# GhydraMCP **AI-native reverse engineering.** Give Claude (or any MCP client) direct access to Ghidra's analysis engine. ``` ┌─────────────────────────────────────────────────────────────────────────────┐ │ "Analyze the authentication bypass in this firmware" │ │ │ │ Claude: I'll decompile the auth functions and trace the validation logic. │ │ │ │ [functions_list grep="auth|login|verify"] │ │ [functions_decompile name="verify_password"] │ │ [xrefs_list to_addr="0x0040156c"] │ │ [analysis_get_dataflow address="0x00401234" direction="backward"] │ │ │ │ Found it. The password check at 0x401580 compares against a hardcoded │ │ hash, but there's a debug backdoor at 0x401590 that bypasses validation │ │ when the username starts with "debug_". Let me show you the call graph... │ └─────────────────────────────────────────────────────────────────────────────┘ ``` [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0) ## What You Get **64 MCP tools** across 12 categories: | Category | Tools | What it does | |----------|-------|--------------| | **Functions** | 11 | Decompile, disassemble, rename, set signatures, list variables | | **Data** | 8 | Create/modify data items, list strings, set types | | **Structs** | 7 | Create structs, add/update fields, manage data types | | **Symbols** | 9 | Create labels, rename symbols, list imports/exports | | **Analysis** | 6 | Call graphs, data flow, cross-references, run analysis | | **Memory** | 2 | Read/write raw bytes | | **Variables** | 4 | List/rename function variables, set types | | **Bookmarks** | 3 | Create/list/delete analysis bookmarks | | **Enums/Typedefs** | 4 | Create enum and typedef data types | | **Namespaces** | 2 | List namespaces and classes | | **Segments** | 1 | List memory segments with permissions | | **Docker** | 7 | Auto-start containers, health checks, session management | **13 analysis prompts** for common RE workflows: - `malware_triage` — Quick capability assessment - `identify_crypto` — Find crypto functions and constants - `find_authentication` — Locate auth, license checks, credentials - `analyze_protocol` — Reverse network/file protocols - `trace_data_flow` — Taint analysis through functions - And 8 more specialized prompts... **11 MCP resources** for quick enumeration without tool calls. --- ## Quick Start ### Option 1: Docker (Easiest) No Ghidra installation needed. Analyze binaries in isolated containers. ```bash # Build the image (once) cd GhydraMCP && docker build -t ghydramcp:latest -f docker/Dockerfile . # Add to your MCP config claude mcp add ghydramcp -- uv run --directory /path/to/GhydraMCP ghydramcp ``` Then in Claude: ``` Analyze /path/to/suspicious.exe ``` Claude will auto-start a container, wait for analysis, and begin work. ### Option 2: Native Ghidra 1. **Install the Ghidra plugin:** - Download latest [release](https://github.com/starsong-consulting/GhydraMCP/releases) - In Ghidra: `File → Install Extensions → +` → select the `.zip` - Restart Ghidra - Enable in `File → Configure → Developer → GhydraMCPPlugin` 2. **Add MCP server:** ```bash claude mcp add ghydramcp -- uv run --directory /path/to/GhydraMCP ghydramcp ``` 3. **Open a binary in Ghidra**, then ask Claude to analyze it. --- ## How It Works ``` ┌──────────────┐ MCP ┌──────────────┐ HTTP ┌──────────────┐ │ Claude │◄────────────►│ GhydraMCP │◄────────────►│ Ghidra │ │ (or other │ stdio │ (Python) │ REST API │ Plugin │ │ MCP client) │ │ │ │ (Java) │ └──────────────┘ └──────────────┘ └──────────────┘ ``` - **Ghidra Plugin**: Exposes Ghidra's analysis via HTTP REST API (HATEOAS) - **GhydraMCP Server**: Translates MCP tool calls to API requests - **Multi-instance**: Analyze multiple binaries simultaneously on different ports - **Session isolation**: Docker containers get unique ports, preventing conflicts --- ## Usage Patterns ### Set Current Instance (Then Forget About Ports) ```python instances_list() # Discover running Ghidra instances instances_use(port=8192) # Set as current functions_list() # No port needed! data_list_strings(grep="password") # Uses current instance ``` ### Docker Workflow ```python # Start container (returns immediately) result = docker_auto_start(binary_path="/path/to/malware.exe") # → {port: 8195, message: "Poll docker_health(port=8195)..."