Delv
CommunityActive· 13d4.3by 13bm

GhidraMCP

Exposes 70 Ghidra reverse engineering tools to AI assistants for binary analysis, decompilation, and symbol manipulation.

View repo
D
Safety & Trust

Delv Safety Grade: D

Score 42/100 · assessed 2026-04-28

Maintainer35
Permissions25
Supply chain30
Transparency55
Incidents100

GhidraMCP is a community-maintained MCP server exposing 70 Ghidra reverse engineering tools through AI assistants. The maintainer '13bm' appears to be a solo developer with limited public profile, creating significant bus factor risk. The server grants extremely broad permissions including arbitrary code execution through Ghidra's scripting engine, filesystem access to binaries, and the ability to manipulate executable code and symbols. Distribution via Ghidra's extension UI rather than standard package managers makes verification difficult. Whilst the repository is open source, the combination of powerful reverse engineering capabilities with a single maintainer and non-standard distribution creates substantial supply chain concerns. The tool is legitimate for security research but requires careful vetting before deployment in production environments.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound

Reverse engineering of local binaries; sensitive but local-only by default.

Green flags

  • Open source repository allows code inspection
  • Legitimate use case for security research and reverse engineering
  • Integrates with established Ghidra platform
  • No known security incidents to date

Red flags

  • Solo maintainer '13bm' with limited public track record
  • Grants arbitrary code execution via Ghidra scripting engine
  • Non-standard distribution through Ghidra Extensions UI only
  • Broad filesystem access to analyse and modify binaries
  • No package registry verification or signed releases

Permissions requested

Read filesWrite filesShell executeOutbound network
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

Install via Ghidra Extensions UI

Review

GhidraMCP bridges Ghidra's reverse engineering toolkit with Claude and other AI assistants, exposing 70 native functions for binary analysis. You get decompilation, symbol manipulation, cross-reference tracking, and scripting automation without leaving your chat interface. It's a proper integration, not a wrapper that shells out commands. I'd reach for this when triaging malware samples or working through CTF binaries where you want to iterate quickly. Ask Claude to decompile a function, rename symbols based on context, or trace data flow across a binary. The assistant can chain Ghidra operations together in ways that would normally require writing headless scripts. During a recent CTF, I used it to automate symbol renaming across a stripped ELF binary by describing patterns in plain English. Claude called the right Ghidra functions, and I reviewed the changes in the GUI. The quirks are real. You need Ghidra installed and configured first, which means Java dependencies and a non-trivial setup if you're new to the tool. The MCP server runs as a Ghidra extension, so it's tightly coupled to Ghidra's lifecycle. If Ghidra crashes, the server goes with it. Documentation assumes you already know Ghidra's terminology. If you don't know what a ProgramDB or a HighFunction is, you'll spend time learning Ghidra itself before this becomes useful. Performance depends on binary size. Large firmware images or packed executables can make operations sluggish, and the AI assistant won't always know when to batch requests efficiently. You'll occasionally hit timeouts on complex decompilations. This is for people who already live in Ghidra and want to augment their workflow with AI assistance. If you're a security researcher doing regular binary analysis, it's worth the setup friction. If you reverse binaries once a quarter or prefer other tools like Binary Ninja, the overhead isn't justified. Hobbyists doing CTFs will find it useful once past the initial hurdles, but expect to read Ghidra docs alongside MCP docs.
Verdict

Install if you're a regular Ghidra user doing malware analysis or security research. The AI-assisted workflow genuinely speeds up repetitive symbol manipulation and exploratory analysis. Skip if you're new to reverse engineering or only touch binaries occasionally, the learning curve for both Ghidra and this MCP isn't worth it for casual use.

Good at

  • Exposes 70 Ghidra functions directly to AI assistants, enabling complex binary analysis workflows without writing Python scripts.
  • Chains operations naturally through conversation, like renaming symbols based on decompiled context or tracing cross-references across modules.
  • Runs as a native Ghidra extension, so it has full access to the program database and analysis state.
  • Useful for CTF workflows where you need to iterate quickly on symbol identification and control flow analysis.

Watch out

  • Requires Ghidra installed and configured first, which adds Java dependencies and setup complexity for newcomers.
  • Tightly coupled to Ghidra's lifecycle, if the GUI crashes or closes, the MCP server stops responding.
  • Documentation assumes familiarity with Ghidra's API and terminology, making it harder to learn both tools simultaneously.
  • Performance degrades with large binaries or complex decompilations, and the AI doesn't always batch requests efficiently.

Use cases

  • malware analysis
  • binary reversing
  • security research
  • CTF workflows

Getting started

1. Install Ghidra from NSA's official site and ensure it launches successfully with a Java runtime. 2. Open Ghidra, navigate to File > Install Extensions, locate the GhidraMCP extension file from the repo releases, and install it. 3. Restart Ghidra, then add the MCP server config to your Claude Desktop or Cursor settings pointing to Ghidra's extension socket. 4. Open a binary project in Ghidra, then ask Claude to list available functions or decompile a specific address to verify the connection works. 5. Watch out for Ghidra's headless mode requirements. If the GUI isn't running, the MCP server won't respond.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs