Hacker News

Show HN: Ghidra MCP Server – 110 tools for AI-assisted reverse engineering

2026-02-046:5129868github.com

Production-grade Ghidra MCP Server — 132 endpoints, cross-binary documentation transfer, batch analysis, headless mode, and Docker deployment for AI-powered reverse engineering - bethington/ghidra-mcp

License Java Version Ghidra Version Version

If you find this useful, please ⭐ star the repo — it helps others discover it!

A production-ready Model Context Protocol (MCP) server that bridges Ghidra's powerful reverse engineering capabilities with modern AI tools and automation frameworks.

  • Full MCP Compatibility - Complete implementation of Model Context Protocol
  • 110 MCP Tools Available - Comprehensive API surface for binary analysis
  • Production-Ready Reliability - Tested batch operations and atomic transactions
  • Real-time Analysis - Live integration with Ghidra's analysis engine
  • Function Analysis - Decompilation, call graphs, cross-references
  • Data Structure Discovery - Automatic struct/union/enum creation
  • String Extraction - Comprehensive string analysis and categorization
  • Import/Export Analysis - Symbol table and library dependency mapping
  • Memory Mapping - Complete memory layout documentation
  • Cross-Binary Documentation - Function hash matching across binary versions
  • Automated Development Cycle - Complete build-test-deploy-verify pipeline
  • Ghidra Script Management - Create, run, and manage Ghidra scripts via MCP
  • Multi-Program Support - Switch between and compare multiple open programs
  • Batch Operations - Efficient bulk renaming, commenting, and typing
  • Java 21 LTS (OpenJDK recommended)
  • Apache Maven 3.9+
  • Ghidra 12.0.2 (or compatible version)
  • Python 3.8+ with pip

  1. Clone the repository:

    git clone https://github.com/bethington/ghidra-mcp.git
cd ghidra-mcp

  2. Install Python dependencies:

    pip install -r requirements.txt

  3. Copy Ghidra libraries (see Library Dependencies for full list):

    # Windows - run the provided batch script
copy-ghidra-libs.bat "C:\path\to\ghidra_12.0.2_PUBLIC" # Linux/Mac - copy manually from your Ghidra installation
# See Library Dependencies section below for all 14 required JARs

  4. Build the plugin:

    mvn clean package assembly:single -DskipTests

  5. Deploy to Ghidra:

    # Windows (automated)
.\deploy-to-ghidra.ps1 # Or manually copy to Ghidra Extensions
Copy-Item target\GhidraMCP-2.0.0.zip "C:\ghidra\Extensions\Ghidra\"
python bridge_mcp_ghidra.py
python bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081
  1. Start Ghidra and load a binary
  2. Go to Tools > GhidraMCP > Start MCP Server
  3. The server runs on http://127.0.0.1:8080/ by default
  • MCP Tools: 110 tools fully implemented
  • Speed: Sub-second response for most operations
  • Efficiency: 93% reduction in API calls via batch operations
  • Reliability: Atomic transactions with all-or-nothing semantics
  • Deployment: Automated version-aware deployment script
  • check_connection - Verify MCP connectivity
  • get_metadata - Program metadata and info
  • get_version - Server version information
  • get_entry_points - Binary entry points discovery
  • list_functions - List all functions (paginated)
  • search_functions_by_name - Search functions by name/pattern
  • search_functions_enhanced - Advanced function search with filters
  • decompile_function - Decompile function to C pseudocode
  • get_decompiled_code - Get decompiled code by address
  • get_function_callers - Get function callers
  • get_function_callees - Get function callees
  • get_function_call_graph - Function relationship graph
  • get_full_call_graph - Complete call graph for program
  • analyze_function_complete - Comprehensive function analysis
  • analyze_function_completeness - Documentation completeness score
  • list_segments - Memory segments and layout
  • get_function_by_address - Function at address
  • disassemble_function - Disassembly listing
  • disassemble_bytes - Raw byte disassembly
  • get_xrefs_to - Cross-references to address
  • get_xrefs_from - Cross-references from address
  • get_bulk_xrefs - Bulk cross-reference lookup
  • analyze_data_region - Analyze memory region structure
  • inspect_memory_content - View raw memory content
  • detect_array_bounds - Detect array boundaries
  • get_function_hash - SHA-256 hash of normalized function opcodes
  • get_bulk_function_hashes - Paginated bulk hashing with filter
  • get_function_documentation - Export complete function documentation
  • apply_function_documentation - Import documentation to target function
  • build_function_hash_index - Build persistent JSON index
  • lookup_function_by_hash - Find matching functions in index
  • propagate_documentation - Apply docs to all matching instances
  • list_data_types - Available data types
  • search_data_types - Search for data types
  • create_struct - Create custom structure
  • add_struct_field - Add field to structure
  • modify_struct_field - Modify existing field
  • remove_struct_field - Remove field from structure
  • create_enum - Create enumeration
  • get_enum_values - Get enumeration values
  • create_array_type - Create array data type
  • apply_data_type - Apply type to address
  • delete_data_type - Delete a data type
  • consolidate_duplicate_types - Merge duplicate types
  • get_valid_data_types - Get list of valid Ghidra types
  • list_imports - Imported symbols and libraries
  • list_exports - Exported symbols and functions
  • list_external_locations - External location references
  • list_strings - Extracted strings with analysis
  • list_namespaces - Available namespaces
  • list_globals - Global variables
  • create_label - Create label at address
  • batch_create_labels - Bulk label creation
  • delete_label - Delete label at address
  • batch_delete_labels - Bulk label deletion
  • rename_label - Rename existing label
  • rename_or_label - Rename or create label
  • rename_function - Rename function by name
  • rename_function_by_address - Rename function by address
  • rename_data - Rename data item
  • rename_variables - Rename function variables
  • rename_global_variable - Rename global variable
  • rename_external_location - Rename external reference
  • batch_rename_function_components - Bulk renaming
  • set_decompiler_comment - Set decompiler comment
  • set_disassembly_comment - Set disassembly comment
  • set_plate_comment - Set function plate comment
  • get_plate_comment - Get function plate comment
  • batch_set_comments - Bulk comment setting
  • set_function_prototype - Set function signature
  • set_local_variable_type - Set variable type
  • set_parameter_type - Set parameter type
  • batch_set_variable_types - Bulk type setting
  • set_variable_storage - Control variable storage location
  • set_function_no_return - Mark function as non-returning
  • list_calling_conventions - Available calling conventions
  • get_function_variables - Get all function variables
  • get_function_labels - Get labels in function
  • list_scripts - List available scripts
  • run_script - Run a script
  • list_ghidra_scripts - List custom Ghidra scripts
  • save_ghidra_script - Save new script
  • get_ghidra_script - Get script contents
  • run_ghidra_script - Execute Ghidra script
  • update_ghidra_script - Update existing script
  • delete_ghidra_script - Delete script
  • list_open_programs - List all open programs
  • get_current_program_info - Current program details
  • switch_program - Switch active program
  • list_project_files - List project files
  • open_program - Open program from project
  • compare_programs_documentation - Compare documentation between programs
  • find_next_undefined_function - Find undefined functions
  • find_undocumented_by_string - Find functions by string reference
  • batch_string_anchor_report - String anchor analysis
  • search_byte_patterns - Search for byte patterns
  • get_assembly_context - Get assembly context
  • analyze_struct_field_usage - Analyze structure field access
  • get_field_access_context - Get field access patterns
  • create_function - Create function at address
  • get_function_jump_target_addresses - Get jump targets

See docs/README.md for complete documentation.

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   AI/Automation │◄──►│   MCP Bridge    │◄──►│  Ghidra Plugin  │
│     Tools       │    │ (bridge_mcp_    │    │ (GhidraMCP.jar) │
│  (Claude, etc.) │    │  ghidra.py)     │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘
        │                       │                       │
   MCP Protocol            HTTP REST              Ghidra API
   (stdio/SSE)          (localhost:8080)      (Program, Listing)
  • bridge_mcp_ghidra.py - Python MCP server that translates MCP protocol to HTTP calls
  • GhidraMCP.jar - Ghidra plugin that exposes analysis capabilities via HTTP
  • ghidra_scripts/ - Collection of 70+ automation scripts for common tasks
# Build the plugin (skip integration tests)
mvn clean package assembly:single -DskipTests # Deploy to Ghidra
.\deploy-to-ghidra.ps1
ghidra-mcp/
├── bridge_mcp_ghidra.py     # MCP server (Python)
├── src/main/java/           # Ghidra plugin (Java)
├── lib/                     # Ghidra library dependencies
├── ghidra_scripts/          # 70+ automation scripts
├── docs/                    # Documentation
│   ├── prompts/            # AI workflow prompts
│   ├── releases/           # Version release notes
│   └── project-management/ # Project docs
├── examples/                # Example usage
└── scripts/                 # Build/utility scripts

The lib/ folder must contain Ghidra JAR files for compilation. Run the provided script to copy them from your Ghidra installation:

# Windows
copy-ghidra-libs.bat "C:\path\to\ghidra_12.0.2_PUBLIC" # Or manually copy from your Ghidra installation

Required Libraries (14 JARs, ~37MB):

