A better Ghidra MCP server – GhidrAssistMCP

GhidrAssistMCP A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API. Overview GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra's comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows external AI assistants, automated analysis tools, and custom scripts to seamlessly interact with Ghidra's analysis capabilities. Key Features ** MCP Server Integration**: Full Model Context Protocol server implementation using official SDK ** 31 Built-in Tools**: Comprehensive set of analysis tools covering functions, data, cross-references, and more ** Configurable UI**: Easy-to-use interface for managing tools and monitoring activity ** Real-time Logging**: Track all MCP requests and responses with detailed logging ** Dynamic Tool Management**: Enable/disable tools individually with persistent settings ** Current Context Awareness**: Tools that understand Ghidra's current cursor position and active function Screenshots Installation Prerequisites Ghidra 11.4+ (tested with Ghidra 11.4 Public) (tested with Ghidra 11.4 Public) An MCP Client (Like GhidrAssist) Binary Release (Recommended) Download the latest release: Go to the Releases page Download the latest .zip file (e.g., GhidrAssistMCP-v1.0.0.zip ) Install the extension: In Ghidra: File → Install Extensions → Add Extension Select the downloaded ZIP file Restart Ghidra when prompted Enable the plugin: File → Configure → Configure Plugins Search for "GhidrAssistMCP" Check the box to enable the plugin Building from Source Clone the repository: git clone < repository-url > cd GhidrAssistMCP Set Ghidra installation path: export GHIDRA_INSTALL_DIR=/path/to/your/ghidra/installation Build the extension: gradle buildExtension Install the extension: Copy the generated ZIP file from dist/ directory directory In Ghidra: File → Install Extensions → Add Extension Select the ZIP file and restart Ghidra Enable the plugin: File → Configure → Configure Plugins Search for "GhidrAssistMCP" Check the box to enable the plugin Configuration Initial Setup Open the Control Panel: Window → GhidrAssistMCP (or use the toolbar icon) Configure Server Settings: Host : Default is localhost : Default is Port : Default is 8080 : Default is Enable/Disable: Toggle the MCP server on/off Tool Management The Configuration tab allows you to: View all available tools (29 total) (29 total) Enable/disable individual tools using checkboxes using checkboxes Save configuration to persist across sessions to persist across sessions Monitor tool status in real-time Available Tools Program Analysis get_program_info - Get basic program information - Get basic program information list_functions - List all functions in the program - List all functions in the program list_data - List data definitions - List data definitions list_strings - List string references - List string references list_imports - List imported functions - List imported functions list_exports - List exported functions - List exported functions list_segments - List memory segments - List memory segments list_namespaces - List namespaces - List namespaces list_classes - List class definitions - List class definitions list_methods - List method definitions Function Analysis get_function_info - Get detailed function information - Get detailed function information get_class_info - Get detailed class information - Get detailed class information get_function_by_address - Find function at specific address - Find function at specific address get_current_function - Get function at cursor position - Get function at cursor position decompile_function - Decompile function to C-like code - Decompile function to C-like code disassemble_function - Get assembly disassembly - Get assembly disassembly search_functions - Search functions by name pattern - Search functions by name pattern search_classes - Search classes by name pattern - Search classes by name pattern function_xrefs - Get function cross-references Location & Navigation get_current_address - Get current cursor address - Get current cursor address xrefs_to - Find references to an address - Find references to an address xrefs_from - Find references from an address Modification Tools rename_function - Rename functions - Rename functions rename_function_by_address - Rename function at specific address - Rename function at specific address rename_variable - Rename variables - Rename variables rename_data - Rename data definitions - Rename data definitions set_function_prototype - Set function signatures - Set function signatures set_local_variable_type - Set variable data types - Set variable data types set_disassembly_comment - Add disassembly comments - Add disassembly comments set_decompiler_comment - Add decompiler comments Advanced Analysis auto_create_struct - Automatically create structures from variable usage patterns Usage Examples Basic Program Information { "method" : " tools/call " , "params" : { "name" : " get_program_info " } } Function Analysis { "method" : " tools/call " , "params" : { "name" : " get_function_info " , "arguments" : { "function_name" : " main " } } } Decompilation { "method" : " tools/call " , "params" : { "name" : " decompile_function " , "arguments" : { "function_name" : " encrypt_data " } } } Structure Creation { "method" : " tools/call " , "params" : { "name" : " auto_create_struct " , "arguments" : { "function_identifier" : " 0x00401000 " , "variable_name" : " ctx " } } } Setting Function Prototype { "method" : " tools/call " , "params" : { "name" : " set_function_prototype " , "arguments" : { "function_address" : " 0x00401000 " , "prototype" : " int main(int argc, char** argv) " } } } Architecture Core Components GhidrAssistMCP/ ├── GhidrAssistMCPPlugin # Main plugin entry point ├── GhidrAssistMCPServer # HTTP/SSE MCP server ├── GhidrAssistMCPBackend # Tool management and execution ├── GhidrAssistMCPProvider # UI component provider └── tools/ # Individual MCP tools ├── Analysis Tools/ ├── Modification Tools/ └── Navigation Tools/ MCP Protocol Implementation Transport : HTTP with Server-Sent Events (SSE) : HTTP with Server-Sent Events (SSE) Endpoints : GET /sse - SSE connection for bidirectional communication POST /message - Message exchange endpoint : Tool Registration : Dynamic tool discovery and registration : Dynamic tool discovery and registration Session Management: Stateful sessions with proper lifecycle management Plugin Architecture Observer Pattern: Decoupled UI updates using event listeners Transaction Management: Safe database operations with rollback support Tool Registry: Dynamic tool registration with enable/disable capability Settings Persistence: Configuration saved in Ghidra's settings system Thread Safety: Proper Swing EDT handling for UI operations Development Project Structure src/main/java/ghidrassistmcp/ ├── GhidrAssistMCPPlugin.java # Main plugin class ├── GhidrAssistMCPProvider.java # UI provider with tabs ├── GhidrAssistMCPServer.java # MCP server implementation ├── GhidrAssistMCPBackend.java # Backend tool management ├── McpBackend.java # Backend interface ├── McpTool.java # Tool interface ├── McpEventListener.java # Event notification interface └── tools/ # Tool implementations ├── ProgramInfoTool.java ├── ListFunctionsTool.java ├── DecompileFunctionTool.java ├── AutoCreateStructTool.java └── ... (29 total tools) Adding New Tools Implement McpTool interface: public class MyCustomTool implements McpTool { @ Override public String getName () { return "my_custom_tool" ; } @ Override public String getDescription () { return "Description" ; } @ Override public McpSchema . JsonSchema getInputSchema () { /* ... */ } @ Override public McpSchema . CallToolResult execute ( Map < String , Object > arguments , Program program ) { // Implementation } } Register in backend: // In GhidrAssistMCPBackend constructor registerTool ( new MyCustomTool ()); Build Commands # Clean build gradle clean # Build extension gradle buildExtension # Build with specific Ghidra path gradle -PGHIDRA_INSTALL_DIR=/path/to/ghidra buildExtension # Debug build gradle buildExtension --debug Dependencies MCP SDK : io.modelcontextprotocol.sdk:mcp:0.10.0 : Jetty Server : 11.0.20 (HTTP/SSE transport) : (HTTP/SSE transport) Jackson : 2.17.0 (JSON processing) : (JSON processing) Ghidra API: Bundled with Ghidra installation Logging UI Logging The Log tab provides real-time monitoring: Session Events : Server start/stop, program changes : Server start/stop, program changes Tool Requests : REQ: tool_name {parameters...} : Tool Responses : RES: tool_name {response...} : Error Messages: Failed operations and diagnostics Console Logging Detailed logging in Ghidra's console: Tool registration and initialization MCP server lifecycle events Database transaction operations Error stack traces and debugging information Troubleshooting Common Issues Server Won't Start Check if port 8080 is available Verify Ghidra installation path Examine console logs for errors Tools Not Appearing Ensure plugin is enabled Check Configuration tab for tool status Verify backend initialization in logs MCP Client Connection Issues Confirm server is running (check GhidrAssistMCP window) Test connection: curl http://localhost:8080/sse Check firewall settings Tool Execution Failures Verify program is loaded in Ghidra Check tool parameters are correct Review error messages in Log tab Debug Mode Enable debug logging by adding to Ghidra startup: -Dlog4j.logger.ghidrassistmcp=DEBUG Contributing Fork the repository Create a feature branch: git checkout -b feature-name Make your changes with proper tests Follow code style: Use existing patterns and conventions Submit a pull request with detailed description Code Standards Java 21+ features where appropriate where appropriate Proper exception handling with meaningful messages with meaningful messages Transaction safety for all database operations for all database operations Thread safety for UI operations for UI operations Comprehensive documentation for public APIs License This project is licensed under the MIT License - see the LICENSE file for details. Acknowledgments NSA/Ghidra Team for the excellent reverse engineering platform for the excellent reverse engineering platform Anthropic for the Model Context Protocol specification ** Questions or Issues?** Please open an issue on the project repository for bug reports, feature requests, or questions about usage and development.