ghidra-mcp
Ghidra MCP Server bridges Ghidra's reverse engineering engine with AI tools via the Model Context Protocol, exposing 256 tools for binary analysis, function documentation, dynamic debugging, and cross-binary matching. It runs in GUI, headless, or Docker modes and enforces naming/typing conventions automatically.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | bethington/ghidra-mcp |
| Owner | bethington |
| Primary language | Java |
| License | Apache-2.0 — OSI-approved |
| Stars | 2.7k |
| Forks | 55 |
| Open issues | 6 |
| Latest release | v5.14.2 (2026-06-27) |
| Last updated | 2026-07-06 |
| Source | https://github.com/bethington/ghidra-mcp |
What ghidra-mcp is
Java-based MCP server wrapping Ghidra 12.1.2, offering stateful binary analysis (decompilation, data flow, P-code emulation), live debugger integration (dbgeng/gdb/lldb via TraceRmi), batch operations, and SHA-256 function matching for cross-version documentation transfer. Supports Ghidra Server multi-user collaboration and CI/CD automation.
Get the ghidra-mcp source
Clone the repository and explore it locally.
git clone https://github.com/bethington/ghidra-mcp.gitcd ghidra-mcp# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Java 21 and Ghidra 12.1.2; confirm compatibility with your target environment. Docker deployment available but image maintenance responsibility unclear.
- MCP tool names are normalized for GitHub Copilot CLI (lowercase, hyphens, no special chars); nested paths become suffixed names (e.g., `/debugger/status` → `debugger_status_2`). Understand tool discovery before automation.
- Batch operations claim 93% API call reduction but no performance benchmarks provided; test against your binary size / function count to validate throughput expectations.
- Convention enforcement tiers (auto-fix/warn/reject) are opinionated; audit default rules against your codebase standards and tune via configuration.
- Live debugger integration spans 39 endpoints across dbgeng/gdb/lldb; test on your target OS+architecture to verify attachment, breakpoint, and register read reliability.
When to avoid it — and what to weigh
- Real-time Interactive Debugging Required — While live debugger integration exists, architecture is optimized for batch/AI workflows. Direct, rapid interactive debugging via GUI may be better served by Ghidra standalone.
- Proprietary/Closed Binary Format Support — Inherits Ghidra's binary format support (ELF, PE, Mach-O, etc.). Exotic or proprietary formats not in Ghidra's loader list cannot be analyzed.
- Small Projects with No Naming Convention Standardization — Convention enforcement (auto-fix, warn, reject tiers) adds friction if your team has no established naming standards or actively uses multiple styles. Disable via config if needed.
- Teams Requiring Strict RBAC or Air-Gapped Deployment — No fine-grained role-based access control documented. Ghidra Server integration exists but access model not detailed. Requires review for security-critical environments.
License & commercial use
Apache License 2.0 (Apache-2.0). Permissive OSI-approved license. Allows commercial use, modification, and distribution with attribution and liability disclaimer. No copyleft obligations.
Apache-2.0 permits commercial use without explicit permission. You may use, modify, and integrate into commercial products provided you retain license notices and disclaimers. No royalties or approval required. Recommend documenting third-party Apache-2.0 compliance in your distribution.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
No security audit, pen test, or vulnerability disclosure policy documented. Runs arbitrary Ghidra scripts and has live debugger access (requires trust boundary clarity). MCP tool names normalized to prevent Copilot CLI injection but input validation on binary paths, script content, and remote commands not detailed. Ghidra itself is stable, but MCP layer security posture requires review. No encryption, authentication, or RBAC visible. Use in isolated networks or behind authentication proxy for untrusted inputs.
Alternatives to consider
Ghidra Native API (Java/Python bindings)
Direct, scriptable access without MCP protocol overhead. Best for CLI/batch scripts. Lacks AI agent integration, convention enforcement, and debugger bridging.
IDA Pro with microcode engine + custom scripts
Closed-source commercial tool with GUI-first design and extensive plugin ecosystem. Better interactive debugging; less suited to headless AI workflows. Higher cost.
Radare2 + Rizin
Lightweight, open-source, shell-based reverse engineering. Fast on resource-constrained environments. No AI/MCP integration, no live debugger, steeper learning curve for teams used to Ghidra.
Build on ghidra-mcp with DEV.co software developers
Explore Ghidra MCP Server for AI-driven reverse engineering workflows. Review security posture, test debugger integration on your target OS, and evaluate convention enforcement rules for your team before production deployment.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ghidra-mcp FAQ
Can I run this without the Ghidra GUI?
Does it work with Ghidra Server for multi-user projects?
How many MCP tools are exposed?
Is this suitable for production reverse engineering?
Software development & web development with DEV.co
From first prototype to production, DEV.co delivers software development services around tools like ghidra-mcp. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across mcp servers and beyond.
Ready to Automate Binary Analysis?
Explore Ghidra MCP Server for AI-driven reverse engineering workflows. Review security posture, test debugger integration on your target OS, and evaluate convention enforcement rules for your team before production deployment.