bethington/ghidra-mcp: Production-grade Ghidra MCP Server — 132 endpoints, cross-binary documentation transfer, batch analysis, headless mode, and Docker deployment for AI-powered reverse engineering

If you found it useful, please ⭐ star the repo – it helps others find it!

A production-ready Model Context Protocol (MCP) server that combines Ghidra’s powerful reverse engineering capabilities with modern AI tools and automation frameworks.

• full mcp compatibility – Full implementation of the Model Context protocol
• 110 MCP tools available – Extensive API surface for binary analysis
• production ready reliability – Tested batch operations and atomic transactions
• real time analysis – Live integration with Ghidra’s analysis engine

• job analysis – Decompile, Call Graph, Cross-Reference
• data structure search – Automatic struct/union/enum creation
• string extraction – Comprehensive string analysis and classification
• import/export analysis – Symbol table and library dependency mapping
• memory mapping – Complete memory layout documentation
• Cross-Binary Documentation – function hash matching in binary versions

• automated development cycle – Complete build-test-deployment-verification pipeline
• Ghidra Script Management – Create, run and manage Ghidra scripts through MCP
• Multi-program support – Switch and compare between multiple open programs
• batch operation – Efficient bulk renaming, commenting and typing

• java 21 lts (OpenJDK recommended)
• Apache Maven 3.9+
• Ghidr 12.0.2 (or compatible version)
• Python 3.8+ with Pip

1. Clone the repository:

   git clone https://github.com/bethington/ghidra-mcp.git
   cd ghidra-mcp

2. Install Python dependencies:

   pip install -r requirements.txt

3. Copy Ghidra libraries (See Library Dependencies for a complete list):

   # Windows - run the provided batch script
   copy-ghidra-libs.bat "C:\path\to\ghidra_12.0.2_PUBLIC"
   
   # Linux/Mac - copy manually from your Ghidra installation
   # See Library Dependencies section below for all 14 required JARs

4. Create plugin:

   mvn clean package assembly:single -DskipTests

5. Deploy on Ghidra:

   # Windows (automated)
   .\deploy-to-ghidra.ps1
   
   # Or manually copy to Ghidra Extensions
   Copy-Item target\GhidraMCP-2.0.0.zip "C:\ghidra\Extensions\Ghidra\"

python bridge_mcp_ghidra.py

python bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081

1. Start Ghidra and load a binary
2. Go Tools > GhidraMCP > Start MCP Server
3. Server keeps running http://127.0.0.1:8080/ As a default

• mcp tools: 110 tools fully implemented
• pace: sub-second response for most operations
• Capacity: 93% reduction in API calls through batch operations
• reliability: atomic transactions with all or nothing semantics
• deployment:Automatic version-aware deployment script

• check_connection – Verify MCP connectivity
• get_metadata – Program metadata and information
• get_version – Server version information
• get_entry_points – binary entry point search

• list_functions – List all tasks (paged)
• search_functions_by_name – Search tasks by name/pattern
• search_functions_enhanced – Advanced search function with filters
• decompile_function – Decompile function in C pseudocode
• get_decompiled_code – Get the code decomposed by address
• get_function_callers – get function callers
• get_function_callees – GET FUNCTION CALLS
• get_function_call_graph – function relation graph
• get_full_call_graph – Full call graph for the program
• analyze_function_complete – Comprehensive job analysis
• analyze_function_completeness – Documentation Completeness Score

• list_segments – Memory segments and layout
• get_function_by_address – work at address
• disassemble_function – disassembly list
• disassemble_bytes – Raw Byte Disassembly
• get_xrefs_to – cross-reference to address
• get_xrefs_from – cross-reference by address
• get_bulk_xrefs – Bulk cross-reference lookup
• analyze_data_region – Analyze memory area structure
• inspect_memory_content – View raw memory content
• detect_array_bounds – find array boundaries

• get_function_hash – SHA-256 hash of normalized function opcode
• get_bulk_function_hashes – Paginated bulk hashing with filters
• get_function_documentation – Export complete function documentation
• apply_function_documentation – Import document to target function
• build_function_hash_index – Create persistent JSON index
• lookup_function_by_hash – Find matching tasks in the index
• propagate_documentation – Apply document to all matching instances

• list_data_types – Available data types
• search_data_types – Find data types
• create_struct – Create custom structure
• add_struct_field – add fields to the structure
• modify_struct_field – Modify existing fields
• remove_struct_field – remove field from structure
• create_enum – Create calculation
• get_enum_values – get the calculated value
• create_array_type – create array data type
• apply_data_type – apply type to address
• delete_data_type – Delete a data type
• consolidate_duplicate_types – Merge duplicate types
• get_valid_data_types – Get list of valid Ghidra types