} # Poll until ready while True: health = docker_health(port=8195) if health["healthy"]: break # Can check docker_logs() while waiting # Register and use instances_use(port=8195) functions_list() # Ready to analyze ``` ### Cursor-Based Pagination Large binaries can have 100K+ functions. Use cursors: ```python result = functions_list(page_size=100) # → {items: [...], cursor_id: "abc123", has_more: true} # Get next page cursor_next(cursor_id="abc123") # Or filter server-side functions_list(grep="crypto|encrypt", page_size=50) ``` ### Analysis Prompts Built-in prompts for common workflows: ``` /prompt malware_triage /prompt identify_crypto /prompt find_authentication ``` These guide Claude through systematic analysis with progress reporting. --- ## Configuration ### Environment Variables | Variable | Default | Description | |----------|---------|-------------| | `GHIDRA_HYDRA_HOST` | `localhost` | Ghidra instance host | | `GHIDRA_HYDRA_PORT` | `8192` | Default port | ### MCP Config Examples **Claude Desktop** (`~/Library/Application Support/Claude/claude_desktop_config.json`): ```json { "mcpServers": { "ghydramcp": { "command": "uv", "args": ["run", "--directory", "/path/to/GhydraMCP", "ghydramcp"] } } } ``` **Claude Code**: ```bash claude mcp add ghydramcp -- uv run --directory /path/to/GhydraMCP ghydramcp ``` --- ## Tool Reference ### Instance Management ``` instances_list # Discover Ghidra instances (use this first!) instances_use # Set current working instance instances_current # Show current instance info ``` ### Function Analysis ``` functions_list # List functions (supports grep, pagination) functions_get # Get function details by name or address functions_decompile # Decompile to C pseudocode functions_disassemble # Get assembly instructions functions_rename # Rename a function functions_set_signature # Set function prototype functions_set_comment # Add decompiler comment functions_create # Create function at address functions_variables # List local variables and parameters ``` ### Data Operations ``` data_list # List defined data items data_list_strings # List strings (with grep filtering) data_create # Define data at address data_rename # Rename data item data_set_type # Change data type data_delete # Remove data definition ``` ### Cross-References & Analysis ``` xrefs_list # Find cross-references to/from address analysis_get_callgraph # Generate call graph analysis_get_dataflow # Trace data flow forward/backward analysis_run # Trigger Ghidra auto-analysis ``` ### Structs & Types ``` structs_list # List struct definitions structs_get # Get struct with all fields structs_create # Create new struct structs_add_field # Add field to struct structs_update_field # Modify existing field structs_delete # Remove struct enums_list / enums_create typedefs_list / typedefs_create ``` ### Docker Management ``` docker_auto_start # Start container for binary (auto port allocation) docker_health # Check if container API is responding docker_status # List all containers and images docker_start # Manual container start docker_stop # Stop container (session-scoped) docker_logs # Get container logs docker_cleanup # Remove orphaned containers ``` See `--help` or the [API docs](GHIDRA_HTTP_API.md) for full parameter details. --- ## Building from Source ```bash # Clone git clone https://github.com/starsong-consulting/GhydraMCP cd GhydraMCP # Build Ghidra plugin mvn clean package # → target/GhydraMCP-[version].zip # Build Docker image docker build -t ghydramcp:latest -f docker/Dockerfile . # Run MCP server (for development) uv run ghydramcp ``` --- ## Architecture GhydraMCP is designed for AI agents: - **Lazy registration**: `instances_use` doesn't block — validates on first real call - **Non-blocking I/O**: All Docker/HTTP operations run in thread executors - **Session isolation**: Each MCP session gets unique container ports - **Cursor pagination**: Handle 100K+ item responses without context overflow - **Server-side grep**: Filter results before they hit the wire Based on [GhidraMCP by Laurie Wired](https://github.com/LaurieWired/GhidraMCP/), evolved into a comprehensive RE platform. --- ## License Apache 2.0