ghidra mcp

Local 2025-09-01 00:49:46 0
Developer Tools @Bamimore-Tomi/ghidra_mcp

Enables LLMs to perform binary analysis using Ghidra in headless mode, extracting functions, pseudocode, structs, and enums from binaries for interactive reverse-engineering.

This project lets you use Ghidra in headless mode to extract rich binary analysis data (functions, pseudocode, structs, enums, etc.) into a JSON file, and expose it to LLMs like Claude via Model Context Protocol (MCP).

It turns Ghidra into an interactive reverse-engineering backend.

? Features

  • Decompiles a binary using Ghidra headless mode
  • Extracts:
  • Function pseudocode, names, parameters, variables, strings, comments
  • Data structures (structs), enums, and function definitions
  • Outputs to ghidra_context.json
  • MCP server exposes tools like:
  • list_functions(), get_pseudocode(name)
  • list_structures(), get_structure(name)
  • list_enums(), get_enum(name)
  • list_function_definitions(), get_function_definition(name)

⚙️ System Requirements

  • macOS (tested)
  • Python 3.10+
  • Ghidra 11.3.1+
  • Java 21 (Temurin preferred)
  • MCP client (e.g. Claude Desktop)
  • mcp CLI (install via pip install mcp)

? Installation & Setup

✅ 1. Install Java 21 (REQUIRED by Ghidra 11.3.1)

brew install --cask temurin@21

Then set it:

export JAVA_HOME=$(/usr/libexec/java_home -v 21)
echo 'export JAVA_HOME=$(/usr/libexec/java_home -v 21)' >> ~/.zshrc
source ~/.zshrc

Check it:

java -version

Should say: openjdk version "21.0.x"...

✅ 2. Install Ghidra

Download and extract Ghidra 11.3.1

✅ 3. Set up the project

cd ghidra_mcp
gcc -Wall crackme.c -o crackme

✅ 4. Install the server via MCP CLI

mcp install main.py

This registers the MCP server so Claude or other clients can access it.

✅ 5. Run in dev mode (for testing)

mcp dev main.py

This enables hot reload and developer logs.

?️ Tools Available

Tool Description
setup_context(...) Run Ghidra on a binary
list_functions() All functions
get_pseudocode(name) Decompiled pseudocode
list_structures() All structs
get_structure(name) Details of a struct
list_enums() All enums
get_enum(name) Enum values
list_function_definitions() All function prototypes
get_function_definition() Return type & args

Sample Promot

Analyze the binary file located at using Ghidra installed at . First, set up the analysis context using both paths, then list all functions in the binary. Examine the main entry point function and provide a high-level overview of what the program does.

? Common Issues & Fixes

❌ Ghidra fails with “unsupported Java version”

➡️ Fix: Install Java 21, not 17 or 24:

brew install --cask temurin@21
export JAVA_HOME=$(/usr/libexec/java_home -v 21)

spawn uv ENOENT (Claude Desktop can't find your UV binary)

➡️ Claude can't locate uv by name. To fix:

  1. Run in your terminal:
which uv

Example output:

/Users/yourname/.cargo/bin/uv
  1. Open your Claude Desktop config file:
open ~/Library/Application Support/Claude/claude_desktop_config.json
  1. Update it like so:
{
  "mcpServers": {
    "ghidra": {
      "command": "/Users/yourname/.cargo/bin/uv",
      "args": [
        "--directory",
        "/Users/yourname/Documents/ghidra_mcp",
        "run",
        "main.py"
      ]
    }
  }
}
  1. Restart Claude Desktop. You should now see your custom MCP tools.

The operation couldn’t be completed. Unable to locate a Java Runtime.

➡️ Fix: Java not installed or JAVA_HOME is unset. Follow setup instructions above.

? Project Structure

File Purpose
main.py MCP server with tools
export_context.py Ghidra script that extracts JSON
crackme.c Sample C binary
crackme Compiled binary to test

?‍? Author

Tomi Bamimore
Ghidra by the NSA
MCP by Anthropic