Ghidra MCP Server

🔍 Ghidra MCP Server

This project lets you use Ghidra in headless mode to extract rich binary analysis data (functions, pseudocode, structs, enums, etc.) into a JSON file, and expose it to LLMs like Claude via Model Context Protocol (MCP).

It turns Ghidra into an interactive reverse-engineering backend.


🚀 Features

  • Decompiles a binary using Ghidra headless mode
  • Extracts:
    • Function pseudocode, names, parameters, variables, strings, comments
    • Data structures (structs), enums, and function definitions
  • Outputs to ghidra_context.json
  • MCP server exposes tools like:
    • list_functions(), get_pseudocode(name)
    • list_structures(), get_structure(name)
    • list_enums(), get_enum(name)
    • list_function_definitions(), get_function_definition(name)

⚙️ System Requirements

  • macOS (tested)
  • Python 3.10+
  • Ghidra 11.3.1+
  • Java 21 (Temurin preferred)
  • MCP client (e.g. Claude Desktop)
  • mcp CLI (install via pip install mcp)

🧪 Installation & Setup

✅ 1. Install Java 21 (REQUIRED by Ghidra 11.3.1)

brew install --cask temurin@21

Then set it:

export JAVA_HOME=$(/usr/libexec/java_home -v 21) echo 'export JAVA_HOME=$(/usr/libexec/java_home -v 21)' >> ~/.zshrc source ~/.zshrc

Check it:

java -version

Should say: openjdk version "21.0.x"...


✅ 2. Install Ghidra

Download and extract Ghidra 11.3.1


✅ 3. Set up the project

cd ghidra_mcp gcc -Wall crackme.c -o crackme

✅ 4. Install the server via MCP CLI

mcp install main.py

This registers the MCP server so Claude or other clients can access it.


✅ 5. Run in dev mode (for testing)

mcp dev main.py

This enables hot reload and developer logs.


🛰️ Tools Available

ToolDescription
setup_context(...)Run Ghidra on a binary
list_functions()All functions
get_pseudocode(name)Decompiled pseudocode
list_structures()All structs
get_structure(name)Details of a struct
list_enums()All enums
get_enum(name)Enum values
list_function_definitions()All function prototypes
get_function_definition()Return type & args

Sample Promot

Analyze the binary file located at using Ghidra installed at . First, set up the analysis context using both paths, then list all functions in the binary. Examine the main entry point function and provide a high-level overview of what the program does.

🧠 Common Issues & Fixes

❌ Ghidra fails with “unsupported Java version”

➡️ Fix: Install Java 21, not 17 or 24:

brew install --cask temurin@21 export JAVA_HOME=$(/usr/libexec/java_home -v 21)

spawn uv ENOENT (Claude Desktop can't find your UV binary)

➡️ Claude can't locate uv by name. To fix:

  1. Run in your terminal:
which uv

Example output:

/Users/yourname/.cargo/bin/uv
  1. Open your Claude Desktop config file:
open ~/Library/Application\ Support/Claude/claude_desktop_config.json
  1. Update it like so:
{ "mcpServers": { "ghidra": { "command": "/Users/yourname/.cargo/bin/uv", "args": [ "--directory", "/Users/yourname/Documents/ghidra_mcp", "run", "main.py" ] } } }
  1. Restart Claude Desktop. You should now see your custom MCP tools.

The operation couldn’t be completed. Unable to locate a Java Runtime.

➡️ Fix: Java not installed or JAVA_HOME is unset. Follow setup instructions above.


📂 Project Structure

FilePurpose
main.pyMCP server with tools
export_context.pyGhidra script that extracts JSON
crackme.cSample C binary
crackmeCompiled binary to test

👨‍💻 Author

Tomi Bamimore
Ghidra by the NSA
MCP by Anthropic

-
security - not tested
F
license - not found
-
quality - not tested

local-only server

The server can only run on the client's local machine because it depends on local resources.

Enables LLMs to perform binary analysis using Ghidra in headless mode, extracting functions, pseudocode, structs, and enums from binaries for interactive reverse-engineering.

  1. 🚀 Features
    1. ⚙️ System Requirements
      1. 🧪 Installation & Setup
        1. ✅ 1. Install Java 21 (REQUIRED by Ghidra 11.3.1)
        2. ✅ 2. Install Ghidra
        3. ✅ 3. Set up the project
        4. ✅ 4. Install the server via MCP CLI
        5. ✅ 5. Run in dev mode (for testing)
      2. 🛰️ Tools Available
        1. Sample Promot
          1. 🧠 Common Issues & Fixes
            1. ❌ Ghidra fails with “unsupported Java version”
            2. ❌ spawn uv ENOENT (Claude Desktop can't find your UV binary)
            3. ❌ The operation couldn’t be completed. Unable to locate a Java Runtime.
          2. 📂 Project Structure
            1. 👨‍💻 Author

              Related MCP Servers

              • -
                security
                F
                license
                -
                quality
                Allows LLM tools like Claude Desktop and Cursor AI to access and summarize code files through a Model Context Protocol server, providing structured access to codebase content without manual copying.
                Last updated -
                TypeScript
                • Linux
                • Apple
              • -
                security
                A
                license
                -
                quality
                An MCP server that allows LLMs to autonomously reverse engineer applications by exposing Ghidra functionality, enabling decompilation, analysis, and automatic renaming of methods and data.
                Last updated -
                4,290
                Apache 2.0
                • Apple
              • -
                security
                A
                license
                -
                quality
                A server that enables seamless integration of Binary Ninja's reverse engineering capabilities with LLM assistance, allowing AI tools like Claude to interact with binary analysis features in real-time.
                Last updated -
                20
                Python
                GPL 3.0
                • Apple
                • Linux
              • -
                security
                F
                license
                -
                quality
                A server that provides remote binary analysis capabilities through IDA Pro's headless mode, allowing users to manage and manipulate functions, variables, and other binary elements via the Multi-Client Protocol.
                Last updated -
                3
                Python

              View all related MCP servers

              ID: lerkk11psi