DEV.co
MCP Servers · bethington

ghidra-mcp

Ghidra MCP Server bridges Ghidra's reverse engineering engine with AI tools via the Model Context Protocol, exposing 256 tools for binary analysis, function documentation, dynamic debugging, and cross-binary matching. It runs in GUI, headless, or Docker modes and enforces naming/typing conventions automatically.

Source: GitHub — github.com/bethington/ghidra-mcp
2.7k
GitHub stars
55
Forks
Java
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorybethington/ghidra-mcp
Ownerbethington
Primary languageJava
LicenseApache-2.0 — OSI-approved
Stars2.7k
Forks55
Open issues6
Latest releasev5.14.2 (2026-06-27)
Last updated2026-07-06
Sourcehttps://github.com/bethington/ghidra-mcp

What ghidra-mcp is

Java-based MCP server wrapping Ghidra 12.1.2, offering stateful binary analysis (decompilation, data flow, P-code emulation), live debugger integration (dbgeng/gdb/lldb via TraceRmi), batch operations, and SHA-256 function matching for cross-version documentation transfer. Supports Ghidra Server multi-user collaboration and CI/CD automation.

Quickstart

Get the ghidra-mcp source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/bethington/ghidra-mcp.gitcd ghidra-mcp# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

AI-Assisted Reverse Engineering Workflows

Automate function documentation, data type discovery, and batch renaming across large binaries using AI agents with enforced naming conventions and completeness scoring.

Cross-Version Binary Analysis & Documentation Transfer

Use SHA-256 function hashing to propagate documentation and annotations across different versions of the same binary, eliminating redundant analysis.

Headless CI/CD Integration & Automated Vulnerability Analysis

Deploy in Docker for serverless binary triage, orphaned code discovery, and API hash resolution as part of security pipelines without GUI overhead.

Implementation considerations

  • Requires Java 21 and Ghidra 12.1.2; confirm compatibility with your target environment. Docker deployment available but image maintenance responsibility unclear.
  • MCP tool names are normalized for GitHub Copilot CLI (lowercase, hyphens, no special chars); nested paths become suffixed names (e.g., `/debugger/status` → `debugger_status_2`). Understand tool discovery before automation.
  • Batch operations claim 93% API call reduction but no performance benchmarks provided; test against your binary size / function count to validate throughput expectations.
  • Convention enforcement tiers (auto-fix/warn/reject) are opinionated; audit default rules against your codebase standards and tune via configuration.
  • Live debugger integration spans 39 endpoints across dbgeng/gdb/lldb; test on your target OS+architecture to verify attachment, breakpoint, and register read reliability.

When to avoid it — and what to weigh

  • Real-time Interactive Debugging Required — While live debugger integration exists, architecture is optimized for batch/AI workflows. Direct, rapid interactive debugging via GUI may be better served by Ghidra standalone.
  • Proprietary/Closed Binary Format Support — Inherits Ghidra's binary format support (ELF, PE, Mach-O, etc.). Exotic or proprietary formats not in Ghidra's loader list cannot be analyzed.
  • Small Projects with No Naming Convention Standardization — Convention enforcement (auto-fix, warn, reject tiers) adds friction if your team has no established naming standards or actively uses multiple styles. Disable via config if needed.
  • Teams Requiring Strict RBAC or Air-Gapped Deployment — No fine-grained role-based access control documented. Ghidra Server integration exists but access model not detailed. Requires review for security-critical environments.

License & commercial use

Apache License 2.0 (Apache-2.0). Permissive OSI-approved license. Allows commercial use, modification, and distribution with attribution and liability disclaimer. No copyleft obligations.

Apache-2.0 permits commercial use without explicit permission. You may use, modify, and integrate into commercial products provided you retain license notices and disclaimers. No royalties or approval required. Recommend documenting third-party Apache-2.0 compliance in your distribution.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

No security audit, pen test, or vulnerability disclosure policy documented. Runs arbitrary Ghidra scripts and has live debugger access (requires trust boundary clarity). MCP tool names normalized to prevent Copilot CLI injection but input validation on binary paths, script content, and remote commands not detailed. Ghidra itself is stable, but MCP layer security posture requires review. No encryption, authentication, or RBAC visible. Use in isolated networks or behind authentication proxy for untrusted inputs.

Alternatives to consider

Ghidra Native API (Java/Python bindings)

Direct, scriptable access without MCP protocol overhead. Best for CLI/batch scripts. Lacks AI agent integration, convention enforcement, and debugger bridging.

IDA Pro with microcode engine + custom scripts

Closed-source commercial tool with GUI-first design and extensive plugin ecosystem. Better interactive debugging; less suited to headless AI workflows. Higher cost.

Radare2 + Rizin

Lightweight, open-source, shell-based reverse engineering. Fast on resource-constrained environments. No AI/MCP integration, no live debugger, steeper learning curve for teams used to Ghidra.

Software development agency

Build on ghidra-mcp with DEV.co software developers

Explore Ghidra MCP Server for AI-driven reverse engineering workflows. Review security posture, test debugger integration on your target OS, and evaluate convention enforcement rules for your team before production deployment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ghidra-mcp FAQ

Can I run this without the Ghidra GUI?
Yes. Headless mode is fully supported and Docker-ready. Useful for CI/CD pipelines and automated batch analysis. GUI mode also available if interactive reverse engineering is needed.
Does it work with Ghidra Server for multi-user projects?
Yes. Full Ghidra Server integration is documented, including repository management, checkout/checkin workflows, and version control. Requires a running Ghidra Server and proper authentication.
How many MCP tools are exposed?
256 tools covering binary analysis, dynamic debugging, scripting, batch operations, and AI workflows. Tool names are normalized for MCP compatibility (lowercase, hyphens). Nested paths are suffixed to avoid collisions.
Is this suitable for production reverse engineering?
Project is labeled production-ready with atomic transactions and error handling. However, no security audit, SLA, or enterprise support is documented. Recommend testing thoroughly in your environment and using behind an authentication proxy for untrusted inputs.

Software development & web development with DEV.co

From first prototype to production, DEV.co delivers software development services around tools like ghidra-mcp. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across mcp servers and beyond.

Ready to Automate Binary Analysis?

Explore Ghidra MCP Server for AI-driven reverse engineering workflows. Review security posture, test debugger integration on your target OS, and evaluate convention enforcement rules for your team before production deployment.