compare against and what transformation is applied to the input?✓ 已複製
    → Detailed analysis of the check algorithm with data references

結果: Understanding of the validation logic sufficient to derive the flag.

注意事項
  • Obfuscated binaries resist straightforward decompilation — Use get_basic_blocks to understand control flow, then analyze blocks individually

組合

與其他 MCP 搭配,撬動十倍槓桿

ghidrassistmcp + filesystem

Export analysis results and annotated code to files for reporting

Export the decompiled code and our annotations for the network functions to a report file.✓ 已複製

工具

此 MCP 暴露的能力

工具輸入參數何時呼叫成本
get_binary_info none Get metadata about the loaded binary 0
get_functions offset?: int, limit?: int List functions in the binary 0
analyze_function address: str Decompile and analyze a specific function 0
search_strings pattern: str Search for strings in the binary 0
xrefs address: str, action: str Find cross-references to/from an address 0
rename_symbol old_name: str, new_name: str Rename a function or variable 0
get_imports none List all imported functions 0
get_basic_blocks function_address: str Get control flow blocks for a function 0

成本與限制

運行它的成本

API 配額
N/A — fully local
每次呼叫 Token 數
200–2000 tokens (decompilation results can be large)
費用
Free — both Ghidra and GhidrAssistMCP are free
提示
Use search_functions_by_name and search_strings to narrow targets before decompiling.

安全

權限、密鑰、影響範圍

憑證儲存: N/A
資料出站: Local only — Ghidra analysis stays on your machine

故障排查

常見錯誤與修復

Plugin not showing in Ghidra

Ensure you installed the extension ZIP via File → Install Extensions, then restarted Ghidra. Enable via File → Configure → Configure Plugins.

驗證: Search for 'GhidrAssistMCP' in the plugin configuration dialog
MCP client can't connect

Check the GhidrAssistMCP port in the plugin settings. Ensure no firewall blocks the connection.

驗證: Check the Ghidra console for MCP server startup messages
Decompilation fails for a function

Some functions (especially obfuscated ones) may fail to decompile. Try disassembly instead, or fix the function boundaries with define_func.

驗證: Use get_code as a fallback

替代方案

GhidrAssistMCP 對比其他方案

替代方案何時用它替代權衡
reverse-engineering-assistantYou want a tool-driven approach optimized for LLM interaction with focus on context managementFewer tools but designed to reduce LLM hallucinations
ida-pro-mcpYou prefer IDA Pro over Ghidra for binary analysisIDA Pro is commercial ($) but has broader format support and faster analysis

更多

資源

📖 閱讀 GitHub 上的官方 README

🐙 查看未解決的 issue

🔍 瀏覽全部 400+ MCP 伺服器和 Skills