Library Source Path Purpose
Base.jar Features/Base/lib/ Core Ghidra functionality
Decompiler.jar Features/Decompiler/lib/ Decompilation engine
PDB.jar Features/PDB/lib/ Microsoft PDB symbol support
FunctionID.jar Features/FunctionID/lib/ Function identification
SoftwareModeling.jar Framework/SoftwareModeling/lib/ Program model API
Project.jar Framework/Project/lib/ Project management
Docking.jar Framework/Docking/lib/ UI docking framework
Generic.jar Framework/Generic/lib/ Generic utilities
Utility.jar Framework/Utility/lib/ Core utilities
Gui.jar Framework/Gui/lib/ GUI components
FileSystem.jar Framework/FileSystem/lib/ File system support
Graph.jar Framework/Graph/lib/ Graph/call graph analysis
DB.jar Framework/DB/lib/ Database operations
Emulation.jar Framework/Emulation/lib/ P-code emulation

Note: Libraries are NOT included in the repository (see .gitignore). You must copy them from your Ghidra installation before building.

  • Automated Deployment: Version-aware deployment script
  • Batch Operations: Reduces API calls by 93%
  • Atomic Transactions: All-or-nothing semantics
  • Comprehensive Logging: Debug and trace capabilities

See CONTRIBUTING.md for detailed contribution guidelines.

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Build and test your changes (mvn clean package assembly:single -DskipTests)
  4. Update documentation as needed
  5. Commit your changes (git commit -m 'Add amazing feature')
  6. Push to the branch (git push origin feature/amazing-feature)
  7. Open a Pull Request

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Metric Value
Version 2.0.0
MCP Tools 110 fully implemented
Compilation ✅ 100% success
Batch Efficiency 93% API call reduction
Ghidra Scripts 70+ automation scripts
Documentation Comprehensive with AI prompts

See CHANGELOG.md for version history and release notes.

  • Ghidra Team - For the incredible reverse engineering platform
  • Model Context Protocol - For the standardized AI integration framework
  • Contributors - For testing, feedback, and improvements
  • re-universe — Ghidra BSim PostgreSQL platform for large-scale binary similarity analysis. Pairs perfectly with GhidraMCP for AI-driven reverse engineering workflows.
  • cheat-engine-server-python — MCP server for dynamic memory analysis and debugging.

Ready for production deployment with enterprise-grade reliability and comprehensive binary analysis capabilities.


Read the original article

xerzes

Karma: 129
...
 @Hacker__News
@hacker._news

Comments

  • By xerzes 2026-02-046:525 reply

    Hi HN,

    I built this because reverse engineering software across multiple versions is painful. You spend hours annotating functions in version 1.07, then version 1.08 drops and every address has shifted — all your work invisible.

    The core idea is a normalized function hashing system. It hashes functions by their logical structure — mnemonics, operand categories, control flow — not raw bytes or absolute addresses. When a binary is recompiled or rebased, the same function produces the same hash. All your documentation (names, types, comments) transfers automatically.

    Beyond that, it's a full MCP bridge with 110 tools for Ghidra: decompilation, disassembly, cross-referencing, annotation, batch analysis, and headless/Docker deployment. It integrates with Claude, Claude Code, or any MCP-compliant client.

    For context, the most popular Ghidra MCP server (LaurieWired's, 7K+ stars) has about 15 tools. This started as a fork of that project but grew into 28,600 lines of substantially different code.

    Architecture:

      Java Ghidra Plugin (22K LOC) → embeds HTTP server inside Ghidra
  Python MCP Bridge (6.5K LOC) → 110 tools with batch optimization
  Any MCP client → Claude, scripts, CI pipelines
    I validated the hashing against Diablo II — dozens of patch versions, each rebuilding DLLs at different base addresses. The hash registry holds 154K+ entries, and I can propagate 1,300+ function annotations from one version to the next automatically.

    The headless mode runs in Docker (docker compose up) for batch processing and CI integration — no GUI required.

    v2.0.0 adds localhost-only binding (security), configurable timeouts, label deletion tools, and .env-based configuration.

    Happy to discuss the hashing approach, MCP protocol design decisions, or how this fits into modern RE workflows.

    • By Retr0id 2026-02-0412:373 reply

      What does your function-hashing system offer over ghidra's built in FunctionID, or the bindiff plugin[0]?

      [0] https://github.com/google/bindiff

      • By chc4 2026-02-0413:35

        Or better yet, the built-in Version Tracker, which is designed for porting markup to newer versions of binaries with several different heuristic tools for correlating functions that are the same due to e.g. the same data or function xrefs, and not purely off of identical function hashes...

        Going off of only FunctionID will either have a lot of false positives or false negatives, depending on if you compute them masking out operands or not. If you mask out operands, then it says that "*param_1 = 4" and "*param_1 = 123" are the same hash. If you don't mask out operands, then it says that nearly all functions are different because your call displacements have shifted due to different code layout. That's why the built-in Version Tracker tool uses hashes for only one of the heuristics, and has other correlation heuristics to apply as well in addition.