• list_imports – Imported symbols and libraries
• list_exports – Exported icons and functions
• list_external_locations – external space reference
• list_strings – extracted strings with analysis
• list_namespaces – available namespaces
• list_globals – global variables
• create_label – Create address labels
• batch_create_labels – bulk label manufacturing
• delete_label – Remove label on address
• batch_delete_labels – bulk label removal
• rename_label – Rename existing label
• rename_or_label – Rename or create a label

• rename_function – Rename function by name
• rename_function_by_address – Change function name based on address
• rename_data – Rename data item
• rename_variables – Rename function variable
• rename_global_variable – rename global variables
• rename_external_location – Rename external reference
• batch_rename_function_components – Changing name in bulk
• set_decompiler_comment – set decompiler comments
• set_disassembly_comment – set disassembly comment
• set_plate_comment – Set function plate comment
• get_plate_comment – Get function plate comment
• batch_set_comments – Bulk comment settings

• set_function_prototype – set function signature
• set_local_variable_type – set variable type
• set_parameter_type – set parameter type
• batch_set_variable_types – bulk type setting
• set_variable_storage – Control variable storage space
• set_function_no_return – mark the function as non-returning
• list_calling_conventions – Available calling conventions
• get_function_variables – get all function variables
• get_function_labels – get label in function

• list_scripts – List available scripts
• run_script – run a script
• list_ghidra_scripts – List custom Ghidra scripts
• save_ghidra_script – Save new script
• get_ghidra_script – Get script content
• run_ghidra_script – execute ghidra script
• update_ghidra_script – Update existing script
• delete_ghidra_script – delete script

• list_open_programs – List all open programs
• get_current_program_info – Current program details
• switch_program – Switch active programs
• list_project_files – List project files
• open_program – Open the program from the project
• compare_programs_documentation – Compare documentation between programs

• find_next_undefined_function – find undefined function
• find_undocumented_by_string – Find functions by string reference
• batch_string_anchor_report – string anchor analysis
• search_byte_patterns – Find byte patterns
• get_assembly_context – get assembly reference
• analyze_struct_field_usage – Analyze structure field access
• get_field_access_context – Get field access pattern
• create_function – create function on address
• get_function_jump_target_addresses – achieve the jump target

See docs/README.md for complete documentation.

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   AI/Automation │◄──►│   MCP Bridge    │◄──►│  Ghidra Plugin  │
│     Tools       │    │ (bridge_mcp_    │    │ (GhidraMCP.jar) │
│  (Claude, etc.) │    │  ghidra.py)     │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘
        │                       │                       │
   MCP Protocol            HTTP REST              Ghidra API
   (stdio/SSE)          (localhost:8080)      (Program, Listing)

• bridge_mcp_ghidra.py – Python MCP server that translates the MCP protocol into HTTP calls
• GhidraMCP.jar – Ghidra plugin that exposes analytics capabilities via HTTP
• ghidra_scripts/ – Collection of 70+ automation scripts for common tasks

# Build the plugin (skip integration tests)
mvn clean package assembly:single -DskipTests

# Deploy to Ghidra
.\deploy-to-ghidra.ps1

ghidra-mcp/
├── bridge_mcp_ghidra.py     # MCP server (Python)
├── src/main/java/           # Ghidra plugin (Java)
├── lib/                     # Ghidra library dependencies
├── ghidra_scripts/          # 70+ automation scripts
├── docs/                    # Documentation
│   ├── prompts/            # AI workflow prompts
│   ├── releases/           # Version release notes
│   └── project-management/ # Project docs
├── examples/                # Example usage
└── scripts/                 # Build/utility scripts

lib/ The folder must contain Ghidra JAR files for compilation. Run the following script to copy them from your Ghidra installation:

# Windows
copy-ghidra-libs.bat "C:\path\to\ghidra_12.0.2_PUBLIC"

# Or manually copy from your Ghidra installation

Required libraries (14 JAR, ~37MB):

Comment: Not included in the library repository (see). .gitignore). You will need to copy them from your Ghidra installation before building.

• automated deployment:version-aware deployment script
• batch operation: Reduces API calls by up to 93%
• nuclear transaction: all or nothing semantics
• mass logging:Debug and trace capabilities

See CONTRIBUTING.md for detailed contribution guidelines.

1. fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Build and test your changes (mvn clean package assembly:single -DskipTests)
4. Update documents as needed
5. Commit your changes (git commit -m 'Add amazing feature')
6. push the branch (git push origin feature/amazing-feature)
7. open a pull request

This project is licensed under the Apache License 2.0 – see the license file for details.

See CHANGELOG.md for version history and release notes.

• Ghidra Team – For incredible reverse engineering platforms
• Model Reference Protocol – For standardized AI integration framework
• Contributors – To test, feedback and improve

• Re-Universe – Ghidra Bsim PostgreSQL platform for large-scale binary similarity analysis. Perfectly integrates with GhidraMCP for AI-powered reverse engineering workflows.
• cheat-engine-server-python – MCP server for dynamic memory analysis and debugging.

Ready for production deployment with enterprise-grade reliability and comprehensive binary analysis capabilities.