      • By sintax 2026-02-0420:29

      • By cgfjtynzdrfht 2026-02-0422:14

        [dead]

    • By babas 2026-02-0410:051 reply

      How does this compare to ReVa? https://github.com/cyberkaida/reverse-engineering-assistant

      I think your installation instructions are incomplete. I followed the instructions and installed via file -> install in the project view. Restarted. But GhidraMCP is not visible in Tools after opening a binary.

      • By skerit 2026-02-0410:51

        I've been using ReVa for a long time (even upstreamed some changes to it) and it works great.

    • By bobbycrocodilo 2026-02-0419:011 reply

      How does it compare to other Ghidra MCP servers?

      - pyghidra-mcp - ReVa - GhidrAssistMCP - GhydraMCP - etc...

      • By xerzes 2026-02-1120:07

        Author here. Great question — the MCP landscape for Ghidra has exploded lately. Here's my take:

        *LaurieWired's GhidraMCP* (the one I contribute to): Most complete toolset — 110+ MCP tools, 130+ REST endpoints. Active development, Ghidra 11.3-12.0.2 support, localhost-only binding for security. Best for interactive RE sessions with Claude/GPT where you want maximum capability.

        *pyghidra-mcp*: Runs headless via pyghidra. Great for batch processing or CI pipelines, but you lose the GUI workflow.

        *ReVa*: More of an autonomous agent approach — it tries to do RE for you rather than with you. Different philosophy, interesting for automated triage.

        *GhidrAssist*: Focuses on the Ghidra plugin side, less on MCP integration.

        If you want the most tools and active maintenance for interactive AI-assisted RE, LaurieWired's is what I'd recommend. I've been using it for multi-version game RE (Diablo 2, GTA) and it handles the "analyze v1.07, port annotations to v1.08" workflow really well.

    • By gcormier 2026-02-0418:13

      Was hoping to kick the tires but seem to be spinning my wheels trying to get Ghidra to see the plugin. Is GH Discussions your preferred means of communications?

    • By nunobrito 2026-02-049:14

      Thank you for sharing, will soon try out. Does it support decompilation of android binaries?

  • By carl_dr 2026-02-0413:543 reply

    I used a different Ghidra MCP server (LaurieWired's) to, umm, liberate some software recently. I can’t express how fun straightforward it was to analyze the binary and generate a keygen.

    I learnt a ton in the progress. I highly recommend others do the same, it’s a really fun way of spending an evening.

    I will certainly be giving this MCP server a go.

    • By reactordev 2026-02-0414:42

      I have some old software I wrote that calls home to a server that no longer exists to do a cert check that would never pass in order to install it. I tried writing my own Ghidra tool, skill, agent, MCP and still can’t seem to figure it out. I’m positive it’s a “human skill” issue but man… ironic that this pops up the week after I gave up trying.

    • By jrwr 2026-02-1015:33

      I've got a old dead multiplayer only game I would love to try and get a basic server online for again.... ( Wulfram II will always be missed )

    • By greenavocado 2026-02-0417:321 reply

      This branch is 110 commits ahead of LaurieWired/GhidraMCP:main.

  • By stared 2026-02-049:441 reply

    Interesting to see Ghidra here!

    A friend from work just used it (with Claude) to hack River Ride game (https://quesma.com/blog/ghidra-mcp-unlimited-lives/).

    Inspired by the, I have it a try as well. While I have no prior experience with reverse engineering, I ported an old game from PowerPC to Apple Silicon.

    First, including a few MCPs with Claude Code (including LaurieWired/GhidraMCP you forked from, and https://github.com/jtang613/GhidrAssistMCP). Yet, the agent fabricated as lot of code, instead for translating it from source.

    I ended up using headless mode directly in Cursor + GPT 5.2 Codex. The results were the best.

    Once I get some time, will share a write-up.

    • By s-macke 2026-02-0410:441 reply

      I’ve also been playing around with reverse engineering, and I’m very impressed. It turns out that Codex with GPT-5.2 is better at reverse engineering than Claude.

      For example, Codex can completely reverse-engineer this 1,300-line example [0] of a so-called C64-SID file within 30 minutes, without any human interaction.

      I am working on a multi-agent system that can completely reverse-engineer C64 games. Old MS-DOS games are still too massive to analyze for my budget limit.

      [0] https://gist.github.com/s-macke/595982d46d6699b69e1f0e051e7b...

      • By skerit 2026-02-0410:53

        Oh, interesting. I started using the ReVa/Ghidra MCP server together with Claude since day 1 (Well, since Claude Sonnet 4.0 was released) and I saw Claude get better at it with every update. I've gotten pretty far in reverse engineering a game from the early 2000s (though I still have to do a lot of things manually, but this then also taught me A TON about Ghidra)

        I'm very interested in trying out Codex now.

HackerNews

About